Loopback: Setting TTL to -1 immediately destroys authtoken

Created on 1 May 2017 · 7Comments · Source: strongloop/loopback

Description/Steps to reproduce

Create a model that extends the User
Set ttl to -1
Login

Expected result

Creates permanent authtoken for the logged in user

Actual result

Login fails with 401
Auth token no longer exists

Additional information

I thought that this would have been supported with this - doesn't seem to be working for me.

Checked out (these docs)[https://loopback.io/doc/en/lb3/Model-definition-JSON-file.html] - and added allowEternalTokens to the options property - still didn't work.

stale

Source

kahyoung

👍1

Most helpful comment

For the "allowEternalTokens" property to work as expected in custom models, you must set it in the "options" property of the custom model to "true". As well as setting a relationship between the custom model and "AccessToken" within "server/model-config.json"

Ex:

"AccessToken": {
        "dataSource": "db",
        "public": false,
        "relations": {
            "user": {
                "type": "belongsTo",
                "model": "CustomUser",
                "foreignKey": "userId"
            }
        }
    }

Tested in loopback 3.x

guitargfv on 6 Feb 2020

🚀2 👍2

All 7 comments

Probably a silly question but did you add allowEternalTokens to the access token model or the user model? It needs to be on the user model:

https://github.com/strongloop/loopback/blob/master/common/models/access-token.js#L163

zbarbuto on 2 May 2017

@kahyoung Hey I was having the same problem. I was missing the relations at this section:

http://loopback.io/doc/en/lb3/Authentication-authorization-and-permissions.html#access-control-with-a-single-user-model

So, I modified model-config.json that way, and everything worked perfectly.
Please refer to the comments here: https://github.com/strongloop/loopback/pull/2841
Specifically, the comment from @bajtos on March 9th, 2017.

Just in case, this is my custom user model:

{
  "name": "user",
  "base": "User",
  "idInjection": true,
  "ttl": -1,  <<<<<<<< You need to add this
  "options": {
    "allowEternalTokens": true  <<<<<<<< You need to add this
  },
  "properties": {},
  "validations": [],
  "relations": {},
  "acls": [],
  "methods": []
}

I didn't need a custom accessToken model. I just needed the custom one for user, and to add the relation at model-config.json for the AccessToken model.

Hope this helps!

juancaacuna on 30 May 2017

👍4

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 23 Aug 2017

This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.

stale[bot] on 6 Sep 2017

I Followed the same settings as ttl=-1 and allowEternalTokens = true in my extended User model. But allowEternalTokens is UNDEFINED in accessToken.js of loopback.js why??

subburaj51 on 20 Dec 2017

As an extension to @juancaacuna answer. In model-config.json the relation, from AccessToken to your custom user model, needs to be named "user".
Your custom user model can be named whatever you want, but the name of the relation needs to be "user".

ErikMartensson on 5 Mar 2018

👍2

Ex:

"AccessToken": {
        "dataSource": "db",
        "public": false,
        "relations": {
            "user": {
                "type": "belongsTo",
                "model": "CustomUser",
                "foreignKey": "userId"
            }
        }
    }

Tested in loopback 3.x

guitargfv on 6 Feb 2020

🚀2 👍2

Was this page helpful?

0 / 5 - 0 ratings