Allow to add multiple oAuth providers to a user

[daffl]

There is a code path for it in https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/verifier.js#L85 and https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/verifier.js#L90 and one way to add req.user would be to enable Cookies and add a the express.authenticate() middleware to the oAuth callback but I have not tried it yet.

[ekryski]

Related to https://github.com/feathersjs/feathers-authentication/issues/402

[jasondonnette]

@daffl I am looking for a place to add middleware to the oAuth callback but I don't see one exposed in feathers-authentication-oauth2, could you help point me in the right direction? I'm working on setting up this flow. Checking for a feathers-jwt cookie and adding in req.user like you said seems to be the right call.

I found this gist which (from the title) I thought was trying to solve this problem: https://gist.github.com/josepaiva94/ee7d4b8d659500aeb5846142e25bd411#file-verifier-js

But it just checks for the e-mails being the same (which works for accounts with identical e-mails, but that's not the ideal solution here).

Edit: It looks like express.authorize() http://passportjs.org/docs/authorize in passport.js is designed to do this. Would a better solution be to add a similar authorize() function in feathers-authentication? And then feathers-authentication-oauth2 could have an option to use authorize() instead ofauthenticate() somewhere near https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/index.js#L70 ?

[TimNZ]

@daffl Is this issue still valid?

[daffl]

Definitely. https://github.com/feathersjs/authentication-jwt/pull/55 should actually also solve most of this as well (since the code paths are already there) but we'll have to double check.

[daffl]

With cookies enabled and the existing JWT set as feathers-jwt in the cookie, account linking is now possible with @feathersjs/authentication-jwt@^2.0.0 and @feathersjs/authentication-oauth@^1.2.0.