Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth internal redirects discard API prefixes #2031

Open
emilselroos opened this issue Jul 27, 2020 · 1 comment
Open

OAuth internal redirects discard API prefixes #2031

emilselroos opened this issue Jul 27, 2020 · 1 comment

Comments

@emilselroos
Copy link

@emilselroos emilselroos commented Jul 27, 2020

I am trying to implement Google OAuth authentication in my FeathersJS (4.5.7) application. I have an API listening to /api/v1 prefix - done by wrapping the feathers application within another express application. (Similar to this comment)

Expected behavior

Going to /api/v1/oauth/google should redirect users to /api/v1/oauth/connect/google.

Actual behavior

Redirecting to /oauth/connect/google, discarding the API prefix and leading to CANNOT GET /oauth/connect/google page.


My authentication config in config.json

"authentication": {

	"path": "/authentication",
	"entity": "account",
	"entityId": "account_id",
	"service": "accounts",
	"secret": "SECRET",
	"authStrategies": [ "jwt", "oauth" ],

	"jwtOptions": {
	  "audience": "localhost",
	  "issuer": "feathers",
	  "algorithm": "HS256",
	  "expiresIn": "1d"
	},

	"oauth": {
		"redirect": "http://localhost:3000",
		
		"defaults": {
			"protocol": "http",
			"host": "localhost",
			"path": "/oauth",
			"transport": "session",
			"state": true
			
		},
		"google": {
			"key": "KEY",
			"secret": "SECRET",
			"scope": [ "email", "profile", "openid" ],
			"nonce": true,
			"redirect_uri": "http://localhost:3030/api/v1/oauth/google/callback"
		}
	}

  }

And my authentication.js file

const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { expressOauth, OAuthStrategy } = require('@feathersjs/authentication-oauth');

class GoogleStrategy extends OAuthStrategy {
	async getEntityData (profile) {
		const baseData = await super.getEntityData(profile);

		return {
			...baseData,
			google_id: profile.googleId,
			profile_picture: profile.picture,
			email: profile.email,
			name: profile.given_name + ' ' + profile.family_name,
		}
	}

	async getRedirect(data) {
		return '/frontend';
	}
}

module.exports = app => {

	const authentication = new AuthenticationService(app);

	authentication.register('jwt', new JWTStrategy());
	authentication.register('google', new GoogleStrategy());
	
	app.use('/authentication', authentication);
	app.configure( expressOauth() );

}
@michaek
Copy link

@michaek michaek commented Oct 5, 2020

I was imagining it would be possible to pass in a path option to expressOauth, but it seems that despite merging passed settings and default before being invoked, it always reads from the configured defaults: https://github.com/feathersjs/feathers/blob/crow/packages/authentication-oauth/src/express.ts#L29 Were you thinking that the app would infer the path from its mount path?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.