search

feathersjs / feathers

The API and real-time application framework
https://feathersjs.com
MIT License
15.06k stars 752 forks source link

Missing userId in authentication payload, user empty #1526

Closed adrianofoschi closed 5 years ago

adrianofoschi commented 5 years ago

Steps to reproduce

I've setup a new feathers app with authentication feature. The frontend is a vuejs app with feathes-vuex.

authentication.js

const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
//const { expressOauth } = require('@feathersjs/authentication-oauth');

module.exports = app => {
  const authentication = new AuthenticationService(app);

  authentication.register('jwt', new JWTStrategy());
  authentication.register('local', new LocalStrategy());

  app.use('/authentication', authentication);
  //app.configure(expressOauth());
};

default.json

"authentication": {
    "entity": "user",
    "service": "users",
    "secret": "/N26mG0oaVOca9jOaDMWQRD+714=",
    "authStrategies": [
      "jwt",
      "local"
    ],
    "jwtOptions": {
      "header": {
        "typ": "access"
      },
      "audience": "https://yourdomain.com",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "usernameField": "username",
      "passwordField": "password"
    }
  },

then I have registered a user with adriano / secret.

I'm using feathers-vuex for authentication

store.dispatch('auth/authenticate', {
    username: "adriano",
    password: "secret",
    strategy: "local"
});

the user is logged on client SUCCESSFULLY but the auth.user is null.

I tried to login again using the localstorage-stored jwt but the result is the same.

store.dispatch('auth/authenticate'); //strategy is jwt by default

I checked the payload and it is missing userId property. It worked in my previous project with feathers 3.x.

Expected behavior

JWT payload should contain userId property and auth.user should be populated.

Actual behavior

JWT payload does not contain userId and auth.user is null.

System configuration

I've setup a new feathers app with generate commands including:

Client-side I'm using vuejs with feathers-vuex.

Module versions (especially the part that's not working): Server-side libs:

Client-side libs:

NodeJS version: v11.15.0

Operating System: Linux 5.2.6

Browser Version: Chrome 75.0.3770.100

daffl commented 5 years ago

In this new version the user id is in the subject (which is really where it belonged). For it to work you will have to update the client side libraries to version 4.3.0 or later as well. If you need backwards compatible authentication see the migration guide.

dobeerman commented 5 years ago

Hi @daffl

I've updated both server and client, but I got the same peorblem.

server package.json

    ...
    "@feathersjs/authentication": "^4.3.0",
    "@feathersjs/authentication-local": "^4.3.0",
    "@feathersjs/authentication-oauth": "^4.3.0",
    "@feathersjs/configuration": "^4.3.0",
    "@feathersjs/errors": "^4.3.0",
    "@feathersjs/express": "^4.3.0",
    "@feathersjs/feathers": "^4.3.0",
    "@feathersjs/socketio": "^4.3.0",
    ...

client package.json

    ...
    "@feathersjs/authentication-client": "^4.3.0",
    "@feathersjs/feathers": "^4.3.0",
    "@feathersjs/socketio-client": "^4.3.0",
    ...
    "feathers-vuex": "^1.7.0",

Any ideas? ;)

kamaleshsivaraj commented 4 years ago

Hi @daffl @marshallswain same problem in feathersjs package.json

dependencies": {
    "@feathersjs/authentication": "^4.3.11",
    "@feathersjs/authentication-jwt": "^2.0.10",
    "@feathersjs/authentication-local": "^4.3.11",
    "@feathersjs/authentication-oauth": "^4.3.11",
    "@feathersjs/configuration": "^4.3.11",
    "@feathersjs/errors": "^4.3.11",
    "@feathersjs/express": "^4.3.11",

feathersvuex client side package.json

 "@feathersjs/authentication-client": "^4.4.3",
    "@feathersjs/errors": "^4.4.3",
    "@feathersjs/feathers": "^4.4.3",
    "@feathersjs/socketio-client": "^4.4.3",

i have noticed every version released the userId is missing in payload please solve the issue @daffl