BadRequest: insert into users (google, googleId) values ({"profile":{"id":"112530535560973408540","displayName":"Duy Bui","name":{"familyName":"Bui","givenName":"Duy"},"emails":[{"value":"[email protected]","type":"account"}],"photos":[{"value":"https://lh4.googleusercontent.com/-btDj0gKXq5M/AAAAAAAAAAI/AAAAAAAAACA/AD8zX4kVBpg/photo.jpg?sz=50"}],"provider":"google","_raw":"{\n "kind": "plus#person",\n "etag": "\"RKS4-q7QGL10FxltAebpjqjKQR0/phfzBas9_c1ddpX_v6X7PGSbLS4\"",\n "emails": [\n {\n "value": "[email protected]",\n "type": "account"\n }\n ],\n "objectType": "person",\n "id": "112530535560973408540",\n "displayName": "Duy Bui",\n "name": {\n "familyName": "Bui",\n "givenName": "Duy"\n },\n "image": {\n "url": "https://lh4.googleusercontent.com/-btDj0gKXq5M/AAAAAAAAAAI/AAAAAAAAACA/AD8zX4kVBpg/photo.jpg?sz=50\",\n "isDefault": false\n },\n "isPlusUser": false,\n "language": "en",\n "verified": false,\n "domain": "maplestudio.vn"\n}\n","_json":{"kind":"plus#person","etag":""RKS4-q7QGL10FxltAebpjqjKQR0/phfzBas9_c1ddpX_v6X7PGSbLS4"","emails":[{"value":"[email protected]","type":"account"}],"objectType":"person","id":"112530535560973408540","displayName":"Duy Bui","name":{"familyName":"Bui","givenName":"Duy"},"image":{"url":"https://lh4.googleusercontent.com/-btDj0gKXq5M/AAAAAAAAAAI/AAAAAAAAACA/AD8zX4kVBpg/photo.jpg?sz=50","isDefault":false},"isPlusUser":false,"language":"en","verified":false,"domain":"maplestudio.vn"}},"accessToken":"hidden"}, '112530535560973408540') - Column count doesn't match value count at row 1

hey

how to set company proxy for all feathers authnetication external call
Example :
when i call /auth/<provider> to logIn, how set proxy in feathers app, when this excute process call provider
thx
sorry for my english

I get Internal server error after I auth with Google authentication

System configuration

Tell us about the applicable parts of your setup.

Module versions
"feathers-authentication-oauth2": "^0.3.2",
"passport-google-oauth20": "^1.0.0"
NodeJS version:
8.9.จ

Operating System:
MacOS high siera

Add a Google OAuth strategy to a new app
Add settings for the "google" strategy with:

            "accessType": "offline",
            "includeGrantedScopes": true,

Attempt to authenticate from client.
You get no refreshToken in the response from Google.

Additional details available in this slack: https://feathersjs.slack.com/archives/C0UPU81CH/p1505701705000073

Basically, the oauth2 options are not being sent to the Google auth URL https://github.com/feathersjs/feathers-authentication-oauth2/blob/c6ed05d2f704f8995805dfd343311c3fca8aabae/src/index.js#L70
(Transpiled:
app.get(oauth2Settings.path, _feathersAuthentication2.default.express.authenticate(name));
)

Should instead be:
app.get(oauth2Settings.path, auth.express.authenticate(name, oauth2Settings));
(Transpiled:
app.get(oauth2Settings.path, _feathersAuthentication2.default.express.authenticate(name, oauth2Settings));
)

Steps to reproduce

• Create an app with the new feathers-cli
• Generate authentication and select Google as auth provider
• Set clientID and clientSecret in `config/default.json``
• Run the app go to http://localhost:3030/auth/google
• You will get something like this:

400. That’s an error.

Error: invalid_request

Missing required parameter: scope

This might be necessary for other OAuth providers as well, didn't test the others.

Expected behavior

The generator adds a default scope to default.json.

Actual behavior

The scope is missing.

System configuration

Tell us about the applicable parts of your setup.

Module versions (especially the part that's not working):

"body-parser": "^1.17.1",
"compression": "^1.6.2",
"cors": "^2.8.3",
"eslint": "^3.19.0",
"feathers": "^2.1.1",
"feathers-authentication": "^1.2.1",
"feathers-authentication-hooks": "^0.1.0",
"feathers-authentication-jwt": "^0.3.1",
"feathers-authentication-oauth2": "^0.2.4",
"feathers-configuration": "^0.4.1",
"feathers-errors": "^2.6.3",
"feathers-hooks": "^1.8.1",
"feathers-hooks-common": "^3.0.0",
"feathers-mongodb": "^2.8.0",
"feathers-rest": "^1.7.2",
"feathers-socketio": "^1.5.2",
"helmet": "^3.5.0",
"mocha": "^3.2.0",
"mongodb": "^2.2.25",
"passport-google-oauth20": "^1.0.0",
"request": "^2.81.0",
"request-promise": "^4.2.0",
"serve-favicon": "^2.4.2",
"winston": "^2.3.1"

NodeJS version: v7.7.4

Operating System: macOS Sierra

Browser Version: Chrome 57

I log in with Google user. in the first time I got a normal message. in the second time I got error message that cannot login

I got this error after I try to login with a Google user

NodeJS version:
"feathers": "^2.2.3",
"feathers-authentication": "^1.3.1",
"feathers-authentication-hooks": "^0.1.5",
"feathers-authentication-jwt": "^0.3.2",
"feathers-authentication-local": "^0.4.4",
"feathers-authentication-oauth2": "^0.3.2",
"feathers-configuration": "^0.4.2",
"feathers-errors": "^2.9.2",
"feathers-hooks": "^2.1.2",
"feathers-hooks-common": "^3.10.0",
"feathers-mongoose": "^5.1.2",
"feathers-rest": "^1.8.1",
"feathers-socketio": "^2.0.1",
"feathers-sync": "^0.1.4",
"helmet": "^3.9.0",
"mongoose": "^4.13.4",
"nodemailer": "^4.4.0",
"passport-google-oauth": "^1.0.0",
"passport-google-oauth2": "^0.1.6",
"passport-google-oauth20": "^1.0.0",
"serve-favicon": "^2.4.5",
"uuid": "^3.1.0",
"winston": "^2.4.0"

If the feathers app is mounted as a subapp or behind a reverse proxy, the path for the callback handler does not match the path component of the callback URL sent with the oauth redirect.

However, the callback path is currently parsed from the callback URL and cannot be overridden: https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/index.js#L68

For example, if we mount the feathers subapp at api/v1:
const app = express().use('/api/v1', subapp)

And then configure the facebook oauth2 service:
callbackURL: 'http://localhost:3001/api/v1/auth/facebook/callback'

This will register the callback handler at /api/v1/auth/facebook/callback within the subapp, resulting an an actual callback endpoint of /api/v1/api/v1/auth/facebook/callback.

To support this case, the callback path needs to be decoupled from the callback URL (since feathers might not always be aware of the overall server architecture).

I am using feathers server and I want to implement Oauth2 authentification with facebook or github strategy or whatever. But I also would like to use with graphql

But I dont know how to implement with graphql. It works with your example as a API if I send GET request on callback url it works correctly I get token but I'd like do this with graphql as for example in LOCAL or LDAP strategy

authentication.configure(hooks())
        .configure(rest(base).superagent(superagent))
        .configure(auth({ storage: localStorage }));


RootMutation: {
    signInLocal(root, {email, password}, context){
        return authentication.authenticate({
            strategy: 'local',
            email: email,
            password: password
        }, context).then(data=>{
            // console.log(data)
            return data
        })
    },
    signInLdap(root, {username, password}, context){
        return authentication.authenticate({
            strategy: 'ldap',
            username: username,
            password: password
        }, context).then(data=>{
            // console.log(data)
            return data
        })
    }
}

I tried

RootQuery: {        
    signInGithub(root, data, context){
        return authentication.authenticate({
            strategy: 'github',
        }, context).then(data=>{
            console.log(data)
            return data
        })
    }
}

But I got error

feathers-authentication:passport:authenticate 'github' authentication redirecting to https://github.com/login/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Fauth%2Fgithub
%2Fcallback&scope=user&client_id=0b786a43497059d2a28b 302 +3ms

feathers-authentication:middleware:failure-redirect Redirecting to https://github.com/login/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Fauth%2Fgithub%2Fcallback&scope=
user&client_id=0b786a43497059d2a28b after failed authentication. +7ms

Error: Unexpected end of JSON input

If i write this topic on bad place I am sorry for that
Thak you for helping

Steps to reproduce

I have added oauth authentication to my Feathers app but I cannot access it when entering http://localhost:3030/auth/canvas. I got a 404 Not Found Page. Here is a part of my code of src/app.js that contains authentication :

const authentication = require('feathers-authentication');
const jwt = require('feathers-authentication-jwt');
const oauth2 = require('feathers-authentication-oauth2');
const CanvasStrategy = require('passport-canvas').Strategy;`

const config = app.get('authentication');
app.configure(authentication(config));
app.configure(jwt());

app.configure(oauth2({
  name: 'canvas',
  Strategy: CanvasStrategy,
  clientID: '<myID>',
  clientSecret: '<mysecret>',
  authorizationURL: 'https://example.com/login/oauth2/auth',
  tokenURL: 'https://example.com/login/oauth2/token',
  callbackURL: 'www.example.com',
  state: true
}))

Expected behavior

The browser redirects user to the canvas lms website.

Actual behavior

The browser displays 404 Not Fount Page.

System configuration

Module versions :

[email protected]
├─ debug@^2.3.1
├─ [email protected]
│  └─ [email protected]
├─ feathers-errors@^2.5.0
├─ lodash.merge@^4.6.0
├─ lodash.omit@^4.5.0
├─ lodash.pick@^4.4.0
└─ passport-jwt@^2.2.1
[email protected]
├─ debug@^3.0.0
├─ feathers-commons@^0.8.5
├─ feathers-errors@^2.4.0
├─ feathers-rest@^1.5.2
└─ lodash.merge@^4.6.0
[email protected]
├─ debug@^3.1.0
├─ feathers-authentication-client@^0.3.1
├─ feathers-commons@^0.8.4
├─ feathers-errors@^2.4.0
├─ feathers-socket-commons@^2.3.1
├─ jsonwebtoken@^8.0.0
├─ lodash.clone@^4.5.0
├─ lodash.merge@^4.6.0
├─ lodash.omit@^4.5.0
├─ lodash.pick@^4.4.0
├─ long-timeout@^0.1.1
├─ ms@^2.0.0
├─ passport@^0.4.0
└─ uuid@^3.1.0
[email protected]
├─ babel-runtime@^6.26.0
├─ debug@^3.1.0
├─ events@^1.1.1
├─ express@^4.16.1
├─ feathers-commons@^0.8.7
├─ rubberduck@^1.1.1
└─ uberproto@^1.2.0
[email protected]
├─ [email protected]
│  ├─ [email protected]
│  ├─ passport@~0.1.1
│  └─ [email protected]
├─ [email protected]
├─ [email protected]
│  ├─ [email protected]
│  └─ [email protected]
└─ [email protected]
[email protected]
├─ jsonwebtoken@^7.0.0
├─ [email protected]
│  ├─ joi@^6.10.1
│  ├─ jws@^3.1.4
│  ├─ lodash.once@^4.0.0
│  ├─ ms@^2.0.0
│  └─ xtend@^4.0.1
└─ passport-strategy@^1.0.0
[email protected]
├─ [email protected]
└─ [email protected]
[email protected]
├─ [email protected]
├─ [email protected]
└─ [email protected]
[email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
└─ [email protected]
[email protected]
[email protected]
├─ [email protected]
└─ [email protected]

NodeJS version: v8.9.0

Operating System: Windows 8 Pro

Browser Version: Version 62.0.3202.89 (Official Build) (64-bit)

Module Loader: (Package Manager) : Yarn v1.3.2

The following is a list of breaking changes. I believe these should have been in a major release.

• v0.2.4...v0.2.5#diff-d04431c6176a94d9e3e68f6b2fb090deL9
• v0.2.4...v0.2.5#diff-1fdf421c05c1140f6d71444ea2b27638L41
• v0.2.4...v0.2.5#diff-0fd0e07cf6d02bf7cf00f18cebb8e6eaL123

These changes break feathers-authentication on versions below 1.2.7. This is the commit where auth settings were moved from auth to authentication in feathers-authentication: feathersjs-ecosystem/authentication@79c5be1

cc @marshallswain

We are trying to make the auth work with AzureAD, and i keep getting into weird situations where it seems like after one user has been correctly logged in, database and auth wont be updated to a new user afterwards.

Expected behavior

Simple Log in && Log off behavior.

Actual behavior

a. When the database is empty and no-one has logged in previously user gets logged in correctly and everything is registered into the database by feather.

b. When there WAS already someone logged in and registered in the database, new connections wont work, you stay logged in as the first user, and the database is not updated.

Here is my server code:

module.exports = function (app) {
  const config = app.get('authentication');

  // Set up authentication with the secret
  app.configure(authentication(config));
  app.configure(jwt());
  app.configure(local());

  app.configure(oauth2(Object.assign({
    name: 'azure-ad',
    Strategy: OIDCStrategy,
    passReqToCallback: true,
    successRedirect: 'https://localhost:3000',
    failureRedirect: 'https://localhost:3000/oauth_error',
    entity: 'user',
    service: 'users',
  }, config['azure-ad'])));

  app.service('authentication').hooks({
    before: {
      create: [
        authentication.hooks.authenticate(config.strategies)
      ],
      remove: [
        authentication.hooks.authenticate('jwt')
      ]
    }
  });
};

And my client code:

import feathers from '@feathersjs/feathers';
import socketio from '@feathersjs/socketio-client';
import io from 'socket.io-client';
import auth from '@feathersjs/authentication-client';

const socket = io('https://localhost:3030', {
  transports: ['websocket'],
  forceNew: true,
});

const feathersClient = feathers();

feathersClient.configure(auth({
  storage: window.localStorage,
  cookie: 'feathers-jwt',
}));

feathersClient.configure(socketio(socket));

export default feathersClient;

And finally, my featherJS configuration:

"authentication": {
    "secret": "SECRET",
    "strategies": [
      "jwt",
      "local"
    ],
    "path": "/authentication",
    "service": "users",
    "jwt": {
      "header": {
        "typ": "access"
      },
      "audience": "https://yourdomain.com",
      "subject": "anonymous",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "entity": "user",
      "usernameField": "email",
      "passwordField": "password"
    },
    "azure-ad": {
      "clientID": "CLIENT_ID",
      "clientSecret": "CLIENT_SECRET",
      "identityMetadata": "https://login.microsoftonline.com/901cb4ca-b862-4029-9306-e5cd0f6d9f86/v2.0/.well-known/openid-configuration",
      "scope": ["email", "profile"],
      "responseType": "code",
      "responseMode": "query",
      "redirectUrl": "https://localhost:3030/auth/azure-ad/callback"
    },
    "cookie": {
      "enabled": true,
      "name": "feathers-jwt",
      "httpOnly": false,
      "secure": false
    }
  },

System configuration

Module versions

  "@feathersjs/authentication": "^2.1.6",
    "@feathersjs/authentication-jwt": "^2.0.1",
    "@feathersjs/authentication-local": "^1.2.1",
    "@feathersjs/authentication-oauth2": "^1.0.3",
    "@feathersjs/configuration": "^1.0.2",
    "@feathersjs/errors": "^3.3.0",
    "@feathersjs/express": "^1.2.3",
    "@feathersjs/feathers": "^3.1.6",
    "@feathersjs/socketio": "^3.2.2",
    "compression": "^1.7.2",
    "cookie-parser": "^1.4.3",
    "cors": "^2.8.4",
    "express-session": "^1.15.6",
    "feathers-authentication": "^1.3.1",
    "feathers-mongoose": "^6.1.2",
    "helmet": "^3.12.1",
    "mongoose": "^5.1.4",
    "passport-azure-ad": "^3.0.12",
    "serve-favicon": "^2.5.0",
    "winston": "^2.4.2"

NodeJS version: v10.3.0

Operating System: Ubuntu 16.04

Browser Version: Firefox 60.0.1 (64-bit)

React Native Version: /

Module Loader: RequireJS

Confusing

Options

{
    idField: '<provider>Id', // The field to look up the entity by when logging in with the provider. Defaults to '<provider>Id' (ie. 'facebookId').
    path: '/auth/<provider>', // The route to register the middleware
    callbackURL: 'http(s)://hostname[:port]/auth/<provider>/callback', // The callback url. Will automatically take into account your host and port and whether you are in production based on your app environment to construct the url. (ie. in development http://localhost:3030/auth/facebook/callback)
    successRedirect: undefined,
    failureRedirect: undefined,
    entity: 'user', // the entity that you are looking up
    service: 'users', // the service to look up the entity
    passReqToCallback: true, // whether the request object should be passed to `verify`
    session: false, // whether to use sessions,
    handler: function, // Express middleware for handling the oauth callback. Defaults to the built in middleware.
    formatter: function, // The response formatter. Defaults the the built in feathers-rest formatter, which returns JSON.
    Verifier: Verifier // A Verifier class. Defaults to the built-in one but can be a custom one. See below for details.
}

I wonder where should I put the above 'Options'? Is it an authentication options or an oauth2 options?

// Setup authentication
app.configure(authentication({ secret: 'super secret' })); // <-- here? 
app.configure(jwt());
app.configure(oauth2({ //<-- or here?
  name: 'facebook',
  Strategy: FacebookStrategy, //<-- or here when initializing FacebookStrategy?
  clientID: '<your client id>',
  clientSecret: '<your client secret>',
  scope: ['public_profile', 'email']
}));

Steps to reproduce

1. Copy https://raw.githubusercontent.com/feathersjs/feathers-authentication-oauth2/master/example/app.js

2. Change line 21 from:
   .configure(auth({ secret: 'super secret' }))
   to:
   .configure(auth({ secret: 'super secret', path: '/auth' }))

3. Add github clientID and clientSecret

4. run node test.js (assuming file was saved as test.js)

5. Navigate to: http://localhost:3030/auth/github

(First please check that this issue is not already solved as described
here)

• Tell us what broke. The more detailed the better.
• If you can, please create a simple example that reproduces the issue and link to a gist, jsbin, repo, etc.

Expected behavior

You should see the GitHub OAuth2 sign in or authorize app page

Actual behavior

Internal Server Error

System configuration

Tell us about the applicable parts of your setup.

Module versions (especially the part that's not working):
"body-parser": "^1.17.2",
"cors": "^2.8.4",
"feathers": "^2.1.7",
"feathers-authentication": "^1.2.7",
"feathers-authentication-jwt": "^0.3.2",
"feathers-authentication-oauth2": "^0.2.5",
"feathers-configuration": "^0.4.1",
"feathers-hooks": "^2.0.2",
"feathers-memory": "^1.1.0",
"feathers-nedb": "^2.7.0",
"feathers-rest": "^1.8.0",
"feathers-socketio": "^2.0.0",
"passport-github": "^1.1.0",

NodeJS version:
7.9

Operating System:
MacOS Sierra

Browser Version:
Chrome 60.0.3112.101 64Bit

React Native Version:
n/a

Module Loader:
n/a

Steps to reproduce

• Doing a fresh install of this package (npm i --save @feathersjs/authentication-oauth2) results in a missing dependency @feathersjs/express

Expected behavior

The package should declare @feathersjs/express as a dependency or peer dependency.

Actual behavior

Following error is thrown:

Error: Cannot find module '@feathersjs/express/rest'
    at Function.Module._resolveFilename (module.js:536:15)
    at Function.Module._load (module.js:466:25)
    at Module.require (module.js:579:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (****\node_modules\@feathersjs\authentication-oauth2\lib\index.js:4:14)
    at Module._compile (module.js:635:30)
    at Object.Module._extensions..js (module.js:646:10)
    at Module.load (module.js:554:32)
    at tryModuleLoad (module.js:497:12)
    at Function.Module._load (module.js:489:3)

System configuration

Tell us about the applicable parts of your setup.

Dependencies

  "dependencies": {
    "@feathersjs/authentication": "^2.0.1",
    "@feathersjs/authentication-oauth2": "^1.0.1",
    "@feathersjs/configuration": "^1.0.1",
    "@feathersjs/express": "^1.1.2",
    "@feathersjs/feathers": "^3.0.1",
    "passport-google-oauth20": "^1.0.0"
  }

NodeJS version: 8.9.0

Operating System: Windows 10

This came up in Slack and took a while to debug. Adding a warning here and here would make debugging a lot easier/faster.

Deleted

The github object contains only a profile property and an accessToken.

The example provided (as well as an example within the Feathers core Docs akin to it) tries to access an undefined property.

The user's email can now be found within an array emails within hook.data.github.profile

OAuth is cumbersome on React Native. What we should be able to do is bounce out to the native browser (rather than use an embedded webview), go through the OAuth flow, and then callback with a mobile app scheme URL.

This can be accomplished in a similar manner to #7 by allowing the developer to register a custom formatter with the deep link.

• See this stackoverflow post
• Possibly borrow some code from here.

We would then return the HTML response with JS that calls back the mobile deep link with the JWT accessToken. Making mobile auth great again! 🌟

When accessing and enabling our app for Facebook, we get the following error message on smaller screens:

You are using a display type of 'page' in a small browser window or popup. For a better user experience, show this dialog with our JavaScript SDK without specifying an explicit display type. The SDK will choose the best display type for each environment. Alternatively, use display type 'popup' if you have special requirements precluding you from using the SDK. This message is only visible to developers of your application.

In the configurations, the display option is never touched, therefore it should be defaulted into whatever the Facebook SDK has it set as. However, because the message is being displayed it probably is not the case.

Tried to override it in the oauth2 configurations, but to no avail.

app.configure(oauth2({
   name: 'facebook',
   Strategy: FacebookStrategy.Strategy,
   display: undefined // also tried with 'popup' or even 'undefined' but didn't make a difference
 }))

To be able to change display at all, we have to override in FacebookStrategy.Strategy in Strategy, but that still doesn't solve the problem of not wanting to specify the display.

Anyway, the bottom line is I would like to make that error message disappear through oauth2 configurations and have not found a way to do so.

Thanks in advance!

Steps to reproduce

Generate an app with the feathers-cli@pre
Add github authentication, use NeDB.
Add a cookie config inside the authentication config:

"cookie": {
  "enabled": true, // whether cookie creation is enabled
  "name": "feathers-jwt", // the cookie name
  "httpOnly": false, // when enabled, prevents the client from reading the cookie.
  "secure": false // whether cookies should only be available over HTTPS
}

Expected behavior

Upon successful response from the server, after the OAuth flow, the cookie should get set.

Actual behavior

The cookie doesn't get set because res.hook doesn't exist here: https://github.com/feathersjs/feathers-authentication/blob/master/src/express/set-cookie.js#L27

I don't see where it is getting set. Do we need to check for this? @ekryski

The only place I see it getting set is here: https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/express/handler.js#L28

I don't have a successRedirect setup.

Steps to reproduce

Login => app.logout() from authentication client => Login again

Expected behavior

The returned JWT should return with a payload containing UserId.

Actual behavior

A JWT is returned but no userId, the jwt payload is empty.

What seems to be happening is that req.params still contains the user object even after logout (this statement returns true even after logout : https://github.com/feathersjs/authentication-oauth2/blob/master/lib/verifier.js#L92) , which leads to the verifier completing without returning a payload: https://github.com/feathersjs/authentication-oauth2/blob/master/lib/verifier.js#L101
A quick fix is to customize the verifier like so:

      if (existing) {
        return this._updateEntity(existing, data)
          .then(entity => {
            const id = entity[this.service.id];
            const payload = { [`${this.options.entity}Id`]: id };
            done(null, entity, payload)})
          .catch(error => error ? done(error) : done(null, error));
      }

But I am not sure this is suitable because this may be a safety issue. I'm also not sure the error comes from this package. This may be a problem with feathers logout mechanism. Any guidance would be appreciated.
Note: this is definitely not an error on the client because if I restart the feathers server (after logout that is) the login works again.

System configuration

I am using the passport-facebook-token Strategy to auth with a Facebook access token obtained within my react native app.

Module versions (especially the part that's not working):
@feathersjs/[email protected]
@feathersjs/[email protected]
@feathersjs/[email protected]
@feathersjs/[email protected]
@[email protected]
on client:
@feathersjs/[email protected]
@feathersjs/[email protected]

Steps to reproduce

Given a user is already authenticated by oauth2.

And then he updated his password.

After he authenticated via oauth2 next time, he will not be able to authenticate by password.

Root cause of this issue

In default OAuth2Verifier, it will try to update existing entity by merging the entity with oauth profile and id.

_updateEntity (entity, data) {
    const options = this.options;
    const name = options.name;
    const id = entity[this.service.id];
    debug(`Updating ${options.entity}: ${id}`);

    const newData = {
      [options.idField]: data.profile.id,
      [name]: data
    };

    // Merge existing user data with new profile data
    const updated = merge({}, entity, newData);
    return this.service.update(id, updated, { oauth: { provider: name } });
  }

Since normally the update method of user service will have a before hook to hash the password. In above case, the entity is fetched from user service which contain a hashed password. Update it will cause the hashed password to be hashed again. So the original password can no longer be authenticated.

Suggestion

Maybe we should use patch method instead of update_ method.

I am having issues using React Native Facebook SDK Login with feathers 'facebook' Strategy. Maybe I am dead wrong but once I am authenticated via the FBSDK I get access to a token. I would like pass the Access Token to Feathers JS authenticate the user. Unfortunately this is where I am stuck.

I am on the latest version of FeathersJS (Auk) I saw in the legacy version you had a tokenStrategy option but that like it has been taken out of the OAuth2 package.

I am really looking for guidance at this point.

System configuration

React Native Version: 0.44

Expected behavior

I want to receive profileUrl but it is not undefined how to fix it

Actual behavior

Tell us what happens instead

System configuration

Tell us about the applicable parts of your setup.

Module versions
"feathers-authentication-oauth2": "^0.2.5"

This actually is a question. My usecase is pretty simple.

• If a user is not authenticated, the oauth callback verifier should create a new user.
• If the user is already authenticated then verifier should update existing user with associated oauth profile.

I have noticed that the default verifier is already doing that.

    let existing;

    // Check request object for an existing entity
    if (req && req[options.entity]) {
      existing = req[options.entity];
    }

    // Check the request that came from a hook for an existing entity
    if (!existing && req && req.params && req.params[options.entity]) {
      existing = req.params[options.entity];
    }

My questions is that during oauth callback phase, an existing user can only be extracted from cookie or state parameter. However by default, an application scaffolded by feathers-cli is not doing that.

The solution I can think of is to create a middleware to authenticate jwt and put user in req[entity], but I am not sure if I have missed some configuration.

This is meant as a replacement for authentication-popups. It literally can be a pretty bare bones HTML page with some JS that calls back to the parent window the the JWT accessToken and/or sets it in localstorage.

It will also remove the need for https://github.com/feathersjs/feathers-authentication-popups-github and any other provider specific repos.

There is no need for a cookie as the token can be embedded right in the JS script tag in the HTML response page.

Related to feathersjs-ecosystem/feathers-authentication-popups#5

cc/ @marshallswain

Hi,

I would like to allow only one domain to use the google oauth2 strategy.
After reading the feathersjs documentation, I found that I have two options to customise the authentication:

• Implement custom Verifier.
• Add a hook to the authentication service.

After comparing both, the Verifier seems to be the right place to do what I want, but reimplementing it from scratch just to verify that the email address is allowed seems to be too much.

I came to this repo to copy paste the Verifier that comes with authentication-oauth2 and modify it, but the verify methods depends on all the others so I can't just tweak the verify method and use it in a empty class that extends Verifier (such as mentionned in the doc).

What's the best way to achieve that ?

Thanks.

In order to be compatible with the generator it needs to be using authentication instead of auth. See line: https://github.com/feathersjs/feathers-authentication-oauth2/blob/master/src/index.js#L41.

Related: feathersjs-ecosystem/authentication#497

Version 2.2.0 of feathers just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As feathers is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

User cannot use Passport-Google-Token through POST request on /authentication.
It works on the previous version of authentication-oauth2 which is the one without the '@'.

Steps to reproduce

1. Create a feathersjs app using feathersjs cli.

2. Add a users service and google login authentication through cli.

3. Modify the authentication.js and default.json a bit for adapting Passport-Google-Token.
   

4. Get Client secret and ID from google api console.
   

5. Get the access token from an app.

6. Post to /authentication with
   {"strategy":"google", "access_token": "google access token"}

7. Response
   

Expected behavior

The application should return user a JWT token

Actual behavior

google strategy is not permitted.

System configuration

Module versions (especially the part that's not working):
@featherjs/authentication: github:feathersjs/authentication
@featherjs/authentication-oauth2: ^1.1.0

NodeJS version:
10.7.0

Operating System:
Linux inside of nodejs docker image

Browser Version:
Postman

I have feathers application but service and client both are different. so every client request different successUrl.

Please help me how to manage dynamic successUrl using from querystring.

Hi there, I think that service('user').create(...) might return an array in some cases, thus not providing an userId on initial OAuth2-Signup.

https://github.com/feathersjs/authentication-oauth2/blob/e40835f5cd849cda61ce75455bd7b4d12d2ee6a7/lib/verifier.js#L111

Steps to reproduce

1. Generate feathers app feathers generate app
2. Generate authentication with Facebook feathers generate authentication
3. Set your Facebook clientID and app secret
4. Login via facebook by visiting the url http://localhost:3030/auth/facebook
5. Refresh the page and then view the cookies in the browser

Expected behavior

I'd expect the cookie to be deleted once it's used.

Actual behavior

The cookie stays around, likely as long as the JWT token is valid. The problem I encountered was that if someone now logs in with a username and password AND I have localStorage turned on, then the user can actually log in simultaneously with OAuth2 and local account. Yes there are ways to prevent this via redirects if the user is already authenticated, but it took me quite some time to determine what was indeed happening when I encountered this problem.

I had to implement the following to ensure this type of scenario didn't happen anymore:

1. Delete the cookie once the user had been authenticated from OAuth
2. Unauthenticate the user before they are authenticated (more for sanity to help ensure the localStorage/current JWT is invalidated)

System configuration

Just used the feathers-cli to generate a barebones app. Nothing else was installed.

Steps to reproduce

The DefaultVerifier takes the profile.id field to query if a profile already exists. For my data this field does not exist and should not be used. I tried installing a hook to modify the data to conform to the expected layout, but there does not seem to be a way since I cannot obtain the auth service endpoint when starting the app. (If there is, please tell me)

See https://github.com/feathersjs/authentication-oauth2/blob/4ce4af60e4e04b975e9d93cd5151418d7db256d4/lib/verifier.js#L81

Expected behavior

I expect the id field to be configurable.

Actual behavior

The DefaultVerifier asserts profile.id exists.

System configuration

Tell us about the applicable parts of your setup.

Module versions (especially the part that's not working): feathersjs/authentication-oauth2 v1.2.2

How can I achieve this flow:
I would like to pass custom URL parameters to the auth URL like - /auth/facebook?custom_param=123
and then add the custom URL parameters to the successRedirect URL so in case of success it will redirect to ?custom_param=123

I know that if you're using passport on express you can do something like this:

app.get('/auth/facebook/login/:id', function(req,res,next) {
  passport.authenticate(
    'facebook', 
     {callbackURL: '/auth/facebook/login_callback/'+req.params.id }
  )(req,res,next);
});

app.get('/auth/facebook/login_callback/:id', function(req,res,next) {
  passport.authenticate(
    'facebook',
     {
       callbackURL:"/auth/facebook/login_callback/"+req.params.id
     , successRedirect:"/login_ok.html"
     , failureRedirect:"/login_failed.html"
     }
   ) (req,res,next);
 });

where can I set it up if I'm using feathers?

Steps to reproduce

This is my profileFields in the default.json

"profileFields": [
                "id",
                "name",
                "short_name",
                "displayName",
                "first_name",
                "last_name",
                "email",
                "gender",
                "verified", 
                "is_verified", 
                "profileUrl",
                "birthday",
                "picture",
                "timezone", 
                "currency", 
                "locale",
                "permissions",
                "updated_time"
            ]

However, when the facebook return result to this page http://localhost:5678/auth/facebook/callback with the auth code, I always get a 500.

The DEBUG=feathers-authentication* shows the following error:

feathers-authentication:passport:authenticate Error in 'facebook' authentication strategy { FacebookGraphAPIError: Syntax error "Field first_name specified more than once. This is only possible before version 2.1" at character 62: id,last_name,first_name,middle_name,short_name,name,first_name,last_name,email,gender,verified,is_verified,link,birthday,picture,timezone,currency,locale,permissions,updated_time
    at /Users/albertgao/codes/self/projectSwap/node_modules/passport-facebook/lib/strategy.js:165:21
    at passBackControl (/Users/albertgao/codes/self/projectSwap/node_modules/oauth/lib/oauth2.js:132:9)
    at IncomingMessage.<anonymous> (/Users/albertgao/codes/self/projectSwap/node_modules/oauth/lib/oauth2.js:157:7)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1056:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)
  name: 'FacebookGraphAPIError',
  message: 'Syntax error "Field first_name specified more than once. This is only possible before version 2.1" at character 62: id,last_name,first_name,middle_name,short_name,name,first_name,last_name,email,gender,verified,is_verified,link,birthday,picture,timezone,currency,locale,permissions,updated_time',
  type: 'OAuthException',
  code: 2500,
  subcode: undefined,
  traceID: 'GfPs7cst4Mv',
  status: 500 } +2s
  feathers-authentication:middleware:failure-redirect Clearing old 'feathers-jwt' cookie +1m

Expected behavior

No error happens

Actual behavior

Some fields which have been added implicitly and cause conflicts with my settings

System configuration

All latest modules with OS X

When I authenticate with a JWT provided by a locally authenticated user the full user is available in the after hook, hook.params.user. However doing the same with an OAuth JWT there is no user information.

Not sure if this is an issue with this repo or jwt.

Steps to reproduce

I've set up a small project to demo this issue but I believe it exists in the example as well.

It's got a few steps to set up but its a very basic project so you've probably got something already set up.

0. Follow README.md setup.

1. Login with an OAuth provider.
   GET http://localhost:3000/auth/[provider]

2. Authenticate with the JWT token

POST http://localhost:3000/authenticate
HEADER: Authorization: [OAuth accessToken]

3. Check out the after hook user

{ payload:
   { iat: 1481406233,
     exp: 1481492633,
     aud: 'https://yourdomain.com',
     iss: 'feathers',
     sub: 'anonymous' } }

4. Log in with a local user

POST: http://locahost:3000/authentication
BODY: {
    "username": "test",
    "password": "test"
}

5. Authenticate with the JWT token

POST http://localhost:3000/authenticate
HEADER: Authorization: [local accessToken]

6. Check out the after hook user

{ payload:
   { userId: 3,
     iat: 1481407162,
     exp: 1481493562,
     aud: 'https://yourdomain.com',
     iss: 'feathers',
     sub: 'anonymous' },
  id: x,
  createdAt: 'xxx',
  updatedAt: null,
  username: 'test',
  password: 'xxx',
  facebookId: null,
  githubId: null,
  googleId: null,
  displayName: null,
  email: null,
  avatarUrl: null }

Expected behaviour

Logging in with a local or an OAuth JWT to have the user data available.

Actual behavior

Local JWT makes user data available.
OAuth JWT has no user data.

System configuration

Module versions

    "feathers": "^2.0.1",
    "feathers-authentication": "^1.0.0-beta-2",
    "feathers-authentication-jwt": "^0.2.0",
    "feathers-authentication-local": "^0.3.0",
    "feathers-authentication-oauth2": "^0.2.0",

Not sure the rest matter but:
NodeJS version:
v6.9.1

Operating System:
OSX 10.11.6

Browser Version:
Chrome Version 55.x beta

Steps to reproduce

Add a hook to the user service that filter some attributes of the data model by default (eg these attributes are assumed to be retrieved using $select).

Expected behavior

When updating the user to add a new OAuth2 provider profile all user data should be preserved.

Actual behavior

Due to the fact that data of the retrieved user are manually merged with the new profile and the user updated back the "hidden" attributes are erased. To ensure they are preserved no manual merge should be done and a patch with the new profile data should be performed instead.

System configuration

Module versions (especially the part that's not working):

• "feathers": "^2.1.4",
• "feathers-authentication": "^1.2.2",
• "feathers-authentication-jwt": "^0.3.1",
• "feathers-authentication-local": "^0.4.3",
• "feathers-authentication-oauth2": "^0.2.5",
• "feathers-client": "^2.2.0",
• "feathers-configuration": "^0.4.1",
• "feathers-errors": "^2.6.3",
• "feathers-hooks": "^2.0.1",
• "feathers-hooks-common": "^3.0.0",

NodeJS version: 8.4

Operating System: windows/linux

I have logged in with react-native-fbsdk and gotten a token.
I then want to authenticate on the server.
Tried several things but don't work.

Server

const oauth2 = require('@feathersjs/authentication-oauth2');
const FacebookStrategy = require('passport-facebook');

module.exports = function (app) {
  const config = app.get('authentication');

  // Set up authentication with the secret
  app.configure(authentication(config));
  app.configure(jwt());

  app.configure(oauth2(Object.assign({
    name: 'facebook',
    Strategy: FacebookStrategy
  }, config.facebook)));

  // The `authentication` service is used to create a JWT.
  // The before `create` hook registers strategies that can be used
  // to create a new valid JWT (e.g. local or oauth2)
  app.service('authentication').hooks({
    before: {
      create: [
        authentication.hooks.authenticate(config.strategies)
      ],
      remove: [
        authentication.hooks.authenticate('jwt')
      ]
    }
  });
};

Client

Method 1

 feathersClient.authenticate({
    //When strategy is jwt, I get Error: Malformed JWT
    //All other strategies return not permited. e.g  *Strategy facebook is not permitted*
    //i've tried facebook, passport-facebook, facebook/access_token, passport-facebook/access_token
    strategy: "jwt", 
    accessToken: data.accessToken
})
.catch(){...}

Method2:

const options = {
  storageKey: 'feathers-jwt', 
  storage: AsyncStorage
}
feathersClient.configure(auth(options));
...
AsyncStorage.setItem("feathers-jwt", data.accessToken);
...

//Error: Invalid token specified: Cannot read property 'replace' of undefined
feathersClient.authenticate()
.then(){}
.catch(){}

What am I doing wrong? 
What's the correct way to authenticate Facebook with feathers.

Steps to reproduce

Please check https://stackoverflow.com/questions/47000788/oauth2-github-connection-with-feathersjs-hosted-on-ec2.

Expected behavior

In my opinion, in production mode the callbackURL should be created from the host setting in production.json, not the one in default .json, but maybe there is a good reason not to do this.

Actual behavior

The callback URL gets created from default.json

System configuration

package.json:
"engines": {
"node": ">= 6.0.0",
"npm": ">= 3.0.0"
},
"scripts": {
"test": "npm run eslint && npm run mocha",
"eslint": "eslint src/. test/. --config .eslintrc.json",
"start": "node src/",
"mocha": "mocha test/ --recursive"
},
"dependencies": {
"aws-sdk": "^2.141.0",
"body-parser": "^1.18.2",
"compression": "^1.7.1",
"cors": "^2.8.4",
"dauria": "^2.0.0",
"feathers": "^2.2.2",
"feathers-authentication": "^1.3.0",
"feathers-authentication-hooks": "^0.1.5",
"feathers-authentication-jwt": "^0.3.2",
"feathers-authentication-local": "^0.4.4",
"feathers-authentication-oauth2": "^0.3.2",
"feathers-blob": "^1.3.1",
"feathers-configuration": "^0.4.1",
"feathers-errors": "^2.9.2",
"feathers-hooks": "^2.1.0",
"feathers-hooks-common": "^3.7.3",
"feathers-mongodb": "^2.9.1",
"feathers-rest": "^1.8.0",
"feathers-socketio": "^2.0.0",
"helmet": "^3.8.2",
"mongodb": "^2.2.33",
"multer": "^1.3.0",
"passport-facebook": "^2.1.1",
"passport-github": "^1.1.0",
"s3-blob-store": "^2.1.0",
"serve-favicon": "^2.4.5",
"winston": "^2.4.0"
},
"devDependencies": {
"eslint": "^4.8.0",
"mocha": "^4.0.1",
"request": "^2.83.0",
"request-promise": "^4.2.2"
}

I am using my customer verifier and if successful I cam calling done

done(null, saved);

where saved is the user from DB which as email field.

Even with that, JWT sub is always anonymouis

Steps to reproduce

• Install the new feathers-cli with npm install feathers-cli -g
• generate an app with feathers generate app
• generate authentication with feathers generate authentication
• set the clientID and clientSecret in config/default.json

Now this works, also adding the scope works. But adding the "hostedDomain" property doesn't seem to work. I've tried the following ways to add it:

"google": {
  "clientID": "your google client id",
  "clientSecret": "your google client secret",
  "successRedirect": "/",
  "hostedDomain": "station.ch"
},

and

"google": {
  "clientID": "your google client id",
  "clientSecret": "your google client secret",
  "successRedirect": "/",
  "permissions": {
    "hostedDomain": "station.ch"
  }
},

The second way used to work in projects created with the old feathers-cli.

Expected behavior

"hostedDomain" is passed in the OAuth request to Google and only allowed email domains can be used.

Actual behavior

All email domains can be used.

System configuration

Module versions (especially the part that's not working):

"body-parser": "^1.17.1",
"compression": "^1.6.2",
"cors": "^2.8.3",
"eslint": "^3.19.0",
"feathers": "^2.1.1",
"feathers-authentication": "^1.2.1",
"feathers-authentication-hooks": "^0.1.0",
"feathers-authentication-jwt": "^0.3.1",
"feathers-authentication-oauth2": "^0.2.4",
"feathers-configuration": "^0.4.1",
"feathers-errors": "^2.6.3",
"feathers-hooks": "^1.8.1",
"feathers-hooks-common": "^3.0.0",
"feathers-mongodb": "^2.8.0",
"feathers-rest": "^1.7.2",
"feathers-socketio": "^1.5.2",
"helmet": "^3.5.0",
"mocha": "^3.2.0",
"mongodb": "^2.2.25",
"passport-google-oauth20": "^1.0.0",
"request": "^2.81.0",
"request-promise": "^4.2.0",
"serve-favicon": "^2.4.2",
"winston": "^2.3.1"

NodeJS version: v7.7.4

Operating System: macOS Sierra

Browser Version: Chrome 57