search

feathersjs / feathers

The API and real-time application framework
https://feathersjs.com
MIT License
14.97k stars 744 forks source link

Broken authentication #3276

Closed jpoles1 closed 9 months ago

jpoles1 commented 9 months ago

Steps to reproduce

Logging in using Google Oauth as per: https://feathersjs.com/cookbook/authentication/google.html

Was previously working fine (for ~1 year), but went back and made some changes to the code, rebuilt the project and now this bug is coming up.

Login intermittently fails with cryptic error: "Right hand side of instanceof is not an object". Had to jump into debugger to find the root of the issue.

Appears to result from an undefined value being passed as params.secret to createAccessToken under the create function in @feathersjs/authentication/lib/service.js (line 93).

I have been unable to trace the error any further. I think my config is setup correctly (note: * used to omit sensitive info):

{
  "host": "localhost",
  "port": 5000,
  "public": "../*/dist",
  "apiPath": "/api",
  "paginate": {
    "default": 250,
    "max": 5000
  },
  "authentication": {
    "entity": "user",
    "service": "users",
    "secret": "srK8eAnUbb9vtVAji/abZCCAfmI=",
    "authStrategies": [
      "jwt",
      "local",
      "google"
    ],
    "jwtOptions": {
      "header": {
        "typ": "access"
      },
      "audience": "https://*.app",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "42d"
    },
    "local": {
      "usernameField": "email",
      "passwordField": "password"
    },
    "oauth": {
      "redirect": "http://localhost:8080/login?",
      "google": {
        "key": "*",
        "secret": "*",
        "scope": [
          "email",
          "profile",
          "openid"
        ],
        "nonce": true
      }
    }
  },
  "mongodb": "mongodb://localhost:27017/*"
}

Expected behavior

Should allow me to login.

Actual behavior

Fails to login using Google Oauth. Gives error "Right hand side of instanceof is not an object"

Unclear why. Previously occuring only sporadic on both my local and production server. Then became permanent on my prod server rendering me unable to login, then on my dev server too. Not sure but suspect this may have come from updated feathers dependencies?

System configuration

Tell us about the applicable parts of your setup.

Module versions (especially the part that's not working):

NodeJS version:

Operating System:

Browser Version:

React Native Version:

Module Loader:

jpoles1 commented 9 months ago

Brute force, but I seem to have fixed it by downgrading to feathers 4.5.11:

    "@feathersjs/authentication": "4.5.11",
    "@feathersjs/authentication-local": "4.5.11",
    "@feathersjs/authentication-oauth": "4.5.11",
    "@feathersjs/configuration": "4.5.11",
    "@feathersjs/errors": "4.5.11",
    "@feathersjs/express": "4.5.11",
    "@feathersjs/feathers": "4.5.11",
    "@feathersjs/socketio": "4.5.11",
    "@feathersjs/transport-commons": "4.5.11",