0

Im looking for an authentication system where the user submits to an enpoint and a jwt is generated at this endpoint, im not sure how to implement this, my client side application does not make use of email address or stored information, it is in fact a dApp. I just need an endpoint that will calculate a value from a supplied seed phrase and a password if the processing of these values goes well ( and it nearly always will unless someone sends junk to the endpoint) then a jwt will be issued.. so far the out of box functionality with feathers cli means that i need to use local strategy and need an email address, I cant find any demos out there on this.. anyone got any pointers ? so far my auth is pretty default

const authentication = require('@feathersjs/authentication');
const jwt = require('@feathersjs/authentication-jwt');
const local = require('@feathersjs/authentication-local');


module.exports = function (app) {
  const config = app.get('authentication');

  // Set up authentication with the secret
  app.configure(authentication(config));
  app.configure(jwt());
  app.configure(local());

  // The `authentication` service is used to create a JWT.
  // The before `create` hook registers strategies that can be used
  // to create a new valid JWT (e.g. local or oauth2)
  app.service('authentication').hooks({
    before: {
      create: [
        authentication.hooks.authenticate(config.strategies)
      ],
      remove: [
        authentication.hooks.authenticate('jwt')
      ]
    }
  });
};

and heres my service:

// Initializes the `aerAuth` service on path `/userauthendpoint`
const createService = require('feathers-memory');
const hooks = require('./userauthendpoint.hooks');

module.exports = function (app) {

  const paginate = app.get('paginate');

  const options = {
    name: 'userauthendpoint',
    paginate
  };

  // Initialize our service with any options it requires
  app.use('/userauthendpoint', createService(options) );

  // Get our initialized service so that we can register hooks and filters
  const service = app.service('userauthendpoint');

  service.hooks(hooks);
};

I am relatively new to feathers but not to building auth systems (in PHP)

Kravitz
  • 2,769
  • 6
  • 26
  • 53

1 Answers1

1

The Custom authentication strategy guide and the feathers-authentication-custom plugin probably allow to do what you are looking for.

It also depends on how you want to implement this. You can either use the custom strategy for every service (as in the case of the API key which has to be sent in the header with every request) or just before the /authentication service to allow creating a JWT (the issue here is that it needs to reference a userId or other entityId that exists in the database which you don't have).

The easiest way would be to go with the first options and a custom header (X-DAP-PASSWORD) which could look like this:

const custom = require('feathers-authentication-custom');

app.configure(authentication(settings));
app.configure(custom((req, done) => {
  const password = req.headers['x-dap-password'];

  if(checkPassword(req.app.get('seedPassphrase'), password)) {
    // implement your own custom logic for loading and verifying the user
      done(null, user);
  } else {
    done(new Error('Invalid passphrase'));
  }
}));
Daff
  • 43,734
  • 9
  • 106
  • 120