Skip to content
This repository was archived by the owner on Mar 22, 2022. It is now read-only.

No Auth token on authentication resource #488

Closed
waldemarnt opened this issue Apr 21, 2017 · 4 comments
Closed

No Auth token on authentication resource #488

waldemarnt opened this issue Apr 21, 2017 · 4 comments

Comments

@waldemarnt
Copy link

I just generated the JWT authentication strategy via CLI and when I try to authenticate with the following request:

curl -X POST \
  http://localhost:3030/authentication \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -d '{
"email": "waldemarnt@gmail.com",
"password": "password"
}'

The answer is:

{
  "name": "NotAuthenticated",
  "message": "No auth token",
  "code": 401,
  "className": "not-authenticated",
  "data": {},
  "errors": {}
}

And the debug log says:

Fri, 21 Apr 2017 21:28:49 GMT feathers-authentication:passport:authenticate Authentication strategy 'jwt' failed Error: No auth token
    at JwtStrategy.authenticate (/home/app/tagger/node_modules/passport-jwt/lib/strategy.js:87:26)
    at /home/app/tagger/node_modules/feathers-authentication/lib/passport/authenticate.js:131:18
    at /home/app/tagger/node_modules/feathers-authentication/lib/passport/authenticate.js:38:14
    at Object.<anonymous> (/home/app/tagger/node_modules/feathers-authentication/lib/hooks/authenticate.js:80:55)
    at process._tickCallback (internal/process/next_tick.js:103:7) undefined

This is my actual configuration

Fri, 21 Apr 2017 21:28:49 GMT feathers-authentication:hooks:authenticate Attempting to authenticate using jwt strategy with options { name: 'jwt',
  bodyKey: 'accessToken',
  secret: 'a big secret',
  header: 'Authorization',
  entity: 'user',
  service: 'users',
  passReqToCallback: true,
  session: false,
  jwt: 
   { header: { typ: 'access', type: 'access' },
     audience: 'localhost:3030',
     subject: 'anonymous',
     issuer: 'feathers',
     algorithm: 'HS256',
     expiresIn: '1d' } }

Have someone else faced this issue? Seems that the /authentication route is under protection.
@waldemarnt
Copy link
Author

Fixed, I had to comment this line:

app.service('authentication').hooks({
  before: {
    create: [
      // You can chain multiple strategies
      auth.hooks.authenticate(['jwt', 'local']),
    ],
    remove: [
      auth.hooks.authenticate('jwt')
    ]
  }
});

I don't understand why this was generated :)

@marshallswain
Copy link
Member

@waldemarnt that was not a fix. You need to leave that line in place or you basically enable anonymous authentication. We have an open issue to remove the implicit anonymous auth. You've generated a token with no user attached. The real solution would be to make sure you pass a strategy in the payload, as mentioned in the API docs.

@waldemarnt
Copy link
Author

@marshallswain thank you, I trying to figure out how those strategies work, I couldn't found on the documentation :(

@marshallswain
Copy link
Member

marshallswain commented Apr 24, 2017
edited
Loading

https://docs.feathersjs.com/api/authentication/server.html#the-authentication-service

https://docs.feathersjs.com/api/authentication/server.html#the-authenticate-hook <-- Just added

https://docs.feathersjs.com/api/authentication/client.html#additional-feathersclient-methods

https://github.com/feathersjs/feathers-authentication/blob/master/docs/migrating.md#setting-up-authentication-on-the-client

https://docs.feathersjs.com/guides/chat/authentication.html#getting-a-token

Where else do you think it should go?

# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marshallswain @waldemarnt