Authentication without password

[gonzalomass-bu]

I have look for a way to authenticate a user (server side) with no need to pass the password. Any clue for the correct approach. I'm thinking that it will be nice to implement the function on a hook that can be trigger by a "SuperAdmin".

The task that i'm trying to tackle is an authentication that comes from an iOS app that uses Facebook Account Kit, so i'll be receiving a token that is unique to each user. I'll have to check if there is a user with that token on my database, if it exists then i have to logged him in and send back the local authentication token.

[gonzalomass-bu]

Found a way to create a local token and send it back in the hook.result.

    // Create a new token
    var tokenData = hook.app.services['auth/token']
                    .create({"_id": id, "email": email})
                    .then(function(values){
                      return values;
                    });

    hook.result = tokenData;

Any thoughts?

[ekryski]

Better support is coming for this in 0.8.0

[ekryski]

This is now possible with auth v1.x. You can either implement your own passport strategy (or find an existing one) or you can simply create a custom verifier for feathers-authentication-local to not lookup the password.

[PavelPolyakov]

@ekryski
hi, right now it's not possible to authenticate without the password, as passport-local is looking for the password:
https://github.com/jaredhanson/passport-local/blob/master/lib/strategy.js#L75

The dirty solution would be to use the default password everywhere, but it doesn't required to use custom verifier.

any thoughts on this?

Regards,

update
update, for me the solution was to create another hook, which casts password from the username.

like this users.hooks.js:

create: [
            /**
             * Add default password
             * @param hook
             */
            function(hook) {
                hook.data.password = hook.data.username;
            },
            local.hooks.hashPassword({ passwordField: 'password' })
        ]

[marshallswain]

If I understand what you're trying to do, you can probably just set hook.data.password in a before-hook on the authentication service.

[marshallswain]

Looks like you got it figured out. ;)

[rhythnic]

https://github.com/rhythnic/feathers-passwordless-auth-example

[REPTILEHAUS]

Is it possible to authenticate without an email address ?

[marshallswain]

@REPTILEHAUS you can authenticate however you'd like if you use https://www.google.com/search?q=feathers-authentication-custom&oq=feathers-authentication-custom&aqs=chrome..69i57j69i60l3.3603j0j1&sourceid=chrome&ie=UTF-8

[REPTILEHAUS]

Still trying to work through the feathers documentation... basically i want to create a jwt once a function in a service has been executed correctly, its not the standard conventional login i.e the user will always be authenticated so long as this function returns true... What is the best way to tackle this situation.

[marshallswain]

@REPTILEHAUS either the package that I sent you, or this one with a Custom Verifier. If you're not using email/password style login, the other one probably will better suit you.

[REPTILEHAUS]

Cool, Ill start looking into the one you sent. Cheers