feathers-authentication

feathers-authentication

Add Authentication to your FeathersJS app.

feathers-authentication adds shared PassportJS authentication for Feathers HTTP REST and WebSockets services using JSON Web Tokens.

Installation

npm install feathers-authentication --save

Documentation

Please refer to the Authentication documentation for more details:

• Local Auth Tutorial - How to implement a username and password-based authentication.
• Use Hooks for Authorization - Learn about the bundled hooks.

Complete Example

Here's an example of a Feathers server that uses feathers-authentication for local auth. It includes a users service that uses feathers-mongoose. Note that it does NOT implement any authorization.

import feathers from 'feathers';
import hooks from 'feathers-hooks';
import bodyParser from 'body-parser';
import authentication from 'feathers-authentication';
import { hooks as authHooks } from 'feathers-authentication';
import mongoose from 'mongoose';
import service from 'feathers-mongoose';

const port = 3030;
const Schema = mongoose.Schema;
const UserSchema = new Schema({
  email: {type: String, required: true, unique: true},
  password: {type: String, required: true },
  createdAt: {type: Date, 'default': Date.now},
  updatedAt: {type: Date, 'default': Date.now}
});
let UserModel = mongoose.model('User', UserSchema);

mongoose.Promise = global.Promise;
mongoose.connect('mongodb://localhost:27017/feathers');

let app = feathers()
  .configure(feathers.rest())
  .configure(feathers.socketio())
  .configure(hooks())
  .use(bodyParser.json())
  .use(bodyParser.urlencoded({ extended: true }))
  // Configure feathers-authentication
  .configure(authentication());

app.use('/users', new service('user', {Model: UserModel}))

let userService = app.service('users');
userService.before({
  create: [authHooks.hashPassword('password')]
});

let server = app.listen(port);
server.on('listening', function() {
  console.log(`Feathers application started on localhost:${port}`);
});

Client use

You can use the client in the Browser, in NodeJS and in React Native.

import io from 'socket.io-client';
import feathers from 'feathers/client';
import hooks from 'feathers-hooks';
import socketio from 'feathers-socketio/client';
import localstorage from 'feathers-localstorage';
import authentication from 'feathers-authentication/client';

const socket = io('http://localhost:3030/');
const app = feathers()
  .configure(socketio(socket)) // you could use Primus or REST instead
  .configure(hooks())
  .configure(authentication({ storage: window.localStorage }));

app.authenticate({
  type: 'local',
  'email': 'admin@feathersjs.com',
  'password': 'admin'
}).then(function(result){
  console.log('Authenticated!', result);
}).catch(function(error){
  console.error('Error authenticating!', error);
});

Changelog

0.7.0

• Lock down cookie #132
• can now use default redirect routes with a custom handler #121
• Add middleware tests for successfulLogin
• Add middleware tests for failedLogin
• Prevent emitting auth service events #126
• Add tests to make sure auth service events are not fired
• restrictToOwner now throws an error #128
• restrictToRoles now throws an error #127
• user profile should be updated when using OAuth2 #124
• All hooks should support internal usage passthrough #138
• Clear cookie on logout #122
• de-auth socket on logout #136
• Move to bcryptjs instead of native brcrypt
• Removes ability to authenticate with the cookie that is used to transmit the JWT to the client
• Adds a TON of test coverage

0.6.0

• Fixes for #107, #103, #102, #105, #119
• Adds a bunch of tests (#9, #59)
• All hooks now pull from auth config (#93)
• Added ability to disable local and OAuth2 redirects independently (#89)
• Removed toLowerCase hook. It already lives in feathers-hooks
• Renamed requireAuth hook to restrictToAuthenticated
• Renamed queryWithUserId hook to queryWithCurrentUser
• Renamed setUserId hook to associateCurrentUser
• Renamed restrictToSelf hook to restrictToOwner as it could be used on other resources other than users
• Added a restrictToRoles hook

0.5.0

• Removing app.user and app.token
• Removing dependency on feathers-localstorage
• Abstracting socket connect and disconnect events so developers don't need to do it and the interface is the same between REST and sockets.
• Adding more tests
• Cleaning up the example

0.4.0

• Customize the JWT payload (#78)
• Using feathers-localstorage for storing user and token credentials.
• Adds support for using auth in NodeJS and React Native
• Fixes issue where user was not getting added to response on authentication for databases that use _id as their field name.
• adds better client side error handling

0.3.1

• Fix toLowerCase hook (#74)

0.2.2

• Fix customization of the tokenEndpoint (#57)

0.2.1

• fixing passing custom local options. (#55)

0.2.0

• Migrating existing code to use services
• Standardizing on a hook spec
• Adds support for authenticating with socketio and primus (#32)
• Only signs the JWT with user id (#38)
• Locks down socket authentication (#33)
• Continues the work @marshallswain did on handling expired tokens (#25)
• Adds a bunch more tests.
• Adds support for OAuth2 (#43)
• Adds a client side component for easy authentication with Feathers (#44)
• Adds preliminary support for graceful fallback to cookies for JWT (#45)
• Adds an example project showing all the different ways you can authenticate

0.1.0

• Adding local authentication
• Adding bundled hooks

0.0.5

• Initial release

License

Copyright (c) 2015

Licensed under the MIT license.

Changelog

v0.7.8 (2016-06-09)

Full Changelog

Closed issues:

• Feathers-authentication assumptions #220
• Server-side header option does not accept capital letters #218
• How to figure out why redirect to /auth/failure? #217
• Getting token via REST is not documented #216
• How to use Feathers Client to Authenticate Facebook/Instagram credentials #204
• Remove token from localstorage #203
• Check user password #193
• app.authenticate(): Warning: a promise was rejected with a non-error: [object Object] #191
• Authentication provider for Facebook Account Kit #189

Merged pull requests:

• Lowercase custom header #219 (mmwtsn)
• mocha@2.5.0 breaks build 🚨 #212 (greenkeeperio-bot)
• Small refactoring to simplify structure and remove code duplication #209 (daffl)
• Use removeItem in the storage on logout #208 (daffl)
• Misspelled in a comment #201 (tryy3)
• Update babel-plugin-add-module-exports to version 0.2.0 🚀 #199 (greenkeeperio-bot)