Loopback-next: Authentication example is not working
Hi, I'm having a really hard time to implement the authorization in lb4.
I've followed the example in @loopback/authentication package and I'm getting a TypeError:
Unhandled error in GET /ping: 500 TypeError: self.fail is not a function
at verified (project\node_modules\passport-http\lib\passport-http\strategies\basic.js:90:30)
passport-http\strategies\basic.js
function verified(err, user) {
if (err) { return self.error(err); }
if (!user) { return self.fail(self._challenge()); }
self.success(user);
}
As far as I can tell the self.fail / self.error / self.success functions are implemented in middleware/authenticate.js and they should be defined since the BasicStrategy extend the generic strategy.
I could not find any related error in passport packages so I guess it come from the typing definitions of lb4 application.
Can someone point me the right direction to fix this? Thanks in advance.
b4dnewz
All 8 comments
actually it extends the Strategy defined in the module passport-strategy, see the code below
//node_modules/passport-strategy/lib/strategy.js
/**
* Creates an instance of `Strategy`.
*
* @constructor
* @api public
*/
function Strategy() {
}
/**
* Authenticate request.
*
* This function must be overridden by subclasses. In abstract form, it always
* throws an exception.
*
* @param {Object} req The request to authenticate.
* @param {Object} [options] Strategy-specific options.
* @api public
*/
Strategy.prototype.authenticate = function(req, options) {
throw new Error('Strategy#authenticate must be overridden by subclass');
};
/**
* Expose `Strategy`.
*/
module.exports = Strategy;
The only place I have seen the fail, error, success implemented is in middleware/authenticate.js which doesn't seem to be used anywhere in loopback. It seems the Strategy.prototype.authenticate is expected to be called here, because the fail, error, success get augemented.
anjorinjnr
on 14 May 2019
@jannyHou @emonddr , could you PTAL? Thanks.
dhmlau
on 14 May 2019
@anjorinjnr from what I understood of passport the Strategy needs to be called from within passport to be extended on runtime with the fail, error and success method.
Right now based on the example provided in the loopback/authentication readme it would not work, or I am wrong?
b4dnewz
on 14 May 2019
@b4dnewz , @anjorinjnr , @sureshkodur
Apologies for the broken example, we are in the midst of landing different PRs which
are updating @loopback/authentication .
feat: resolve authentication strategy registered via extension point landed in early May and it was a breaking change.
Draft:Changes to passport strategy adapter will be updating how passport strategies are handled given the new authentication strategy interface. We are exploring a few options right now. Once things have been decided, the documentation you mention will be updated.
refactor shopping cart example to utilize latest @loopback/authentication module is also in the works at the moment.
So please stay tuned...
:)
emonddr
on 14 May 2019
hi @emonddr, may I ask you which version is prior (and working) to the changes you listed above? To be more precise, the version before the PR that will work with the example code in the readme.
I would like to keep developing the API (which is mostly private and depends from jwt authentication) with the old version of @loopback/authentication until the new version comes out and hopefully I only have to update few authentication related files to integrate it.
It's still a long way (for me) to finish the refactoring of this company api from express to lb4 and I would like to keep working on it even if authentication is not production ready right now.
Many thanks in advance.
b4dnewz
on 15 May 2019
@b4dnewz We created a small loopback4 extension here supporting 3 passport based strategies, following the loopback guidelines here.
You can refer to the implementation of the extension for further details. I am in process of updating usage guidelines for this extension. It will be there in a day or so. Meanwhile, you can take a cue from the implementation. Hope that helps.
samarpanB
on 15 May 2019
Update :
@loopback/authentication documentation changes still in the works, and passport support still in the works.
However, loopback4-example-shopping application was updated to use @loopback/authentication 2.x and is working.
https://github.com/strongloop/loopback4-example-shopping
:)
emonddr
on 6 Jun 2019
@b4dnewz ,
Here is the latest authentication documentation : https://loopback.io/doc/en/lb4/Loopback-component-authentication.html .
The main authentication npm module is still : @loopback/authentication
The passport-related stuff is now in its own npm module : @loopback/authentication-passport
(The documentation is in the README.MD)
Or you can get it here : https://github.com/strongloop/loopback-next/tree/labs/passport-adapter/labs/authentication-passport
Please update to the latest loopback CLI : @loopback/cli .
emonddr
on 25 Jun 2019
Related issues
acrodrig
路
3Comments
mhdawson
路
3Comments
dericgw
路
3Comments
cloudwheels
路
3Comments
HamzaMansouri7
路
3Comments
Most helpful comment
@b4dnewz , @anjorinjnr , @sureshkodur
Apologies for the broken example, we are in the midst of landing different PRs which
are updating @loopback/authentication .
feat: resolve authentication strategy registered via extension point landed in early May and it was a breaking change.
Draft:Changes to passport strategy adapter will be updating how passport strategies are handled given the new authentication strategy interface. We are exploring a few options right now. Once things have been decided, the documentation you mention will be updated.
refactor shopping cart example to utilize latest @loopback/authentication module is also in the works at the moment.
So please stay tuned...
:)