Auth0 & featherjs authorization only

[thebarndog]

I'm trying out Auth0 to simplifying my authentication process and because they support a ton of different identity providers. So far it's been relatively simple and I was able to generate a jwt token via Auth0 which I then want to use to provide authorization on my server component. I really like this approach because it separates out the process of authentication and the process of getting data from the server. However, when using a verifyToken hook, it fails with an invalid signature error, despite having the correct base64 encoded shared secret, where I can verify the signature on http://jwt.io.

Is there any way to only provide authorization on a feathers server? That is to say, if I've already received a token via auth0, how can I just use that token? It should be as simple as setting the Authorization header but as I mentioned, the verifyToken hook fails despite having a valid secret. Interestingly enough, when I dived into the source for that hook and replaced jwt.verify(token, secret, options) with jwt.verify(token, new Buffer(secret, 'base64'), options), verification worked exactly as I expected.

I'm hesitant to move away from auth0 for a couple of reasons. One, authentication and networking are now two separate entities inside my application. Two, auth0 supports a bucketload of social providers like twitter, which feathers doesn't yet. But if I can't get authorization working, then I don't seem to have a choice. Has anyone had any experience integrating the two services?

[alvin]

Hi @startupthekid,

Auth0 works well for me with Feathers. Have you reviewed https://github.com/feathersjs/feathers-demos/tree/master/examples/authentication/auth0?

[thebarndog]

Hey @alvin, indeed I have. Is that the recommended way to support Auth0 authentication in a feathers application?

[alvin]

... as far as I know, yeah. Auth0 works with Feathers like other oauth2 providers. Are you trying to avoid a users table in your local database?

[thebarndog]

Not really, really I'm just trying to keep authentication and my api in separate places. The other big thing for me was twitter authentication which I know is coming in 2.0 but I didn't have time to wait.

[ekryski]

@startupthekid I put together that example a while back but yeah Auth0 is a pretty simple integration if you just follow that repo.

[thebarndog]

@ekryski Thanks, sounds great! 👍

[kristianmandrup]

Auth0 demo was moved or is deprecated?!

[marshallswain]

@kristianmandrup it was outdated. We need a new one.

[1beb]

I'm also looking for an auth0 demo. Could you share the code for the old one?

[kristianmandrup]

I have demo at gc-auth on my GitHub account

[1beb]

@kristianmandrup I couldn't seem to find a repo with that name on your github account page.

[marshallswain]

I've recently updated the Feathers generator with an option for Auth0 OAuth. If you follow the Basic OAuth Guide, replacing GitHub with Auth0, you should be able to get it to work. Ask whatever questions you may have, of course.

npm install -g feathers-cli@latest
feathers generate app
feathers generate authentication

[pmesgari]

Hi @marshallswain I have created a boiler plate https://github.com/pmesgari/vv0-boilerplate for Vue-Vuetify-Vuex and Auth0 hosted login page https://auth0.com/docs/hosted-pages/#. I like to use feathers to setup an API since it really works like a charm (the server will be an independent app and not mixed with the boilerplate). I know feathersjs provides a service to create a user and retrieve a token for it, but it requires two pieces of info, a username and password. But I am confused how to use this service with the hosted login page, since basically there is no info on the password of the user.

I would really appreciate some direction and insight on how I can achieve this.
Thanks!

[kristianmandrup]

please see here: feathersjs-ecosystem/authentication-jwt#23 (comment)