Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

@feathersjs/authentication

feathersjs185.6kMIT5.0.34TypeScript support: included

Add Authentication to your FeathersJS app.

feathers, feathers-plugin

readme

Feathers - The API and real-time application framework

CI Maintainability Test Coverage Download Status Discord

Feathers is a full-stack framework for creating web APIs and real-time applications with TypeScript or JavaScript.

Feathers can interact with any backend technology, supports many databases out of the box and works with any frontend like React, VueJS, Angular, React Native, Android or iOS.

Getting started

Get started with just three commands:

$ npm create feathers my-new-app
$ cd my-new-app
$ npm run dev

To learn more about Feathers visit the website at feathersjs.com or jump right into the Feathers guides.

Contributing

To start developing, clone this repository, then run:

cd feathers
npm install

To run all tests run

npm test

Individual tests can be run in the module you are working on:

cd packages/feathers
npm test

License

Copyright (c) 2024 Feathers contributors

Licensed under the MIT license.

changelog

Change Log

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

5.0.34 (2025-05-03)

Bug Fixes

5.0.33 (2025-02-24)

Bug Fixes

5.0.32 (2025-02-01)

Note: Version bump only for package @feathersjs/authentication

5.0.31 (2024-10-31)

Bug Fixes

5.0.30 (2024-09-02)

Note: Version bump only for package @feathersjs/authentication

5.0.29 (2024-07-10)

Note: Version bump only for package @feathersjs/authentication

5.0.28 (2024-07-10)

Note: Version bump only for package @feathersjs/authentication

5.0.27 (2024-06-18)

Note: Version bump only for package @feathersjs/authentication

5.0.26 (2024-06-09)

Note: Version bump only for package @feathersjs/authentication

5.0.25 (2024-05-03)

Bug Fixes

5.0.24 (2024-03-13)

Note: Version bump only for package @feathersjs/authentication

5.0.23 (2024-02-25)

Bug Fixes

5.0.22 (2024-02-15)

Note: Version bump only for package @feathersjs/authentication

5.0.21 (2024-01-25)

Note: Version bump only for package @feathersjs/authentication

5.0.20 (2024-01-24)

Note: Version bump only for package @feathersjs/authentication

5.0.19 (2024-01-23)

Note: Version bump only for package @feathersjs/authentication

5.0.18 (2024-01-22)

Note: Version bump only for package @feathersjs/authentication

5.0.17 (2024-01-22)

Note: Version bump only for package @feathersjs/authentication

5.0.16 (2024-01-22)

Note: Version bump only for package @feathersjs/authentication

5.0.15 (2024-01-22)

Note: Version bump only for package @feathersjs/authentication

5.0.14 (2024-01-05)

Note: Version bump only for package @feathersjs/authentication

5.0.13 (2023-12-29)

Note: Version bump only for package @feathersjs/authentication

5.0.12 (2023-11-28)

Note: Version bump only for package @feathersjs/authentication

5.0.11 (2023-10-11)

Bug Fixes

  • knex: Update all dependencies and Knex peer (#3308) (d2f9860)

5.0.10 (2023-10-03)

Note: Version bump only for package @feathersjs/authentication

5.0.9 (2023-09-27)

Note: Version bump only for package @feathersjs/authentication

5.0.8 (2023-07-19)

Note: Version bump only for package @feathersjs/authentication

5.0.7 (2023-07-14)

Note: Version bump only for package @feathersjs/authentication

5.0.6 (2023-06-15)

Bug Fixes

5.0.5 (2023-04-28)

Note: Version bump only for package @feathersjs/authentication

5.0.4 (2023-04-12)

Bug Fixes

  • Make sure all Readme files are up to date (#3154) (a5f0b38)

5.0.3 (2023-04-05)

Bug Fixes

5.0.1 (2023-03-15)

Note: Version bump only for package @feathersjs/authentication

5.0.0 (2023-02-24)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.38 (2023-02-17)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.37 (2023-02-09)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.36 (2023-01-29)

Bug Fixes

5.0.0-pre.35 (2023-01-12)

Features

  • generators: Move core code generators to shared generators package (#2982) (0328d22)

5.0.0-pre.34 (2022-12-14)

Bug Fixes

  • authentication: Fix order of connection and login event handling (#2909) (801a503)
  • core: context.type for around hooks (#2890) (d606ac6)

Features

5.0.0-pre.33 (2022-11-08)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.32 (2022-10-26)

Bug Fixes

  • authentication: Improve logout and disconnect connection handling (#2813) (dd77379)

5.0.0-pre.31 (2022-10-12)

Features

  • cli: Generate full client test suite and improve typed client (#2788) (57119b6)

5.0.0-pre.30 (2022-10-07)

Features

  • core: Allow to unregister services at runtime (#2756) (d16601f)
  • schema: Make schemas validation library independent and add TypeBox support (#2772) (44172d9)

5.0.0-pre.29 (2022-09-16)

Features

  • authentication-oauth: Koa and transport independent oAuth authentication (#2737) (9231525)

5.0.0-pre.28 (2022-08-03)

Bug Fixes

  • cli: Improve generated application and client (#2701) (bd55ffb)

5.0.0-pre.27 (2022-07-13)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.26 (2022-06-22)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.25 (2022-06-22)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.24 (2022-06-21)

Bug Fixes

  • authentication: Add safe dispatch data for authentication requests (#2662) (d8104a1)

5.0.0-pre.23 (2022-06-06)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.22 (2022-05-24)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.21 (2022-05-23)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.20 (2022-05-04)

Bug Fixes

  • dependencies: Lock monorepo package version numbers (#2623) (5640c10)

5.0.0-pre.19 (2022-05-01)

Features

  • typescript: Improve adapter typings (#2605) (3b2ca0a)
  • typescript: Improve params and query typeability (#2600) (df28b76)

5.0.0-pre.18 (2022-04-11)

Features

  • authentication: Add setup method for auth strategies (#1611) (a3c3581)
  • configuration: Allow app configuration to be validated against a schema (#2590) (a268f86)

5.0.0-pre.17 (2022-02-15)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.16 (2022-01-12)

Features

5.0.0-pre.15 (2021-11-27)

Bug Fixes

Features

  • authentication-oauth: Allow dynamic oAuth redirect (#2469) (b7143d4)

5.0.0-pre.14 (2021-10-13)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.13 (2021-10-13)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.12 (2021-10-12)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.11 (2021-10-06)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.10 (2021-09-19)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.9 (2021-08-09)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.8 (2021-08-09)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.7 (2021-08-09)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.6 (2021-08-08)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.5 (2021-06-23)

Bug Fixes

  • hooks: Migrate built-in hooks and allow backwards compatibility (#2358) (759c5a1)
  • koa: Use extended query parser for compatibility (#2397) (b2944ba)

Features

  • adapter-commons: Add support for params.adapter option and move memory adapter to @feathersjs/memory (#2367) (a43e7da)

5.0.0-pre.4 (2021-05-13)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.3 (2021-04-21)

Bug Fixes

  • typescript: Improve TypeScript backwards compatibility (#2310) (f33be73)

Features

  • dependencies: Remove direct debug dependency (#2296) (501d416)

5.0.0-pre.2 (2021-04-06)

Note: Version bump only for package @feathersjs/authentication

5.0.0-beta.1 (2021-04-03)

Note: Version bump only for package @feathersjs/authentication

5.0.0-beta.0 (2021-03-28)

Bug Fixes

  • Update Grant usage and other dependencies (#2264) (7b0f8fa)

Features

  • Application service types default to any (#1566) (d93ba9a)
  • Feathers v5 core refactoring and features (#2255) (2dafb7c)

5.0.0-pre.1 (2020-12-17)

5.0.0-pre.0 (2020-05-19)

Note: Version bump only for package @feathersjs/authentication

5.0.0-pre.0 (2020-05-19)

4.5.11 (2020-12-05)

Note: Version bump only for package @feathersjs/authentication

4.5.10 (2020-11-08)

Bug Fixes

  • authentication: consistent response return between local and jwt strategy (#2042) (8d25be1)

4.5.9 (2020-10-09)

Note: Version bump only for package @feathersjs/authentication

4.5.8 (2020-08-12)

Note: Version bump only for package @feathersjs/authentication

4.5.7 (2020-07-24)

Bug Fixes

4.5.6 (2020-07-12)

Bug Fixes

  • authentication: Omit query in JWT strategy (#2011) (04ce7e9)

4.5.5 (2020-07-11)

Bug Fixes

  • authentication: Include query params when authenticating via authenticate hook #2009 (4cdb7bf)

4.5.3 (2020-04-17)

Bug Fixes

  • authentication: Remove entity from connection information on logout (#1889) (b062753)

4.5.2 (2020-03-04)

Bug Fixes

  • authentication: Improve JWT strategy configuration error message (#1844) (2c771db)

4.5.1 (2020-01-24)

Note: Version bump only for package @feathersjs/authentication

4.5.0 (2020-01-18)

Bug Fixes

  • Add params.authentication type, remove hook.connection type (#1732) (d46b7b2)

4.4.3 (2019-12-06)

Note: Version bump only for package @feathersjs/authentication

4.4.1 (2019-11-27)

Note: Version bump only for package @feathersjs/authentication

4.4.0 (2019-11-27)

Note: Version bump only for package @feathersjs/authentication

4.3.11 (2019-11-11)

Bug Fixes

  • authentication: Retain object references in authenticate hook (#1675) (e1939be)

4.3.10 (2019-10-26)

Note: Version bump only for package @feathersjs/authentication

4.3.9 (2019-10-26)

Bug Fixes

  • Add jsonwebtoken TypeScript type dependency (317c80a)
  • Small type improvements (#1624) (50162c6)

4.3.7 (2019-10-14)

Note: Version bump only for package @feathersjs/authentication

4.3.5 (2019-10-07)

Bug Fixes

  • Authentication type improvements and timeout fix (#1605) (19854d3)
  • Improve error message when authentication strategy is not allowed (#1600) (317a312)

4.3.4 (2019-10-03)

Note: Version bump only for package @feathersjs/authentication

4.3.3 (2019-09-21)

Bug Fixes

  • check for undefined access token (#1571) (976369d)
  • Small improvements in dependencies and code sturcture (#1562) (42c13e2)

4.3.2 (2019-09-16)

Note: Version bump only for package @feathersjs/authentication

4.3.1 (2019-09-09)

Bug Fixes

  • Use long-timeout for JWT expiration timers (#1552) (65637ec)

4.3.0 (2019-08-27)

Note: Version bump only for package @feathersjs/authentication

4.3.0-pre.4 (2019-08-22)

Bug Fixes

  • Fix auth publisher mistake (08bad61)

4.3.0-pre.3 (2019-08-19)

Bug Fixes

  • Expire and remove authenticated real-time connections (#1512) (2707c33)
  • Update all dependencies (7d53a00)

Features

4.3.0-pre.2 (2019-08-02)

Bug Fixes

  • Add getEntityId to JWT strategy and fix legacy Socket authentication (#1488) (9a3b324)
  • Add method to reliably get default authentication service (#1470) (e542cb3)

4.3.0-pre.1 (2019-07-11)

Note: Version bump only for package @feathersjs/authentication

4.0.0-pre.5 (2019-07-10)

Note: Version bump only for package @feathersjs/authentication

4.0.0-pre.4 (2019-07-05)

Bug Fixes

4.0.0-pre.3 (2019-06-01)

Bug Fixes

  • Make oAuth paths more consistent and improve authentication client (#1377) (adb2543)
  • Set authenticated: true after successful authentication (#1367) (9918cff)
  • Typings fix and improvements. (#1364) (515b916)
  • Update dependencies and fix tests (#1373) (d743a7f)

4.0.0-pre.2 (2019-05-15)

Bug Fixes

  • Throw NotAuthenticated on token verification errors (#1357) (e0120df)

4.0.0-pre.1 (2019-05-08)

Bug Fixes

  • Always require strategy parameter in authentication (#1327) (d4a8021)
  • Bring back params.authenticated (#1317) (a0ffd5e)
  • Improve authentication parameter handling (#1333) (6e77204)
  • Merge httpStrategies and authStrategies option (#1308) (afa4d55)
  • Rename jwtStrategies option to authStrategies (#1305) (4aee151)

Features

4.0.0-pre.0 (2019-04-21)

Bug Fixes

  • Added path and method in to express request for passport (#1112) (afa1cb4)
  • Authentication core improvements (#1260) (c5dc7a2)
  • Improve JWT authentication option handling (#1261) (31b956b)
  • Make Mocha a proper devDependency for every repository (#1053) (9974803)
  • Only merge authenticated property on update (8a564f7)
  • reduce authentication connection hook complexity and remove unnecessary checks (fa94b2f)
  • Update all dependencies to latest (#1206) (e51e0f6)
  • authentication: Fall back when req.app is not the application when emitting events (#1185) (6a534f0)
  • Update adapter common tests (#1135) (8166dda)
  • docs/new-features: syntax highlighting (#347) (4ab7c95)
  • package: update @feathersjs/commons to version 2.0.0 (#692) (ca665ab)
  • package: update debug to version 3.0.0 (#555) (f788804)
  • package: update jsonwebtoken to version 8.0.0 (#567) (6811626)
  • package: update ms to version 2.0.0 (#509) (7e4b0b6)
  • package: update passport to version 0.4.0 (#558) (dcb14a5)

Features

  • @feathersjs/authentication-oauth (#1299) (656bae7)
  • Add AuthenticationBaseStrategy and make authentication option handling more explicit (#1284) (2667d92)
  • Add TypeScript definitions (#1275) (9dd6713)
  • Authentication v3 core server implementation (#1205) (1bd7591)
  • Authentication v3 local authentication (#1211) (0fa5f7c)
  • Remove (hook, next) signature and SKIP support (#1269) (211c0f8)
  • Support params symbol to skip authenticate hook (#1296) (d16cf4d)

BREAKING CHANGES

  • Update authentication strategies for @feathersjs/authentication v3

2.1.16 (2019-01-26)

Bug Fixes

  • authentication: Fall back when req.app is not the application when emitting events (#1185) (6a534f0)

2.1.15 (2019-01-02)

Bug Fixes

2.1.14 (2018-12-16)

Bug Fixes

  • Added path and method in to express request for passport (#1112) (afa1cb4)

2.1.13 (2018-10-26)

Note: Version bump only for package @feathersjs/authentication

2.1.12 (2018-10-25)

Bug Fixes

  • Make Mocha a proper devDependency for every repository (#1053) (9974803)
  • Only merge authenticated property on update (8a564f7)

2.1.11 (2018-09-21)

Note: Version bump only for package @feathersjs/authentication

2.1.10 (2018-09-17)

Note: Version bump only for package @feathersjs/authentication

2.1.9 (2018-09-02)

Note: Version bump only for package @feathersjs/authentication

2.1.8

v2.1.7 (2018-06-29)

Full Changelog

Fixed bugs:

  • XXXOrRestrict undermines provider (security) logic #395

Closed issues:

  • Customize response of authentication service #679
  • hook.params.user is null using REST #678
  • Can't store JWT token to cookie on REST client #676
  • Is there a way to get req.user without using the authentication middleware? #675

Merged pull requests:

v2.1.6 (2018-06-01)

Full Changelog

Closed issues:

  • Authentication local strategy not working with a Custom User service #672
  • CLI command bug: 'Feathers generate authentication' produces bad working 'users' service #670
  • config\default.json generated without callbackURL config needed to set redirect URL for Google Outh2 #669
  • HELP WANTED: Authentication strategy 'jwt' is not registered. #668
  • Authenticate shows error: No auth token #667
  • authentication - Method: remove #662
  • NotAuthenticated: jwt expired #633
  • Authentication via phone number #616
  • Persist auth tokens on db #569
  • Tighter integration with feathers-authentication-management #393

Merged pull requests:

v2.1.5 (2018-04-16)

Full Changelog

Closed issues:

  • feathersjs Invalid token: expired #661
  • Safari and iOS facebook login can't redirect back, but others can. #651

Merged pull requests:

v2.1.4 (2018-04-12)

Full Changelog

Closed issues:

  • Column "createdAt" does not exist" in Autentication #660
  • How to make a user automatically logined on server side? #659
  • authentication-jwt functional example #657
  • "No auth token" with auth0 when following the guide #655
  • Service returns [No Auth Token] same by passing Authorization Token on HEADER #641

Merged pull requests:

v2.1.3 (2018-03-16)

Full Changelog

Closed issues:

  • ts #647
  • Using /auth/facebook gives a 404 from vue-router #643
  • Crash after upgrade to feathersjs v3 #642
  • SameSite cookie option #640
  • context.params.user is empty object #635
  • Token is undefined for authenticated user #500
  • 1.x: logout timers need to be moved #467

Merged pull requests:

v2.1.2 (2018-02-14)

Full Changelog

Fixed bugs:

  • hook failed with auth & sync #540
  • JWT Cookie #389

Closed issues:

  • forgot password #638
  • registered many authentication services #634
  • TypeError: Cannot read property '_strategy' of undefined #632
  • How to change 5000ms timeout? #628
  • cookie reused from server in SSR app #619
  • Express middleware not setCookie #617
  • Server to Server Authentication Question #612
  • No way to share token between socket-rest-express #607
  • 404 when accessing route using customer authentication #579
  • [question] is it possible to protect by role a create method? #564
  • Authentication with server-side rendering #560
  • Problem authenticating using REST middleware #495
  • A supposed way to auth requests from SSR to Feathers API #469
  • rename app.authenticate\(\) to app.\_authenticate\(\) #468

Merged pull requests:

v2.1.1 (2018-01-03)

Full Changelog

Closed issues:

  • Deleted user successfully signs in using JWT #615
  • Feathers.authenticate gives window undefined (server-rendered) #573
  • Be careful with discard('password') in user #434

Merged pull requests:

v2.1.0 (2017-12-06)

Full Changelog

Closed issues:

  • Method "Remove" from Authentication Service gives Internal Server Error when using JWT Authentication with Cookies. #606
  • Anonymous Authentication fails over Socket.io #457

Merged pull requests:

v2.0.1 (2017-11-16)

Full Changelog

Merged pull requests:

  • Add default export for better ES module (TypeScript) compatibility #605 (daffl)

v2.0.0 (2017-11-09)

Full Changelog

Closed issues:

  • is there a way to detect if the token used is correct or not ? #601
  • option for non-JWT based session #597

Merged pull requests:

v1.3.1 (2017-11-03)

Full Changelog

Merged pull requests:

  • Only set the JWT UUID if it is not already set #600 (daffl)

v1.4.1 (2017-11-01)

Full Changelog

Merged pull requests:

  • Update dependencies for release #598 (daffl)
  • Finalize v3 dependency updates #596 (daffl)
  • Update Codeclimate coverage token #595 (daffl)

v1.4.0 (2017-10-25)

Full Changelog

Closed issues:

  • An in-range update of socket.io-client is breaking the build 🚨 #588
  • An in-range update of feathers-hooks is breaking the build 🚨 #587

Merged pull requests:

v1.3.0 (2017-10-24)

Full Changelog

Merged pull requests:

v0.7.13 (2017-10-23)

Full Changelog

Closed issues:

  • Error authenticating! Error: Token provided to verifyJWT is missing or not a string ? #584
  • Visual Studio Code Debug no authentication #583
  • [Feature Request] Cloud DB's #581
  • Request doesn't contain any headers when user service requested #578
  • No way to pass Options to auth.express.authenticate. Needed for Google API refreshToken #576
  • /auth/google 404 Not Found #574
  • unique email not working while create #572
  • authentication service not return token jwt #571
  • typo in jwt default options #570
  • Generate new app, Google-only auth, throws error #568
  • An in-range update of feathers is breaking the build 🚨 #565
  • Documentation not understanding #563
  • Checking hook.params.headers.authorization #552
  • Ability to send token as part of URL #546
  • Anonymous Authentication #544
  • Quote Error #519
  • [example] CustomStrategy using passport-custom #516
  • [Epic] Auth 2.0.0 #513
  • ID set to null - Unable to delete with customer ID field. #422
  • Prefixing socket events #418
  • Passwordless auth #409
  • How to authenticate the application client? not only the users #405
  • Multi-factor Local Auth #5

Merged pull requests:

v1.2.7 (2017-07-11)

Full Changelog

Closed issues:

  • Connection without password #541
  • email in lower case ? #538
  • Im unable to ping feathers server from react native. #537
  • whats the official way to open cors in feather ? #536
  • Error options.service does not exist after initial auth setup #535
  • LogoutTimer not being cleared correctly #532
  • logoutTimer causing early logouts #404

Merged pull requests:

v1.2.6 (2017-06-22)

Full Changelog

Closed issues:

  • OAuth 2 login for cordova #530

Merged pull requests:

v1.2.5 (2017-06-21)

Full Changelog

Closed issues:

  • Cannot read property 'user' of undefined - lib\socket\update-entity.js:26:104 #529
  • Provider is undefined when using restrictToRoles #525
  • How to make a request to an Endpoint that requires authentication from nodejs? #523

Merged pull requests:

  • fixes several issues with update-entity w/ test cases #531 (jerfowler)

v1.2.4 (2017-06-08)

Full Changelog

Fixed bugs:

  • User (Entity) needs to be updated on the socket after authentication #293

Closed issues:

  • Express Middleware local -> jwt does not authorize on redirect #518
  • Issue with feathers-authentication #512
  • User Authentication Missing Credentials error (and subsequent nav authorization) #508
  • passport log failure #505
  • authenticate with a custom username field (rather than email) #502
  • app.get('auth') vs app.get('authentication') #497
  • Can't get success authorization with pure feathers server #491

Merged pull requests:

v1.2.3 (2017-05-10)

Full Changelog

Closed issues:

  • Validating custom express routes #498
  • Payload won't include userId when logging in with stored localStorage token #496
  • How to send oauth token authentication to another client server #493
  • Unhandled Promise Rejection error. #489
  • No Auth token on authentication resource #488
  • How to verify JWT in feathers issued by another feathers instance ? #484
  • hook.params.user #483
  • Overriding JWT's expiresIn with a value more than 20d prevents users from signing in #458

Merged pull requests:

v1.2.2 (2017-04-12)

Full Changelog

Fixed bugs:

  • accessToken not being used when provided by client over socketio #400

Closed issues:

  • Incompatible old client dependency #479
  • Using feathers-authentication-client for an existing API? #478
  • app.authenticate error : UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2): * Error * #476
  • Make socket.feathers data available in authentication hooks #475
  • Allow the authenticate hook to be called with no parameters #473
  • Authenticate : How to return more infos ? #471

Merged pull requests:

  • Use latest version of feathers-authentication-client #480 (daffl)
  • Resolves #475 - Socket params are made available to authentication hooks #477 (thomas-p-wilson)

v1.2.1 (2017-04-07)

Full Changelog

Fixed bugs:

  • failureRedirect is never used when using with oauth2 #387

Closed issues:

  • OAuth guides #470
  • app.authenticate not working #466
  • how can I logout using local authentication? #465
  • How to do Socket.io Authentication #462
  • Add event filtering by default (socket.io) #460
  • Add ability to control if socket is marked as authenticated. #448
  • Auth redirect issue #425
  • E-mail verification step can be bypassed using Postman or Curl #391
  • Example app #386

Merged pull requests:

v1.2.0 (2017-03-23)

Full Changelog

Fixed bugs:

  • 1.0 authentication service hooks don't run when client uses feathers-socketio #455
  • hook.params.provider is not set when calling client.authenticate\(\) #432
  • remove method failed with JsonWebTokenError: invalid token #388

Closed issues:

  • Token creation has side effect #454
  • Question: When is userId set? #453
  • How to authenticate SPA? More precisely how does the redirect works? #451
  • POST to auth/facebook for FacebookTokenStrategy 404? #447
  • feathers-authentication 1.1.1 No auth token #445
  • Another readme incorrect and maybe docs to #441
  • Readme incorrect and maybe docs to #440
  • npm version issue? #439
  • setCookie express middleware only works inside hooks #438
  • createJWT throws 'secret must provided' #437
  • Not useful error message on NotAuthenticated error #436
  • Passwordfeld in auth.local does not work as expected #435
  • Authentication via REST returns token without finding user on db #430

Merged pull requests:

v1.1.1 (2017-03-02)

Full Changelog

Closed issues:

  • Authentication over socket.io never answers #428

Merged pull requests:

  • Remove lots of hardcoded values for config, and adds the authenticate hook #427 (myknbani)

v1.1.0 (2017-03-01)

Full Changelog

Fixed bugs:

  • Mongo update error after logging into Facebook #244

Closed issues:

  • Feature Request: Anonymous Authentication Strategy Support #423
  • Error is not thrown if token that is provided is invalid #421
  • Request body 'token' parameter disappears #420
  • Auth2 issue getting JWT token from server when different ports #416
  • Cookie-based authentication with XHR is not possible #413
  • JWT Authentication setup failing #411
  • how to disable service for external usage in version 1.0 #410
  • v1.0 is removed from npm? #408
  • Make JWT data more configurable #407
  • Possible typo #406
  • Authentication with an existing database with existing hashed (md5) passwords #398
  • can modify selected fields only #397
  • [Discussion] Migrating to 1.0 - hook changes #396
  • feathers-authentication 'local' strategy requires token? #394
  • JWT for local auth. #390
  • Feathers 'Twitter API' style #385
  • Missing code in example app #383
  • feathers-authentication errors with any view error, and redirects to /auth/failure #381
  • what does app.service('authentication').remove(...) mean? #379
  • Rest Endpoints. #375
  • cordova google-plus signUp with id_token #373
  • How to reconnect socket with cookie after page refresh ? #372
  • Error: Could not find stored JWT and no authentication strategy was given #367
  • "No auth token" using authenticate strategy: 'jwt' (v.1.0.0-beta-2) #366
  • Navigating to /auth/<provider> twice redirects to /auth/failed #344
  • Meteor auth migration guide #334
  • Auth 1.0 #330
  • RSA token secret #309
  • Add option to use bcrypt #300
  • Better example of how to change hashing algorithm? [Question] #289
  • issuer doesn't work #284
  • passport auth question #274
  • Add support for authenticating active users only #259
  • 404 response from populateUser() hook #258
  • Responses hang when token.secret is undefined for local authentication #249
  • Authentication without password #246
  • Fix successRedirect to not override cookie path #243
  • Deprecate verifyToken and populateUser hooks in favour of middleware #227
  • Authenticating and creating #100
  • Add a password service #83

Merged pull requests:

v1.0.2 (2016-12-14)

Full Changelog

Closed issues:

  • successRedirect not redirecting #364

v1.0.1 (2016-12-14)

Full Changelog

v1.0.0 (2016-12-14)

Full Changelog

Fixed bugs:

  • restrictToOwner does not support multi patch, update and remove #228

Closed issues:

  • auth.express.authenticate got undefined #363
  • Non-standard header structure #361
  • localEndpoint without local strategy #359
  • Using custom passport strategies #356
  • Client-side app.on('login') #355
  • Payload limiting on app.get\('user'\)? #354
  • Authentication token is missing #352
  • [1.0] The entity on the socket should pull from the strategy options. #348
  • [1.0] Only the first failure is returned on auth failure when chaining multiple strategies #346
  • Build 0.7.11 does not contain current code on NPMJS #342
  • feathers-authentication branch 0.8 did not work with payload (tested on socket) #264
  • Add method for updating JWT #260
  • 1.0 architecture considerations #226
  • Features/RFC #213
  • Support access_token based OAuth2 providers #169
  • Support openID #154
  • Disable cookie by default if not using OAuth #152
  • Add token service tests #144
  • Add local service tests #143
  • Add OAuth2 service tests #142
  • Add OAuth2 integration tests #141
  • Add integration tests for custom redirects #125
  • Support mobile authentication via OAuth1 #47
  • Support OAuth1 #42
  • Password-less Local Auth with Email / SMS #7

Merged pull requests:

v0.7.12 (2016-11-11)

Full Changelog

Closed issues:

  • App.authenticate uses wrong this reference #341
  • Getting more done in GitHub with ZenHub #331
  • Need help to use feathers authentication storage in vue vuex #329
  • How to get user id in hooks? #322
  • I checked out my new feathersjs app in another machine, created a new user but I can't log in! #320
  • restrict-to-owner throws error when user id is 0 #319
  • Not providing sufficient details for an auth provider should not be an error. #318
  • [Question] Is there a way to verify a user with password? #316
  • 0.8.0 beta 1 bug - this is not defined #315
  • Client: Document getJWT & verifyJWT #313
  • Socket client should automatically auth on reconnect #310
  • app.get('token') doesn't work after a browser refresh. #303
  • Problem issuing multiple jwt's for the same user #302
  • restrict-to-owner does not allow Service.remove(null) from internal systems #301
  • How to migrate from restrictToOwner to checkPermissions #299
  • "username" cannot be used as local strategy usernameField #294
  • Bad Hook API Design: Hooks are inconsistent and impure functions #288
  • Mutliple 'user' models for authentication #282
  • Client should ensure socket.io upgrade is complete before authenticating #275
  • JWT is not sent after socket reconnection #272
  • 401 after service is moved/refactored #270
  • Client side auth should subscribe to user updates so that app.get('user') is fresh #195
  • Make oauth2 more general #179
  • Add integration tests for custom service endpoints #145
  • Create a requireAuth wrapper for verifyToken, populateUser, restrictToAuth #118

Merged pull requests:

v0.7.11 (2016-09-28)

Full Changelog

Closed issues:

  • Unable to authenticate with passport-google-oauth20 #295
  • "Unauthorized" Response with Hook Data #291
  • hashPassword in patch #286
  • Mobile App Facebook Login #276
  • Socket user should update automatically #266
  • Get user outside a service #261

Merged pull requests:

v0.7.10 (2016-08-31)

Full Changelog

Fixed bugs:

  • restrictToOwner should not throw an error on mass deletions #175

Closed issues:

  • Duplicate Email should be rejected by Default #281
  • Auth0 & featherjs authorization only #277
  • Cannot read property 'scope' of undefined #273
  • Socker.js | Custom successHandler #271
  • Use feathers-socketio? and rest&socket share session maybe? #269
  • Ability to invalidate old token/session when user login with another machine. #267
  • 0.8 authentication before hooks - only ever getting a 401 Unauthorised #263
  • REST Middleware breaks local auth #262
  • 0.8: Token Service errors on token auth using client #254
  • 0.8: Cookies, turning off feathers-session cookie also turns off feathers-jwt cookie. #253
  • Any example of how to do refresh token? #248
  • Custom Authentication Hooks #236
  • Is there an Authenticated Event #235
  • Error while using /auth/local #233
  • Providing token to feathers.authentication doesn't work #230
  • bundled hooks customize errors #215
  • Hooks should support a callback for conditionally running #210
  • restrictToRoles hook: More complex determination of "owner". #205
  • verifyToken hook option to error #200
  • Allow using restrictToOwner as an after hook #123

Merged pull requests:

v0.7.9 (2016-06-20)

Full Changelog

Fixed bugs:

  • Calling logout should revoke/blacklist a JWT #133

Closed issues:

  • Query email rather than oauth provider id on /auth/<provider> #223
  • Cannot read property 'service' of undefined #222

Merged pull requests:

  • added support for hashing passwords when hook.data is an array #225 (eblin)
  • jwt ssl warning #214 (aboutlo)

v0.7.8 (2016-06-09)

Full Changelog

Closed issues:

  • Feathers-authentication assumptions #220
  • Server-side header option does not accept capital letters #218
  • How to figure out why redirect to /auth/failure? #217
  • Getting token via REST is not documented #216
  • How to use Feathers Client to Authenticate Facebook/Instagram credentials #204
  • Remove token from localstorage #203
  • Check user password #193
  • app.authenticate(): Warning: a promise was rejected with a non-error: [object Object] #191
  • Authentication provider for Facebook Account Kit #189

Merged pull requests:

v0.7.7 (2016-05-05)

Full Changelog

Fixed bugs:

  • OAuth2 authentication callback failing due to missing property #196

Merged pull requests:

  • properly handle optional \_json property #197 (nyaaao)

v0.7.6 (2016-05-03)

Full Changelog

Fixed bugs:

  • Facebook Authentication should do a patch not an update. #174

Closed issues:

  • Authenticated user #192
  • REST token revoke #185
  • TypeError: Cannot read property 'service' of undefined #173
  • Optionally Include password in the params.query object passed to User.find() #171
  • Pass more to local authentication params #165
  • Support custom authentication strategies #157

Merged pull requests:

v0.7.5 (2016-04-23)

Full Changelog

Fixed bugs:

  • restrictToOwner and restrictToRoles have invalid type checking #172

Closed issues:

  • user fails to signup with facebook if there is also local auth #168
  • Unable to authenticate requests when using vanilla Socket.IO #166

v0.7.4 (2016-04-18)

Full Changelog

Fixed bugs:

  • restrictToOwner and restrictToRoles hooks don't work with nested models #163
  • Change restrictToOwner error when a request does not contain ID #160

Closed issues:

  • authenticate() can leak sensetive user data via token service #162
  • onBeforeLogin Hook #161

Merged pull requests:

v0.7.3 (2016-04-16)

Full Changelog

v0.7.2 (2016-04-16)

Full Changelog

Closed issues:

  • Auth doesn't work with non default local.userEndpoint #159
  • Automatically add the hashPassword hook to local.userEndpoint #158
  • Client authentication() storage option not documented #155
  • restrictToRoles availability inconsistency #153
  • Does not populate user for other services #150

Merged pull requests:

v0.7.1 (2016-04-08)

Full Changelog

Closed issues:

  • Documentation discrepancies #148
  • bcrypt is hardcoded #146
  • Update Docs, Guides, Examples for v0.7 #129
  • populateUser: allow option to populate without db call. #92

Merged pull requests:

v0.7.0 (2016-03-30)

Full Changelog

Fixed bugs:

  • logout should de-authenticate a socket #136
  • [Security] JsonWebToken Lifecycle Concerns; Set HttpOnly = true in JWT cookie #132
  • restrictToRoles hook needs to throw an error and not scope the query #128
  • restrictToOwner hook needs to throw an error and not scope the query #127
  • [security] Generated tokens are broadcast to all socket clients (by default) #126
  • [oAuth] User profile should be updated every time they are authenticated #124
  • Logout should clear the cookie #122
  • Want the default success/fail routes, not the sendFile #121

Closed issues:

  • Make all hooks optional if used internally #138
  • Throw errors for deprecated hooks and update documentation #134
  • v6.0.0: How can I return the user object along with the token ? #131
  • user field not getting populated #119
  • Move to bcryptjs #112
  • Bundled hooks should pull from auth config to avoid having to pass duplicate props. #93
  • Customize the JWT payload #78
  • Needs a test for verifying that a custom tokenEndpoint works. #59
  • Finish test coverage for existing features. #9

Merged pull requests:

v0.6.0 (2016-03-24)

Full Changelog

Fixed bugs:

  • Token encoding is not using the idField option. #107
  • Logging out breaks in React Native #105
  • Updating User Attached to Params in Client #102
  • local auth should not redirect by default #89

Closed issues:

  • Id of user can't be 0 for auth #116
  • how to authenticate user in the socket.io? #111
  • Wrong Status Error #110
  • TypeError: Cannot read property 'service' of undefined (continued) #108
  • idField breaks from tokenService.create\(\) to populateUser\(\) after hook #103

Merged pull requests:

v0.5.1 (2016-03-15)

Full Changelog

v0.5.0 (2016-03-14)

Full Changelog

Fixed bugs:

  • Client should store token string and not the token object #95

Closed issues:

  • using feathers-rest/client with feathers-authentication/client #94
  • populateUser can pull defaults from config, if available. #91
  • App level auth routes for multiple sub-routes #90
  • POST to /auth/local never gets response #88
  • populate-user.js do not get settings #86
  • Add rate limiting #81

Merged pull requests:

v0.4.1 (2016-02-28)

Full Changelog

Fixed bugs:

  • app.logout() fails #85

Closed issues:

  • Username response ? #84
  • User doesn't get populated after authentication with databases that don't use _id #71
  • Support client usage in NodeJS #52
  • Support async storage for React Native #51
  • RequireAdmin on userService #36
  • Create test for changing the usernameField #1

v0.4.0 (2016-02-27)

Full Changelog

Closed issues:

  • Authentication not worked with hooks.remove('password') #82

Merged pull requests:

v0.3.5 (2016-02-25)

Full Changelog

Merged pull requests:

  • Adding support for OAuth2 token based auth strategies. Closes #46. #77 (ekryski)

v0.3.4 (2016-02-25)

Full Changelog

v0.3.3 (2016-02-25)

Full Changelog

v0.3.2 (2016-02-24)

Full Changelog

Merged pull requests:

v0.3.1 (2016-02-23)

Full Changelog

Closed issues:

  • Fix toLowerCase hook #74
  • REST auth/local not working if socketio() not set #72
  • Support mobile authentication via OAuth2 #46

Merged pull requests:

v0.3.0 (2016-02-19)

Full Changelog

Fixed bugs:

  • Don't register successRedirect route if custom one is passed in #61

Closed issues:

  • Specify the secret in one place instead of two #69
  • support a failRedirect #62
  • Document authentication updates #50

Merged pull requests:

v0.2.4 (2016-02-17)

Full Changelog

Closed issues:

  • Find "query" is replaced by token #64

Merged pull requests:

  • Add module exports Babel module and test CommonJS compatibility #68 (daffl)

v0.2.3 (2016-02-15)

Full Changelog

Closed issues:

  • How to forbid get and find on the userEndpoint? #66
  • userEndpoint problem in sub-app #63
  • How to modify successRedirect in local authentication? #60

Merged pull requests:

v0.2.2 (2016-02-13)

Full Changelog

Closed issues:

  • Custom tokenEndpoint failing #57
  • TypeError: Cannot read property 'service' of undefined #56
  • Login returns 500: Internal server error #54

Merged pull requests:

v0.2.1 (2016-02-12)

Full Changelog

Closed issues:

  • Custom local options not being respected. #55
  • node can not require("feathers-authentication").default #53

v0.2.0 (2016-02-12)

Full Changelog

Closed issues:

  • Support graceful fallback to cookies #45
  • Add a client side component for authentication #44
  • Support OAuth2 #43
  • Support token based authentication #41
  • Support local authentication #40
  • Only sign the JWT with user id. Not the whole user object #38
  • Discussion: Securing token for socket.io auth #33
  • Handling expired tokens #25
  • Support multiple auth providers #6

Merged pull requests:

v0.1.2 (2016-02-04)

Full Changelog

Closed issues:

  • Hooks should support incoming data as arrays of objects. #34
  • Support authenticating with Username and Password via sockets #32

Merged pull requests:

v0.1.1 (2016-01-30)

Full Changelog

v0.1.0 (2016-01-25)

Full Changelog

Closed issues:

  • Get the Travis build to work. #27
  • Login not working #24
  • Hooks should be configurable (they should be functions) #11
  • Document the bundled hooks. #10

Merged pull requests:

v0.0.8 (2016-01-16)

Full Changelog

Merged pull requests:

v0.0.7 (2016-01-07)

Full Changelog

Closed issues:

  • Password isn't removed from responses when using a mongoose service for users endpoint #19
  • next called twice using socket.io and using an unauthenticated service #17
  • Switch to a callback-based field configuration? #15
  • Cannot authenticate #14
  • Allow require without .default #13
  • Login validation #2

Merged pull requests:

  • Adding separate route for refreshing a login token. #21 (corymsmith)
  • Converting user model to object when using mongoose service #20 (corymsmith)
  • Fixing issue where next is called twice when hitting an unauthenticated service via socket.io #18 (corymsmith)
  • Fixing usage of mongoose service #16 (corymsmith)

v0.0.6 (2015-11-22)

Full Changelog

Closed issues:

  • Feathers Auth Configuration Error #12
  • Make sure we're returning proper error responses. #8

v0.0.5 (2015-11-19)

Full Changelog

v0.0.4 (2015-11-19)

Full Changelog

v0.0.3 (2015-11-18)

Full Changelog

Merged pull requests:

v1.0.6 (2015-11-02)

Full Changelog

v1.0.5 (2015-11-02)

Full Changelog

v1.0.4 (2015-11-02)

Full Changelog

v1.0.3 (2015-10-12)

* This Change Log was automatically generated by [githubchangelog_generator](https://github.com/skywinder/Github-Changelog-Generator)_