Feathers: custom authentication, service vs. connection level

hansonhill Source

I'd like to use a simple but custom authentication routine with feathers, but fail to do understand how to implement it.

The requirement: Every client connection (websocket or REST) should have to provide a session token (which I establish by other means and which is saved as a cookie). A server middleware verifies this session token (against a service), adds a user object if successful, or drops connection otherwise.

Am I correct that this is not possible to implement feathers-authenticate? The official authentication documentation centers around JWT and does not mention any method that does not rely on passport.

It may be possible using app hooks, e.g. a before app level hook. But that would still allow users to establish a, e.g. websocket connection, because the authentication is only on the service level, right? I don't think that's ideal. I want my authentication to run on establishing a connection (websocket, or also HTTP for REST), and drop right there when unsuccessful.

Can I do this with feathers?



answered 7 months ago hansonhill #1

I solved this by adding authentication to the primus connection:

        transformer: "websockets"
      function(primus) {
        primus.use("cookies", cookieParser, 1);
        primus.authorize(async (req, done) => {
          try {
            done(await authenticateRequest(req));
          } catch (err) {

comments powered by Disqus