Feathers: Auth0 Authentication Strategy

Auth0 is supported by grant. So you would just add

"authentication": {
  "oauth": {
    "auth0": {
      "key": "auth0key",
      "secret": "auth0Secret"
  }
}

That should be it.

Thanks, I added auth0 to the config as you described, the user logs in using auth0's api in the client but when I send the access token I got in the header to the server - like so:
Authorization: Bearer ${access_token} all I'm getting is NotAuthenticated: Invalid authentication information. Am I missing something?

The above would allow the oAuth authentication flow for Auth0 in the browser.

If you want to verify an existing JWT issued by Auth0 you probably want to update authentication.jwtOptions and authentication.secret to the Auth0 settings (see here for more information on parsing Auth0 tokens).

Went with a previous feathers version, will try to migrate later:

const jwt = require('@feathersjs/authentication-jwt');
const jwks = require('jwks-rsa');

app.configure(jwt({secretOrKeyProvider:jwks.passportJwtSecret({
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 5,
  jwksUri: `https://URL/.well-known/jwks.json`,
}),
jwtFromRequest: jwt.ExtractJwt.fromAuthHeaderAsBearerToken(),
audience: 'http://API-URL/',
issuer: `https://URL/`, 
secret:false}));

@davidb1 I don't know if this will help you, but I've just published a first release of a package that implements a custom authentication strategy for using FeathersJS with Auth0. In particular, I developed the package to support the RS256 algorithm. AFAICT, grant does not support this algorithm well, or easily. RS256 is the algorithm recommended by Auth0 and is the one that is configured out-of-the-box for new Auth0 apps. I've tried to be as thorough as possible in describing the what, why, and how of this package in the README. I'm still testing it in actual usage, so if you do decide to use it, I'd be grateful for any feedback you might have.

I am still struggling with this... getting auth0 working is very tricky. I wish the documentation was more verbose with this.
Its also very confusing because the authentication client documentation links to an archived Github repo. Am i supposed to make use of @feathersjs/authentication-client or not?

Auth0 is redirecting back to frontend with access_token successfully, but authentication-client is not picking up the token supplied in redirect parameters (visible in address bar).

import io from 'socket.io-client';
import feathers from '@feathersjs/client';
import reduxifyServices from 'feathers-redux';
const auth = require('@feathersjs/authentication-client');
const socket = io(process.env.BACKEND_URL);
const app = feathers();
app.configure(feathers.socketio(socket));

app.configure(auth())
app.authentication.handleSocket(socket)

I tried getFromLocation(location) to retrieve the access token (it is null)

const token =  app.authentication.getFromLocation(location.href).then(token => console.log(token))

I tried the authenticate(data) method:

 app.authentication.authenticate({
        strategy: 'auth0',
        username: '[email protected]',
        password: '[email protected]'
      }).then(a=> {
        console.log(a)
      });

Where I am continuously getting the NotAuthenticated error

NotAuthenticated {type: "FeathersError", name: "NotAuthenticated", message: "Not authenticated", code: 401, className: "not-authenticated", …}

My config looks like this:

"oauth": {
      "redirect": "http://localhost:3000/auth",

      "auth0": {
        "key": "mykey",
        "secret": "secret",
        "subdomain": "domainwithAu.au"
      }
    }

Any suggestions?

hi -

i don't know if this will help or hurt, but i have been REALLY struggling
with Oauth as well. here is what i did to get both google & fb working
together over a ProxyReverse using a URL path:

./var/httpd/conf/httpd.conf:

ProxyPass http://localhost:3030/
ProxyPassReverse http://localhost:3030/

./config/default.json:

{
"host": "FEATHERSTEST.WEBSITE",
............................................
"oauth": {
"redirect" : "/feathers/",
"defaults" : {
"protocol" : "https"
},
"facebook": {
"key": "5XXXXXXXXXXXX4",
"secret": "7XXXXXXXXXXXXXXXXXXXXXX8a",
"scope": ["public_profile, email"],
"redirect_uri": "
https://FEATHERSTEST.WEBSITE/feathers/oauth/connect/facebook/callback",
"callback": "
https://FEATHERSTEST.WEBSITE/feathers/oauth/facebook/authenticate"
},
"google": {
"key": "8XXXXXXXXXXXXXXXXXXXXXXi.apps.googleusercontent.com",
"secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXi",
"redirect_uri": "
https://FEATHERSTEST.WEBSITE/feathers/oauth/connect/google/callback",
"callback": "
https://FEATHERSTEST.WEBSITE/feathers/oauth/google/authenticate",
"scope": [
"email",
"profile",
"openid"
]
}
}

index.html:

var socket = io( { transports: ['polling', 'websocket'], path: '/feathers/
socket.io' });

var feathersClient = feathers()
//.configure(feathers.hooks()) commented out with 3.0
.configure(feathers.socketio(socket))
.configure(feathers.authentication({
cookie: 'feathers-jwt'
}));

feathersClient.authenticate()
.then(response => {
console.info('Feathers Client has Authenticated with the JWT access
token!');
console.log(response);
})
.catch(error => {
console.info("We have not logged in with OAuth, yet. This means
there's no cookie storing the accessToken. As a result,
feathersClient.authenticate() failed.");
console.log(error);
});

facebook
 
google
 
logout

./src/authentication.js :

const { AuthenticationService, JWTStrategy } =
require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
const { expressOauth, OAuthStrategy } =
require('@feathersjs/authentication-oauth');

const axios = require('axios');

class FacebookStrategy extends OAuthStrategy {
async getProfile (authResult) {

const accessToken = authResult.access_token;

const { data } = await axios.get('https://graph.facebook.com/me', {
  headers: {
    authorization: `Bearer ${accessToken}`
  },
  params: {
    fields: 'id,name,email,picture'
  }
});

return data;

}

async getEntityData(profile) {

const baseData = await super.getEntityData(profile);

return {
  ...baseData,
  name:  profile.name,
  email: profile.email
};

}
}

class GoogleStrategy extends OAuthStrategy {
async getEntityData(profile) {

const baseData = await super.getEntityData(profile);

return {
  ...baseData,
  profilePicture: profile.picture,
  email: profile.email
};

}
}

module.exports = app => {
const authentication = new AuthenticationService(app);

authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
authentication.register('facebook', new FacebookStrategy());
authentication.register('google', new GoogleStrategy());

app.use('/authentication', authentication);
app.configure(expressOauth());
};

Thank you,

Mark Edwards

On Tue, Oct 1, 2019 at 3:22 AM Daniel Mason notifications@github.com
wrote:

I am still struggling with this... getting auth0 working is very tricky. I
wish the documentation was more verbose with this.
Its also very confusing because (the authentication client)[
https://docs.feathersjs.com/api/authentication/client.html#configuration]
documentation links to an archived Github repo. Am i supposed to make use
of @feathersjs/authentication-client or not?

Auth0 is redirecting back to frontend with access_token successfully, but
authentication-client is not picking up the token..

import io from 'socket.io-client';

import feathers from '@feathersjs/client';

import reduxifyServices from 'feathers-redux';

const auth = require('@feathersjs/authentication-client');

const socket = io(process.env.BACKEND_URL);

const app = feathers();

app.configure(feathers.socketio(socket));

app.configure(auth())

app.authentication.handleSocket(socket)

I tried getFromLocation(location) to retrieve the access token (it is null)

const token = app.authentication.getFromLocation(location.href).then(token => console.log(token))

I tried the authenticate(data) method:

app.authentication.authenticate({

    strategy: 'auth0',

    username: '[email protected]',

    password: '[email protected]'

  }).then(a=> {

    console.log(a)

  });

Where I am continuously getting the NotAuthenticated error

NotAuthenticated {type: "FeathersError", name: "NotAuthenticated", message: "Not authenticated", code: 401, className: "not-authenticated", …}

My config looks like this:

"oauth": {

  "redirect": "http://localhost:3000/auth",



  "auth0": {

    "key": "mykey",

    "secret": "secret",

    "subdomain": "domainwithAu.au"

  }

}

Any suggestions?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/feathersjs/feathers/issues/1374?email_source=notifications&email_token=AAWJ3YUKL2PM6FUDHUQVUETQMMQFRA5CNFSM4HP3QQL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAAYXBY#issuecomment-536972167,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWJ3YXYXQGLMV57APOA27DQMMQFRANCNFSM4HP3QQLQ
.

Thanks Mark, I have given up for now. Will go with another authentication service.

daniel - you do realize if you "give up", it's going to haunt you forever
right?? 😁

thought - pick up a $1 domain name "danielFeathersTest.info" from
NameCheap, create a google VM (or digital-ocean), install node/feathers,
run "feathers generate app;", select FB and then change the three scripts
around using my guide. if nothing else, you might find it very interesting.

it's been my experience that it is ALWAYS better to have a working example
right in front of you.

if you have any questions, you can always contact me at [email protected]

• and fwiw i feel your pain. just about all of these frameworks don't
  really have a good place to resolve stuff like what you are experiencing,
  or at least not until they are very firmly established. feathers still is
  new and has some growing pains, but its been my experience its the best
  one. and i researched quite a few.

Thank you,

Mark Edwards

On Wed, Oct 2, 2019 at 3:38 AM Daniel Mason notifications@github.com
wrote:

Thanks Mark, I have given up for now. Will go with another authentication
service.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/feathersjs/feathers/issues/1374?email_source=notifications&email_token=AAWJ3YSMYXWM35HMSFFT373QMR22ZA5CNFSM4HP3QQL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAEJ7UI#issuecomment-537436113,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWJ3YUECUDLBRRKANGOR3TQMR22ZANCNFSM4HP3QQLQ
.

A working example for Auth0 authentication has been added to the cookbook. It is the same as any other oAuth login just like the GitHub example described in the guide.