Feathers: custom authentication, service vs. connection level

Question

I'd like to use a simple but custom authentication routine with feathers, but fail to do understand how to implement it.

The requirement: Every client connection (websocket or REST) should have to provide a session token (which I establish by other means and which is saved as a cookie). A server middleware verifies this session token (against a service), adds a user object if successful, or drops connection otherwise.

Am I correct that this is not possible to implement feathers-authenticate? The official authentication documentation centers around JWT and does not mention any method that does not rely on passport.

It may be possible using app hooks, e.g. a before app level hook. But that would still allow users to establish a, e.g. websocket connection, because the authentication is only on the service level, right? I don't think that's ideal. I want my authentication to run on establishing a connection (websocket, or also HTTP for REST), and drop right there when unsuccessful.

Can I do this with feathers?

score 0 · Answer 1 · answered Feb 13 '18 at 15:54

I solved this by adding authentication to the primus connection:

  feathersApp.configure(
    primus(
      {
        transformer: "websockets"
      },
      function(primus) {
        primus.use("cookies", cookieParser, 1);
        primus.authorize(async (req, done) => {
          try {
            done(await authenticateRequest(req));
          } catch (err) {
            done(err);
          }
        });
      }
    )
  );

Feathers: custom authentication, service vs. connection level

1 Answers1