feathers-authentication

Add Authentication to your FeathersJS app.

feathers-authentication adds shared PassportJS authentication for Feathers HTTP REST and WebSocket transports using JSON Web Tokens.

Installation

npm install feathers-authentication@pre --save

Documentation

API

This module contains:

1. The main entry function
2. A single authenticate hook
3. The authentication service
4. Socket listeners
5. Express middleware
6. A Passport adapter for Feathers

Hooks

feathers-authentication only includes a single hook. This bundled authenticate hook is used to register an array of one or more authentication strategies on a service method.

Note: Most of the time you should be registering this on your /authentication service. Without it you can hit the authentication service and generate a JWT accessToken without authentication (ie. anonymous authentication).

app.service('authentication').hooks({
  before: {
    create: [
      // You can chain multiple strategies
      auth.hooks.authenticate(['jwt', 'local']),
    ],
    remove: [
      auth.hooks.authenticate('jwt')
    ]
  }
});

The hooks that were once bundled with this module are now located at feathers-legacy-authentication-hooks. They are completely compatible but are deprecated and will not be supported by the core team going forward.

Express Middleware

Just like hooks there is an authenticate middleware. It is used the exact same way you would the regular Passport express middleware.

app.post('/login', auth.express.authenticate('local', { successRedirect: '/app', failureRedirect: '/login' }));

These other middleware are included and exposed but typically you don't need to worry about them:

• emitEvents - emit login and logout events
• exposeCookies - expose cookies to Feathers so they are available to hooks and services
• exposeHeaders - expose headers to Feathers so they are available to hooks and services
• failureRedirect - support redirecting on auth failure. Only triggered if hook.redirect is set.
• successRedirect - support redirecting on auth success. Only triggered if hook.redirect is set.
• setCookie - support setting the JWT access token in a cookie. Only enabled if cookies are enabled.

Default Options

The following default options will be mixed in with your global auth object from your config file. It will set the mixed options back on to the app so that they are available at any time by calling app.get('authentication'). They can all be overridden and are depended upon by some of the authentication plugins.

{
  path: '/authentication', // the authentication service path
  header: 'Authorization', // the header to use when using JWT auth
  entity: 'user', // the entity that will be added to the request, socket, and hook.params. (ie. req.user, socket.user, hook.params.user)
  service: 'users', // the service to look up the entity
  passReqToCallback: true, // whether the request object should be passed to the strategies `verify` function
  session: false, // whether to use sessions
  cookie: {
    enabled: false, // whether the cookie should be enabled
    name: 'feathers-jwt', // the cookie name
    httpOnly: false, // whether the cookie should not be available to client side JavaScript
    secure: true // whether cookies should only be available over HTTPS
  },
  jwt: {
    header: { typ: 'access' }, // by default is an access token but can be any type
    audience: 'https://yourdomain.com', // The resource server where the token is processed
    subject: 'anonymous', // Typically the entity id associated with the JWT
    issuer: 'feathers', // The issuing server, application or resource
    algorithm: 'HS256', // the algorithm to use
    expiresIn: '1d' // the access token expiry
  }
}

Complementary Plugins

The following plugins are complementary but entirely optional:

• feathers-authentication-client
• feathers-authentication-local
• feathers-authentication-jwt
• feathers-authentication-oauth1
• feathers-authentication-oauth2
• feathers-authentication-hooks
• feathers-permissions

Migrating to 1.x

Refer to the migration guide.

Complete Example

Here's an example of a Feathers server that uses feathers-authentication for local auth. You can try it out on your own machine by running the example.

Note: This does NOT implement any authorization. Use feathers-permissions for that.

const feathers = require('feathers');
const rest = require('feathers-rest');
const socketio = require('feathers-socketio');
const hooks = require('feathers-hooks');
const memory = require('feathers-memory');
const bodyParser = require('body-parser');
const errors = require('feathers-errors');
const errorHandler = require('feathers-errors/handler');
const local = require('feathers-authentication-local');
const jwt = require('feathers-authentication-jwt');
const auth = require('feathers-authentication');

const app = feathers();
app.configure(rest())
  .configure(socketio())
  .configure(hooks())
  .use(bodyParser.json())
  .use(bodyParser.urlencoded({ extended: true }))
  .configure(auth({ secret: 'supersecret' }))
  .configure(local())
  .configure(jwt())
  .use('/users', memory())
  .use('/', feathers.static(__dirname + '/public'))
  .use(errorHandler());

app.service('authentication').hooks({
  before: {
    create: [
      // You can chain multiple strategies
      auth.hooks.authenticate(['jwt', 'local'])
    ],
    remove: [
      auth.hooks.authenticate('jwt')
    ]
  }
});

// Add a hook to the user service that automatically replaces
// the password with a hash of the password before saving it.
app.service('users').hooks({
  before: {
    find: [
      auth.hooks.authenticate('jwt')
    ],
    create: [
      local.hooks.hashPassword({ passwordField: 'password' })
    ]
  }
});

const port = 3030;
let server = app.listen(port);
server.on('listening', function() {
  console.log(`Feathers application started on localhost:${port}`);
});

Client use

You can use the client in the Browser, in NodeJS and in React Native.

import io from 'socket.io-client';
import feathers from 'feathers/client';
import hooks from 'feathers-hooks';
import socketio from 'feathers-socketio/client';
import localstorage from 'feathers-localstorage';
import authentication from 'feathers-authentication-client';

const socket = io('http://localhost:3030/');
const app = feathers()
  .configure(socketio(socket)) // you could use Primus or REST instead
  .configure(hooks())
  .configure(authentication({ storage: window.localStorage }));

app.authenticate({
  strategy: 'local',
  email: 'admin@feathersjs.com',
  password: 'admin'
}).then(function(result){
  console.log('Authenticated!', result);
}).catch(function(error){
  console.error('Error authenticating!', error);
});

License

Copyright (c) 2016

Licensed under the MIT license.

Change Log

Unreleased

Full Changelog

Closed issues:

• Checking hook.params.headers.authorization #552
• Ability to send token as part of URL #546
• Anonymous Authentication #544
• Quote Error #519
• [example] CustomStrategy using passport-custom #516
• [Epic] Auth 2.0.0 #513
• ID set to null - Unable to delete with customer ID field. #422
• Prefixing socket events #418
• Passwordless auth #409
• How to authenticate the application client? not only the users #405
• Multi-factor Local Auth #5

Merged pull requests:

• Update debug to the latest version 🚀 #555 (greenkeeper[bot])
• Update ws to the latest version 🚀 #549 (greenkeeper[bot])
• Update chai to the latest version 🚀 #543 (greenkeeper[bot])

v1.2.7 (2017-07-11)

Full Changelog

Closed issues:

• Connection without password #541
• email in lower case ? #538
• Im unable to ping feathers server from react native. #537
• whats the official way to open cors in feather ? #536
• Error options.service does not exist after initial auth setup #535
• LogoutTimer not being cleared correctly #532
• logoutTimer causing early logouts #404

Merged pull requests:

• fixed meta undefined error #542 (markacola)

v1.2.6 (2017-06-22)

Full Changelog

Closed issues:

• OAuth 2 login for cordova #530

Merged pull requests:

• Change cleartimeout() to lt.clearTimeout() #534 (wnxhaja)
• Update feathers-authentication-local to the latest version 🚀 #533 (greenkeeper[bot])

v1.2.5 (2017-06-21)

Full Changelog

Closed issues:

• Cannot read property 'user' of undefined - lib\socket\update-entity.js:26:104 #529
• Provider is undefined when using restrictToRoles #525
• How to make a request to an Endpoint that requires authentication from nodejs? #523

Merged pull requests:

• fixes several issues with update-entity w/ test cases #531 (jerfowler)

v1.2.4 (2017-06-08)

Full Changelog

Fixed bugs:

• User (Entity) needs to be updated on the socket after authentication #293

Closed issues:

• Express Middleware local -> jwt does not authorize on redirect #518
• Issue with feathers-authentication #512
• User Authentication Missing Credentials error (and subsequent nav authorization) #508
• passport log failure #505
• authenticate with a custom username field (rather than email) #502
• app.get('auth') vs app.get('authentication') #497
• Can't get success authorization with pure feathers server #491

Merged pull requests:

• Test and fix for authenticate event with invalid data #524 (daffl)
• Remove hook.data.payload #522 (marshallswain)
• Update socket entity #521 (marshallswain)
• Made each option, optional #515 (cranesandcaff)
• Add feathers-authentication-hooks in readme #510 (bertho-zero)
• Update ms to the latest version 🚀 #509 (greenkeeper[bot])
• Fix default authentication config keys #506 (ekryski)

v1.2.3 (2017-05-10)

Full Changelog

Closed issues:

• Validating custom express routes #498
• Payload won't include userId when logging in with stored localStorage token #496
• How to send oauth token authentication to another client server #493
• Unhandled Promise Rejection error. #489
• No Auth token on authentication resource #488
• How to verify JWT in feathers issued by another feathers instance ? #484
• hook.params.user #483
• Overriding JWT's expiresIn with a value more than 20d prevents users from signing in #458

Merged pull requests:

• Update feathers-socketio to the latest version 🚀 #503 (greenkeeper[bot])
• Update socket.io-client to the latest version 🚀 #501 (greenkeeper[bot])
• Fix issue with very large token timeout. #499 (asdacap)
• Typo #492 (wdmtech)
• Update migrating.md #490 (MichaelErmer)
• Update semistandard to the latest version 🚀 #487 (greenkeeper[bot])
• Update feathers-hooks to the latest version 🚀 #485 (greenkeeper[bot])
• Update dependencies to enable Greenkeeper 🌴 #482 (greenkeeper[bot])

v1.2.2 (2017-04-12)

Full Changelog

Fixed bugs:

• accessToken not being used when provided by client over socketio #400

Closed issues:

• Incompatible old client dependency #479
• Using feathers-authentication-client for an existing API? #478
• app.authenticate error : UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2): * Error * #476
• Make socket.feathers data available in authentication hooks #475
• Allow the authenticate hook to be called with no parameters #473
• Authenticate : How to return more infos ? #471

Merged pull requests:

• Use latest version of feathers-authentication-client #480 (daffl)
• Resolves #475 - Socket params are made available to authentication hooks #477 (thomas-p-wilson)

v1.2.1 (2017-04-07)

Full Changelog

Fixed bugs:

• failureRedirect is never used when using with oauth2 #387

Closed issues:

• OAuth guides #470
• app.authenticate not working #466
• how can I logout using local authentication? #465
• How to do Socket.io Authentication #462
• Add event filtering by default (socket.io) #460
• Add ability to control if socket is marked as authenticated. #448
• Auth redirect issue #425
• E-mail verification step can be bypassed using Postman or Curl #391
• Example app #386

Merged pull requests:

• Allow the cookie to be set if action is not remove #474 (marshallswain)

v1.2.0 (2017-03-23)

Full Changelog

Fixed bugs:

• 1.0 authentication service hooks don't run when client uses feathers-socketio #455
• hook.params.provider is not set when calling client.authenticate\(\) #432
• remove method failed with JsonWebTokenError: invalid token #388

Closed issues:

• Token creation has side effect #454
• Question: When is userId set? #453
• How to authenticate SPA? More precisely how does the redirect works? #451
• POST to auth/facebook for FacebookTokenStrategy 404? #447
• feathers-authentication 1.1.1 No auth token #445
• Another readme incorrect and maybe docs to #441
• Readme incorrect and maybe docs to #440
• npm version issue? #439
• setCookie express middleware only works inside hooks #438
• createJWT throws 'secret must provided' #437
• Not useful error message on NotAuthenticated error #436
• Passwordfeld in auth.local does not work as expected #435
• Authentication via REST returns token without finding user on db #430

Merged pull requests:

• Filter out all events #461 (daffl)
• Fix socket auth #459 (marshallswain)
• Fix #454 Token create has side effect #456 (whollacsek)
• Windows compatible version of the original compile comand with public folder support. #442 (appurist)
• Add client.js back for consistency #433 (daffl)
• add string to authenticate (typescript) #431 (superbarne)
• Add support for Bearer scheme in remove method #403 (boybundit)

v1.1.1 (2017-03-02)

Full Changelog

Closed issues:

• Authentication over socket.io never answers #428

Merged pull requests:

• Remove lots of hardcoded values for config, and adds the authenticate hook #427 (myknbani)

v1.1.0 (2017-03-01)

Full Changelog

Fixed bugs:

• Mongo update error after logging into Facebook #244

Closed issues:

• Feature Request: Anonymous Authentication Strategy Support #423
• Error is not thrown if token that is provided is invalid #421
• Request body 'token' parameter disappears #420
• Auth2 issue getting JWT token from server when different ports #416
• Cookie-based authentication with XHR is not possible #413
• JWT Authentication setup failing #411
• how to disable service for external usage in version 1.0 #410
• v1.0 is removed from npm? #408
• Make JWT data more configurable #407
• Possible typo #406
• Authentication with an existing database with existing hashed (md5) passwords #398
• can modify selected fields only #397
• [Discussion] Migrating to 1.0 - hook changes #396
• feathers-authentication 'local' strategy requires token? #394
• JWT for local auth. #390
• Feathers 'Twitter API' style #385
• Missing code in example app #383
• feathers-authentication errors with any view error, and redirects to /auth/failure #381
• what does app.service('authentication').remove(...) mean? #379
• Rest Endpoints. #375
• cordova google-plus signUp with id_token #373
• How to reconnect socket with cookie after page refresh ? #372
• Error: Could not find stored JWT and no authentication strategy was given #367
• "No auth token" using authenticate strategy: 'jwt' (v.1.0.0-beta-2) #366
• Navigating to /auth/<provider> twice redirects to /auth/failed #344
• Meteor auth migration guide #334
• Auth 1.0 #330
• RSA token secret #309
• Add option to use bcrypt #300
• Better example of how to change hashing algorithm? [Question] #289
• issuer doesn't work #284
• passport auth question #274
• Add support for authenticating active users only #259
• 404 response from populateUser() hook #258
• Responses hang when token.secret is undefined for local authentication #249
• Authentication without password #246
• Fix successRedirect to not override cookie path #243
• Deprecate verifyToken and populateUser hooks in favour of middleware #227
• Authenticating and creating #100
• Add a password service #83

Merged pull requests:

• Fix JWT options typo #415 (daffl)
• Prevent setCookie from mutating authOptions #414 (adrien-k)
• Typescript Definitions #412 (AbraaoAlves)
• Docs for migrating to auth.hooks.authenticate hook #399 (petermikitsh)
• Typo 'cookie.enable' should be 'cookie.enabled' #380 (whollacsek)
• Docs: Equalize usage of feathers-authenticate #378 (eikaramba)

v1.0.2 (2016-12-14)

Full Changelog

Closed issues:

• successRedirect not redirecting #364

Merged pull requests:

• adding a value for checking against oauth #374 (ekryski)

v1.0.1 (2016-12-14)

Full Changelog

v1.0.0 (2016-12-14)

Full Changelog

Fixed bugs:

• restrictToOwner does not support multi patch, update and remove #228

Closed issues:

• auth.express.authenticate got undefined #363
• Non-standard header structure #361
• localEndpoint without local strategy #359
• Using custom passport strategies #356
• Client-side app.on('login') #355
• Payload limiting on app.get\('user'\)? #354
• Authentication token is missing #352
• [1.0] The entity on the socket should pull from the strategy options. #348
• [1.0] Only the first failure is returned on auth failure when chaining multiple strategies #346
• Build 0.7.11 does not contain current code on NPMJS #342
• feathers-authentication branch 0.8 did not work with payload (tested on socket) #264
• Add method for updating JWT #260
• 1.0 architecture considerations #226
• Features/RFC #213
• Support access_token based OAuth2 providers #169
• Support openID #154
• Disable cookie by default if not using OAuth #152
• Add token service tests #144
• Add local service tests #143
• Add OAuth2 service tests #142
• Add OAuth2 integration tests #141
• Add integration tests for custom redirects #125
• Support mobile authentication via OAuth1 #47
• Support OAuth1 #42
• Password-less Local Auth with Email / SMS #7

Merged pull requests:

• migrating to semistandard #371 (ekryski)
• Logout should always give a response. #369 (marshallswain)
• Clarify that the authenticate hook is required. #368 (marshallswain)
• Fix README example #365 (saiberz)
• Remove additional deprecation notice #362 (porsager)
• fix typo #360 (osenvosem)
• Update feathers-primus to version 2.0.0 🚀 #358 (greenkeeperio-bot)
• Create .codeclimate.yml #357 (larkinscott)
• fixing redirect middleware #353 (ekryski)
• Remove useless quotes #351 (bertho-zero)
• A bunch of bug fixes #349 (ekryski)
• fix(docs/new-features): syntax highlighting #347 (justingreenberg)
• Update superagent to version 3.0.0 🚀 #345 (greenkeeperio-bot)
• Update feathers-memory to version 1.0.0 🚀 #343 (greenkeeperio-bot)
• 1.0 Pre-release #336 (ekryski)

v0.7.12 (2016-11-11)

Full Changelog

Closed issues:

• App.authenticate uses wrong this reference #341
• Getting more done in GitHub with ZenHub #331
• Need help to use feathers authentication storage in vue vuex #329
• How to get user id in hooks? #322
• I checked out my new feathersjs app in another machine, created a new user but I can't log in! #320
• restrict-to-owner throws error when user id is 0 #319
• Not providing sufficient details for an auth provider should not be an error. #318
• [Question] Is there a way to verify a user with password? #316
• 0.8.0 beta 1 bug - this is not defined #315
• Client: Document getJWT & verifyJWT #313
• Socket client should automatically auth on reconnect #310
• app.get('token') doesn't work after a browser refresh. #303
• Problem issuing multiple jwt's for the same user #302
• restrict-to-owner does not allow Service.remove(null) from internal systems #301
• How to migrate from restrictToOwner to checkPermissions #299
• "username" cannot be used as local strategy usernameField #294
• Bad Hook API Design: Hooks are inconsistent and impure functions #288
• Mutliple 'user' models for authentication #282
• Client should ensure socket.io upgrade is complete before authenticating #275
• JWT is not sent after socket reconnection #272
• 401 after service is moved/refactored #270
• Client side auth should subscribe to user updates so that app.get('user') is fresh #195
• Make oauth2 more general #179
• Add integration tests for custom service endpoints #145
• Create a requireAuth wrapper for verifyToken, populateUser, restrictToAuth #118

Merged pull requests:

• babel-core@6.18.2 breaks build 🚨 #339 (greenkeeperio-bot)
• 👻😱 Node.js 0.10 is unmaintained 😱👻 #337 (greenkeeperio-bot)
• restrictToOwner -Fix check for methodNotAllowed #335 (daffl)
• Implement login and logout events for REST authentication #325 (daffl)
• Socket.io authentication tests and login logout event #324 (daffl)
• Reorganization #321 (ekryski)
• client: use Authentication class, make getJWT and verifyJWT async #317 (marshallswain)
• 0.8 client decode jwt #314 (marshallswain)
• Store config at app.config #312 (marshallswain)
• Cookies will match jwt expiry by default. #308 (marshallswain)
• Remove permissions hooks and middleware #307 (daffl)
• First cut for authentication middleware #305 (daffl)
• 0.8 - OAuth fixes #304 (marshallswain)

v0.7.11 (2016-09-28)

Full Changelog

Closed issues:

• Unable to authenticate with passport-google-oauth20 #295
• "Unauthorized" Response with Hook Data #291
• hashPassword in patch #286
• Mobile App Facebook Login #276
• Socket user should update automatically #266
• Get user outside a service #261

Merged pull requests:

• hashPassword fall-through if there's no password #287 (marshallswain)
• Update feathers-memory to version 0.8.0 🚀 #285 (greenkeeperio-bot)
• Allow multiple username fields for local auth #283 (sdbondi)

v0.7.10 (2016-08-31)

Full Changelog

Fixed bugs:

• restrictToOwner should not throw an error on mass deletions #175

Closed issues:

• Duplicate Email should be rejected by Default #281
• Auth0 & featherjs authorization only #277
• Cannot read property 'scope' of undefined #273
• Socker.js | Custom successHandler #271
• Use feathers-socketio? and rest&socket share session maybe? #269
• Ability to invalidate old token/session when user login with another machine. #267
• 0.8 authentication before hooks - only ever getting a 401 Unauthorised #263
• REST Middleware breaks local auth #262
• 0.8: Token Service errors on token auth using client #254
• 0.8: Cookies, turning off feathers-session cookie also turns off feathers-jwt cookie. #253
• Any example of how to do refresh token? #248
• Custom Authentication Hooks #236
• Is there an Authenticated Event #235
• Error while using /auth/local #233
• Providing token to feathers.authentication doesn't work #230
• bundled hooks customize errors #215
• Hooks should support a callback for conditionally running #210
• restrictToRoles hook: More complex determination of "owner". #205
• verifyToken hook option to error #200
• Allow using restrictToOwner as an after hook #123

Merged pull requests:

• Manually supply an endpoint to the Client authenticate() method #278 (mcnamee)
• Update mocha to version 3.0.0 🚀 #257 (greenkeeperio-bot)
• Don’t mix options when signing tokens #255 (marshallswain)
• Attempt to get token right away. #252 (marshallswain)
• Update async to version 2.0.0 🚀 #240 (greenkeeperio-bot)
• Creates better way or returning data in a familiar format #234 (codingfriend1)
• Throws an error if restriction methods are used outside of a find or get hook #232 (codingfriend1)
• RestrictToOwner now takes an array #231 (sscaff1)
• Adds ability to limit queries unless authenticated and authorized #229 (codingfriend1)

v0.7.9 (2016-06-20)

Full Changelog

Fixed bugs:

• Calling logout should revoke/blacklist a JWT #133

Closed issues:

• Query email rather than oauth provider id on /auth/<provider> #223
• Cannot read property 'service' of undefined #222

Merged pull requests:

• added support for hashing passwords when hook.data is an array #225 (eblin)
• jwt ssl warning #214 (aboutlo)

v0.7.8 (2016-06-09)

Full Changelog

Closed issues:

• Feathers-authentication assumptions #220
• Server-side header option does not accept capital letters #218
• How to figure out why redirect to /auth/failure? #217
• Getting token via REST is not documented #216
• How to use Feathers Client to Authenticate Facebook/Instagram credentials #204
• Remove token from localstorage #203
• Check user password #193
• app.authenticate(): Warning: a promise was rejected with a non-error: [object Object] #191
• Authentication provider for Facebook Account Kit #189

Merged pull requests:

• Lowercase custom header #219 (mmwtsn)
• mocha@2.5.0 breaks build 🚨 #212 (greenkeeperio-bot)
• Small refactoring to simplify structure and remove code duplication #209 (daffl)
• Use removeItem in the storage on logout #208 (daffl)
• Misspelled in a comment #201 (tryy3)
• Update babel-plugin-add-module-exports to version 0.2.0 🚀 #199 (greenkeeperio-bot)

v0.7.7 (2016-05-05)

Full Changelog

Fixed bugs:

• OAuth2 authentication callback failing due to missing property #196

Merged pull requests:

• properly handle optional \_json property #197 (nyaaao)

v0.7.6 (2016-05-03)

Full Changelog

Fixed bugs:

• Facebook Authentication should do a patch not an update. #174

Closed issues:

• Authenticated user #192
• REST token revoke #185
• TypeError: Cannot read property 'service' of undefined #173
• Optionally Include password in the params.query object passed to User.find() #171
• Pass more to local authentication params #165
• Support custom authentication strategies #157

Merged pull requests:

• Allow manipulation of params before checking credentials #186 (saiichihashimoto)
• Update feathers to version 2.0.1 🚀 #184 (greenkeeperio-bot)
• fix(oauth2): Use patch to update user in oauthCallback #183 (beevelop)

v0.7.5 (2016-04-23)

Full Changelog

Fixed bugs:

• restrictToOwner and restrictToRoles have invalid type checking #172

Closed issues:

• user fails to signup with facebook if there is also local auth #168
• Unable to authenticate requests when using vanilla Socket.IO #166

v0.7.4 (2016-04-18)

Full Changelog

Fixed bugs:

• restrictToOwner and restrictToRoles hooks don't work with nested models #163
• Change restrictToOwner error when a request does not contain ID #160

Closed issues:

• authenticate() can leak sensetive user data via token service #162
• onBeforeLogin Hook #161

Merged pull requests:

• Hook fixes #164 (ekryski)

v0.7.3 (2016-04-16)

Full Changelog

v0.7.2 (2016-04-16)

Full Changelog

Closed issues:

• Auth doesn't work with non default local.userEndpoint #159
• Automatically add the hashPassword hook to local.userEndpoint #158
• Client authentication() storage option not documented #155
• restrictToRoles availability inconsistency #153
• Does not populate user for other services #150

Merged pull requests:

• Steal Compatibility #156 (marshallswain)

v0.7.1 (2016-04-08)

Full Changelog

Closed issues:

• Documentation discrepancies #148
• bcrypt is hardcoded #146
• Update Docs, Guides, Examples for v0.7 #129
• populateUser: allow option to populate without db call. #92

Merged pull requests:

• Update feathers-memory to version 0.7.0 🚀 #149 (greenkeeperio-bot)
• fix a typo #147 (chrjean)
• Fix copy paste typo in queryWithCurrentUser hook. #140 (juodumas)

v0.7.0 (2016-03-30)

Full Changelog

Fixed bugs:

• logout should de-authenticate a socket #136
• [Security] JsonWebToken Lifecycle Concerns; Set HttpOnly = true in JWT cookie #132
• restrictToRoles hook needs to throw an error and not scope the query #128
• restrictToOwner hook needs to throw an error and not scope the query #127
• [security] Generated tokens are broadcast to all socket clients (by default) #126
• [oAuth] User profile should be updated every time they are authenticated #124
• Logout should clear the cookie #122
• Want the default success/fail routes, not the sendFile #121

Closed issues:

• Make all hooks optional if used internally #138
• Throw errors for deprecated hooks and update documentation #134
• v6.0.0: How can I return the user object along with the token ? #131
• user field not getting populated #119
• Move to bcryptjs #112
• Bundled hooks should pull from auth config to avoid having to pass duplicate props. #93
• Customize the JWT payload #78
• Needs a test for verifying that a custom tokenEndpoint works. #59
• Finish test coverage for existing features. #9

Merged pull requests:

• 0.7 Release #139 (ekryski)

v0.6.0 (2016-03-24)

Full Changelog

Fixed bugs:

• Token encoding is not using the idField option. #107
• Logging out breaks in React Native #105
• Updating User Attached to Params in Client #102
• local auth should not redirect by default #89

Closed issues:

• Id of user can't be 0 for auth #116
• how to authenticate user in the socket.io? #111
• Wrong Status Error #110
• TypeError: Cannot read property 'service' of undefined (continued) #108
• idField breaks from tokenService.create\(\) to populateUser\(\) after hook #103

Merged pull requests:

• Bcryptjs #137 (ekryski)
• Allow user.id to be 0. Fixes #116 #117 (marshallswain)
• client should return a 401 error code when no token is provided #115 (ccummings)
• v0.6 - Bugs fixes, new hooks, and hook tests #109 (ekryski)
• primus client connect event is 'open' #106 (ahdinosaur)

v0.5.1 (2016-03-15)

Full Changelog

v0.5.0 (2016-03-14)

Full Changelog

Fixed bugs:

• Client should store token string and not the token object #95

Closed issues:

• using feathers-rest/client with feathers-authentication/client #94
• populateUser can pull defaults from config, if available. #91
• App level auth routes for multiple sub-routes #90
• POST to /auth/local never gets response #88
• populate-user.js do not get settings #86
• Add rate limiting #81

Merged pull requests:

• Finalizing client side authentication module #101 (daffl)
• Ten hours is only 36 seconds #99 (mileswilson)
• Fix examples #98 (mastertinner)
• fix html in templates #97 (mastertinner)
• update populateUser() hook #87 (kulakowka)
• Customize the JWT payload #80 (enten)

v0.4.1 (2016-02-28)

Full Changelog

Fixed bugs:

• app.logout() fails #85

Closed issues:

• Username response ? #84
• User doesn't get populated after authentication with databases that don't use _id #71
• Support client usage in NodeJS #52
• Support async storage for React Native #51
• RequireAdmin on userService #36
• Create test for changing the usernameField #1

v0.4.0 (2016-02-27)

Full Changelog

Closed issues:

• Authentication not worked with hooks.remove('password') #82

Merged pull requests:

• Refactoring for storage service #76 (ekryski)

v0.3.5 (2016-02-25)

Full Changelog

Merged pull requests:

• Adding support for OAuth2 token based auth strategies. Closes #46. #77 (ekryski)

v0.3.4 (2016-02-25)

Full Changelog

v0.3.3 (2016-02-25)

Full Changelog

v0.3.2 (2016-02-24)

Full Changelog

Merged pull requests:

• bumping feathers-errors version #79 (ekryski)

v0.3.1 (2016-02-23)

Full Changelog

Closed issues:

• Fix toLowerCase hook #74
• REST auth/local not working if socketio() not set #72
• Support mobile authentication via OAuth2 #46

Merged pull requests:

• Fix toLowerCase hook #75 (enten)

v0.3.0 (2016-02-19)

Full Changelog

Fixed bugs:

• Don't register successRedirect route if custom one is passed in #61

Closed issues:

• Specify the secret in one place instead of two #69
• support a failRedirect #62
• Document authentication updates #50

Merged pull requests:

• Config options #70 (ekryski)

v0.2.4 (2016-02-17)

Full Changelog

Closed issues:

• Find "query" is replaced by token #64

Merged pull requests:

• Add module exports Babel module and test CommonJS compatibility #68 (daffl)

v0.2.3 (2016-02-15)

Full Changelog

Closed issues:

• How to forbid get and find on the userEndpoint? #66
• userEndpoint problem in sub-app #63
• How to modify successRedirect in local authentication? #60

Merged pull requests:

• Removing assigning token to params.query for sockets. #67 (ekryski)
• Fixing client query #65 (fastlorenzo)

v0.2.2 (2016-02-13)

Full Changelog

Closed issues:

• Custom tokenEndpoint failing #57
• TypeError: Cannot read property 'service' of undefined #56
• Login returns 500: Internal server error #54

Merged pull requests:

• Fixing token endpoint #58 (marshallswain)

v0.2.1 (2016-02-12)

Full Changelog

Closed issues:

• Custom local options not being respected. #55
• node can not require("feathers-authentication").default #53

v0.2.0 (2016-02-12)

Full Changelog

Closed issues:

• Support graceful fallback to cookies #45
• Add a client side component for authentication #44
• Support OAuth2 #43
• Support token based authentication #41
• Support local authentication #40
• Only sign the JWT with user id. Not the whole user object #38
• Discussion: Securing token for socket.io auth #33
• Handling expired tokens #25
• Support multiple auth providers #6

Merged pull requests:

• Decoupling #49 (ekryski)
• Adding an auth client #48 (ekryski)
• Validate if provider #39 (mastertinner)

v0.1.2 (2016-02-04)

Full Changelog

Closed issues:

• Hooks should support incoming data as arrays of objects. #34
• Support authenticating with Username and Password via sockets #32

Merged pull requests:

• Check for params.provider in requireAuth hook #37 (marshallswain)
• safety check for data #35 (deanmcpherson)

v0.1.1 (2016-01-30)

Full Changelog

v0.1.0 (2016-01-25)

Full Changelog

Closed issues:

• Get the Travis build to work. #27
• Login not working #24
• Hooks should be configurable (they should be functions) #11
• Document the bundled hooks. #10

Merged pull requests:

• Migrate docs to book #31 (marshallswain)
• hashPassword: Async bcrypt usage needs a promise #30 (marshallswain)
• Removing extras from travis.yml #29 (marshallswain)
• Fixing build #28 (marshallswain)
• Adding nsp check #26 (marshallswain)

v0.0.8 (2016-01-16)

Full Changelog

Merged pull requests:

• Support services that use pagination. #23 (marshallswain)

v0.0.7 (2016-01-07)

Full Changelog

Closed issues:

• Password isn't removed from responses when using a mongoose service for users endpoint #19
• next called twice using socket.io and using an unauthenticated service #17
• Switch to a callback-based field configuration? #15
• Cannot authenticate #14
• Allow require without .default #13
• Login validation #2

Merged pull requests:

• Adding separate route for refreshing a login token. #21 (corymsmith)
• Converting user model to object when using mongoose service #20 (corymsmith)
• Fixing issue where next is called twice when hitting an unauthenticated service via socket.io #18 (corymsmith)
• Fixing usage of mongoose service #16 (corymsmith)

v0.0.6 (2015-11-22)

Full Changelog

Closed issues:

• Feathers Auth Configuration Error #12
• Make sure we're returning proper error responses. #8

v0.0.5 (2015-11-19)

Full Changelog

v0.0.4 (2015-11-19)

Full Changelog

v0.0.3 (2015-11-18)

Full Changelog

Merged pull requests:

• allow runtime auth via socket.io #4 (randomnerd)

v1.0.6 (2015-11-02)

Full Changelog

v1.0.5 (2015-11-02)

Full Changelog

v1.0.4 (2015-11-02)

Full Changelog

v1.0.3 (2015-10-12)

* This Change Log was automatically generated by github_changelog_generator