search

feathersjs-ecosystem / authentication-local

[MOVED] Local authentication plugin for feathers-authentication
https://github.com/feathersjs/feathers
MIT License
26 stars 15 forks source link

Couldn't store jwt token in cookies #17

Closed tention closed 7 years ago

tention commented 7 years ago

Steps to reproduce

Setup a new project with feathers-authentication-local and feathers-authentication-oauth2 with the latest pre release. Create a simple page using feathers-authentication-client to authenticate.

Simulate the process of login through facebook through http://localhost:3030/auth/facebook. Once logged in a cookies was created with the jwt token but not localStorage. Tried the same with local, a jwt token was created in localStorage but not cookies. This is OK for localSotrage as it is stored through my React code.

Cookies was enabled in default.json.

"cookie": { "enabled": true, "name": "feathers-jwt", "httpOnly": false, "secure": false, "domain": "localhost" //replace with your actual domain or IP address }

Expected behavior

Cookies should be created for both local and facebook

Actual behavior

Enabled debug mode, these was observed when logging through local. However the cookies is not found within developer tools (FF and Chrome).

feathers-authentication:middleware:set-cookie Running setCookie middleware with options: { enabled: true, name: 'feathers-jwt', httpOnly: false, secure: false, domain: 'localhost' } +1ms feathers-authentication:middleware:set-cookie Clearing old 'feathers-jwt' cookie +0ms feathers-authentication:middleware:set-cookie Setting 'feathers-jwt' cookie with options { httpOnly: false, secure: false, domain: 'localhost', expires: 2017-04-18T02:40:29.411Z } +1ms feathers-authentication:express:expose-headers Exposing Express headers to hooks and services +40ms feathers-authentication:express:expose-cookies Exposing Express cookies to hooks and services undefined +0ms

Enabled debug mode, these was observed when logging through oauth2. Cookies created within developer tools (FF and Chrome).

feathers-authentication:middleware:set-cookie Running setCookie middleware with options: { enabled: true, name: 'feathers-jwt', httpOnly: false, secure: false, domain: 'localhost' } +1ms feathers-authentication:middleware:set-cookie Clearing old 'feathers-jwt' cookie +0ms feathers-authentication:middleware:set-cookie Setting 'feathers-jwt' cookie with options { httpOnly: false, secure: false, domain: 'localhost', expires: 2017-04-18T02:41:35.079Z } +0ms

System configuration

Tell us about the applicable parts of your setup.

Module versions (especially the part that's not working): "feathers-authentication": "^1.2.2", "feathers-authentication-hooks": "^0.1.2", "feathers-authentication-jwt": "^0.3.1", "feathers-authentication-local": "^0.3.4", "feathers-authentication-oauth2": "^0.2.4", "feathers-authentication-client": "^0.3.1",

NodeJS version: v6.9.5

Operating System: MacOS

Browser Version: FF 45

PavelPolyakov commented 7 years ago

Hi,

Today started to play with authentication in feathers, and also experience that the feathers-jwt is not set.

Created another issue with the full reproduction: https://github.com/feathersjs/feathers-authentication/issues/514

Regards,

ekryski commented 7 years ago

This is a duplicate of feathersjs/feathers-authentication#514. Closing because this one because the other is in the right spot and has way more context. 😄

thngdude commented 6 years ago

I am seeing the exact same issue as described by @tention. Cookie is set for facebook auth, but not for local. I've set my client storage to localstorage.

Here are my server dependencies:

`"@feathersjs/authentication": "^2.1.3",

"@feathersjs/authentication-jwt": "^2.0.0",

"@feathersjs/authentication-local": "^1.1.1",

"@feathersjs/authentication-oauth2": "^1.0.3",

"@feathersjs/configuration": "^1.0.2",

"@feathersjs/errors": "^3.3.0",

"@feathersjs/express": "^1.2.1",

"@feathersjs/feathers": "^3.1.4",

"@feathersjs/socketio": "^3.2.0",`

Cookie config: `"cookie": {

  "enabled": true,

  "name": "feathers-jwt",

  "httpOnly": true,

  "secure": false

}`
daffl commented 6 years ago

Local authentication does not have to store the token in a cookie. If you want the token in it you will have to set it manually or follow this guide.

thngdude commented 6 years ago

Please correct me if I'm wrong: The guide you linked shows how to parse the cookie on incoming requests to the server, so that's assuming the cookie is already set.

Would appreciate if you could clarify further, as to which of the following is correct (or both wrong):

1) By setting "cookie.enabled": true, the cookie (with jwt) should be set after any type of authentication on the server (OAuth or local).

2) It is expected that by setting "cookie.enabled": true only sets cookies following OAuth and if we want the cookie set after local auth, we need to set the cookie ourselves.

daffl commented 6 years ago

Feathers does not use and never reads the cookie (on the server). The only reason why it is there so that after an oAuth login we can read it on the client and set it in localStorage. Besides that there is no reason to use cookies with Feathers.

If you need to authenticate manually you either set the JWT in the Authorization for REST calls or register it with the authenticate event on a socket connection.

The guide just shows how to set and read the cookie with local server rendered authentication.