Closed daffl closed 6 years ago
@daffl I am looking for a place to add middleware to the oAuth callback but I don't see one exposed in feathers-authentication-oauth2, could you help point me in the right direction? I'm working on setting up this flow. Checking for a feathers-jwt cookie and adding in req.user like you said seems to be the right call.
I found this gist which (from the title) I thought was trying to solve this problem: https://gist.github.com/josepaiva94/ee7d4b8d659500aeb5846142e25bd411#file-verifier-js
But it just checks for the e-mails being the same (which works for accounts with identical e-mails, but that's not the ideal solution here).
Edit: It looks like express.authorize()
http://passportjs.org/docs/authorize in passport.js is designed to do this. Would a better solution be to add a similar authorize()
function in feathers-authentication? And then feathers-authentication-oauth2 could have an option to use authorize()
instead ofauthenticate()
somewhere near https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/index.js#L70 ?
@daffl Is this issue still valid?
Definitely. https://github.com/feathersjs/authentication-jwt/pull/55 should actually also solve most of this as well (since the code paths are already there) but we'll have to double check.
With cookies enabled and the existing JWT set as feathers-jwt
in the cookie, account linking is now possible with @feathersjs/authentication-jwt@^2.0.0
and @feathersjs/authentication-oauth@^1.2.0
.
There is a code path for it in https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/verifier.js#L85 and https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/verifier.js#L90 and one way to add
req.user
would be to enable Cookies and add a theexpress.authenticate()
middleware to the oAuth callback but I have not tried it yet.