How to make a user automatically logined on server side?

[flight9]

I'm using authentication and socket.io on server side.
(strategies are 'jwt' and 'local'.)

My requirement:

In wechat auth process, after I got a openid on server which represents the current user, and I query db to find this user object by his openid, then How can I authenticate him on server side without knowing his original password or any other credentials(like jwt).

It's easy for us to use session on Express to do that:

req.session.user = theUser; // theUser object is queried from db by openid

But on feathers-authentication, no API seems to support that, how to do it?

[daffl]

This is explained in the testing guide. Just pass the user object in the service call params:

    // Create a new user we can use for testing
    const user = await app.service('users').create({
      email: 'messagetest@example.com',
      password: 'supersecret'
    });

    // The messages service call params (with the user we just created)
    const params = { user };
    const message = await app.service('messages').create({
      text: 'a test',
      additional: 'should be removed'
    }, params);

[flight9]

@daffl Sorry, I don't get the point. Maybe I did not say it clearly, it's not for test purpose.

Why do I need to login the user for himself on server? Because in wechat auth process, if I got the user's openid on server side, I can rationally believe that it is the user himself (not anyone else). And user perfers our server to do the login work automatically for him rather than enter username/password everytime he opens our wechat page.

My requirement is to make that user really logined(without knowing his password) on server side and generate a jwt back to client just like he login from the client by himself.

Hope the above make it more clearly.

[daffl]

If you are using Wechat oAuth2, Feathers oAuth2 authentication will do this automatically.

You can also create your own tokens on the server using the authentication service. A default Feathers JWT contains a userId property with the id of the user. On the server:

const { accessToken } = await app.service('authentication').create({}, {
  payload: { userId: '<my user id>' }
});

[flight9]

@daffl yes, originally I want to do wechat oauth with 'Feathers oAuth2 authentication', but it seems Passport.js hasn't supported a strategy for wechat. So have to do it myself.

Thank you for the code to generate accessToken, then how can I send back the accessToken to let authentication-client save it and carry it in the following request just like a user logins in from the client?

Currently I use a service to send accessToken back in a client find() response and then use

app.authenticate({strategy: 'jwt', accessToken: <my token>}) 

to re-authenticate from client.

Although it works, I don't think my idea is a regular way to do that. Could you give me further suggestions?

[daffl]

What's wrong with https://github.com/liangyali/passport-wechat?

[flight9]

@daffl Thanks for the url, I should learn more about that.

[daffl]

Sounds good. Going to close this then since it probably makes sense to use one of the existing strategies instead of trying to put it together yourself.

[flight9]

@daffl

What's wrong with https://github.com/liangyali/passport-wechat?

I found a problem about configuation.
In https://github.com/liangyali/passport-wechat, it uses 'appID' and 'appSecret' as below:

passport.use(new WechatStrategy({
        appID: {APPID},
        name:{默认为wechat,可以设置组件的名字}
        appSecret: {APPSECRET},
        client:{wechat|web},
        callbackURL: {CALLBACKURL},
        scope: {snsapi_userinfo|snsapi_base},
        state:{STATE},
        getToken: {getToken},
        saveToken: {saveToken}
      },
      function(accessToken, refreshToken, profile,expires_in, done) {
        return done(err,profile);
      }
));

But in @feathersjs/authentication-oauth2, it uses 'clientID' and 'clientSecret':

app.configure(oauth2({
  name: 'facebook',
  Strategy: FacebookStrategy,
  clientID: '<your client id>',
  clientSecret: '<your client secret>',
  scope: ['public_profile', 'email']
}));

This may cause an error when you try to use authentication-oauth2 to initialize wechat strategy.