Code Monkey home page Code Monkey logo

api-plugin-authentication's People

Contributors

akarshit avatar aldeed avatar brent-hoover avatar delagroove avatar dependabot[bot] avatar focusaurus avatar kieckhafer avatar mikemurray avatar mohannarayana avatar samkelleher avatar tedraykov avatar vannguyenn avatar

Stargazers

 avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

api-plugin-authentication's Issues

Cannot find module '@accounts/magic-link'

Using version v2.2.2 seems to have an install issue. The npm install phase will run normally, however when Reaction starts, fails to load. Perhaps a peer-depdendency is missing.

Error: Cannot find module '@accounts/magic-link'
  Require stack:
  - /reaction-core/node_modules/@reactioncommerce/api-plugin-authentication/node_modules/@accounts/graphql-api/lib/modules/accounts-magic-link/index.js
      at Function.Module._resolveFilename (node:internal/modules/cjs/loader:924:15)
      at Function.Module._load (node:internal/modules/cjs/loader:769:27)
      at Module.require (node:internal/modules/cjs/loader:996:19)
      at require (node:internal/modules/cjs/helpers:92:18)
      at Object.<anonymous> (/reaction-core/node_modules/@reactioncommerce/api-plugin-authentication/node_modules/@accounts/graphql-api/lib/modules/accounts-magic-link/index.js:7:22)
      at Module._compile (node:internal/modules/cjs/loader:1092:14)
      at Object.Module._extensions..js (node:internal/modules/cjs/loader:1121:10)
      at Module.load (node:internal/modules/cjs/loader:972:32)
      at Function.Module._load (node:internal/modules/cjs/loader:813:14)
      at Module.require (node:internal/modules/cjs/loader:996:19)

Can't refresh tokens when access token is expired

In order to refresh an expired access token, the accounts js schema provides the refreshTokens mutation. The problem is that before the request for refreshing the auth token can be executed by accountsjs, the flow goes through a middleware that gets the user for the session if the authorization header is present:

From the client-side there is no easy way to make refreshTokens request without adding the Authorization header (The accountsjs client automatically adds the header) and the solution to this problem is to introduce a change in the authentication plugin.

Currently, we have the following scenario:
When we have an expired access token and a valid refresh token, we make a refreshTokens request.
The expired access token is added to the headers non the less

image

The refreshing fails because the request fails even before it had reached the accountsjs logic for refreshing.
The correct workflow should be as follows:

image

If the provided Authorization header is expired, proceed with the execution of the code as if no header was added. In other words, it should skip the provided token in the Authorization header before it tries to get the user session.

Deprecate original npm package

This plugin was originally created as plugin-authentication, but the name has been updated to include the api prefix.

We need to deprecate the original package on npm.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.