Add Authentication to your FeathersJS app.
feathers-authentication adds shared PassportJS authentication for Feathers HTTP REST and WebSockets services using JSON Web Tokens.
npm install feathers-authentication --save
Please refer to the Authentication documentation for more details:
- Local Auth Tutorial - How to implement a username and password-based authentication.
- Use Hooks for Authorization - Learn about the bundled hooks.
Here's an example of a Feathers server that uses feathers-authentication for local auth. It includes a users service that uses feathers-mongoose. Note that it does NOT implement any authorization.
import feathers from 'feathers';
import hooks from 'feathers-hooks';
import bodyParser from 'body-parser';
import authentication from 'feathers-authentication';
import { hooks as authHooks } from 'feathers-authentication';
import mongoose from 'mongoose';
import service from 'feathers-mongoose';
const port = 3030;
const Schema = mongoose.Schema;
const UserSchema = new Schema({
email: {type: String, required: true, unique: true},
password: {type: String, required: true },
createdAt: {type: Date, 'default': Date.now},
updatedAt: {type: Date, 'default': Date.now}
});
let UserModel = mongoose.model('User', UserSchema);
mongoose.Promise = global.Promise;
mongoose.connect('mongodb://localhost:27017/feathers');
let app = feathers()
.configure(feathers.rest())
.configure(feathers.socketio())
.configure(hooks())
.use(bodyParser.json())
.use(bodyParser.urlencoded({ extended: true }))
// Configure feathers-authentication
.configure(authentication());
app.use('/users', new service('user', {Model: UserModel}))
let userService = app.service('users');
userService.before({
create: [authHooks.hashPassword('password')]
});
let server = app.listen(port);
server.on('listening', function() {
console.log(`Feathers application started on localhost:${port}`);
});You can use the client in the Browser, in NodeJS and in React Native.
import io from 'socket.io-client';
import feathers from 'feathers/client';
import hooks from 'feathers-hooks';
import socketio from 'feathers-socketio/client';
import localstorage from 'feathers-localstorage';
import authentication from 'feathers-authentication/client';
const socket = io('http://localhost:3030/');
const app = feathers()
.configure(socketio(socket)) // you could use Primus or REST instead
.configure(hooks())
.configure(authentication({ storage: window.localStorage }));
app.authenticate({
type: 'local',
'email': 'admin@feathersjs.com',
'password': 'admin'
}).then(function(result){
console.log('Authenticated!', result);
}).catch(function(error){
console.error('Error authenticating!', error);
});- Lock down cookie #132
- can now use default redirect routes with a custom handler #121
- Add middleware tests for successfulLogin
- Add middleware tests for failedLogin
- Prevent emitting auth service events #126
- Add tests to make sure auth service events are not fired
restrictToOwnernow throws an error #128restrictToRolesnow throws an error #127- user profile should be updated when using OAuth2 #124
- All hooks should support internal usage passthrough #138
- Clear cookie on logout #122
- de-auth socket on logout #136
- Move to bcryptjs instead of native brcrypt
- Removes ability to authenticate with the cookie that is used to transmit the JWT to the client
- Adds a TON of test coverage
- Fixes for #107, #103, #102, #105, #119
- Adds a bunch of tests (#9, #59)
- All hooks now pull from auth config (#93)
- Added ability to disable local and OAuth2 redirects independently (#89)
- Removed
toLowerCasehook. It already lives in feathers-hooks - Renamed
requireAuthhook torestrictToAuthenticated - Renamed
queryWithUserIdhook toqueryWithCurrentUser - Renamed
setUserIdhook toassociateCurrentUser - Renamed
restrictToSelfhook torestrictToOwneras it could be used on other resources other than users - Added a
restrictToRoleshook
- Removing
app.userandapp.token - Removing dependency on
feathers-localstorage - Abstracting socket connect and disconnect events so developers don't need to do it and the interface is the same between REST and sockets.
- Adding more tests
- Cleaning up the example
- Customize the JWT payload (#78)
- Using
feathers-localstoragefor storing user and token credentials. - Adds support for using auth in NodeJS and React Native
- Fixes issue where user was not getting added to response on authentication for databases that use
_idas their field name. - adds better client side error handling
- Fix
toLowerCasehook (#74)
- Fix customization of the
tokenEndpoint(#57)
- fixing passing custom local options. (#55)
- Migrating existing code to use services
- Standardizing on a hook spec
- Adds support for authenticating with socketio and primus (#32)
- Only signs the JWT with user id (#38)
- Locks down socket authentication (#33)
- Continues the work @marshallswain did on handling expired tokens (#25)
- Adds a bunch more tests.
- Adds support for OAuth2 (#43)
- Adds a client side component for easy authentication with Feathers (#44)
- Adds preliminary support for graceful fallback to cookies for JWT (#45)
- Adds an example project showing all the different ways you can authenticate
- Adding local authentication
- Adding bundled hooks
- Initial release
Copyright (c) 2015
Licensed under the MIT license.