reactioncommerce / api-plugin-authentication Goto Github PK
View Code? Open in Web Editor NEWAuthentication plugin for the Reaction API
License: Apache License 2.0
Authentication plugin for the Reaction API
License: Apache License 2.0
Using version v2.2.2 seems to have an install issue. The npm install phase will run normally, however when Reaction starts, fails to load. Perhaps a peer-depdendency is missing.
Error: Cannot find module '@accounts/magic-link'
Require stack:
- /reaction-core/node_modules/@reactioncommerce/api-plugin-authentication/node_modules/@accounts/graphql-api/lib/modules/accounts-magic-link/index.js
at Function.Module._resolveFilename (node:internal/modules/cjs/loader:924:15)
at Function.Module._load (node:internal/modules/cjs/loader:769:27)
at Module.require (node:internal/modules/cjs/loader:996:19)
at require (node:internal/modules/cjs/helpers:92:18)
at Object.<anonymous> (/reaction-core/node_modules/@reactioncommerce/api-plugin-authentication/node_modules/@accounts/graphql-api/lib/modules/accounts-magic-link/index.js:7:22)
at Module._compile (node:internal/modules/cjs/loader:1092:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1121:10)
at Module.load (node:internal/modules/cjs/loader:972:32)
at Function.Module._load (node:internal/modules/cjs/loader:813:14)
at Module.require (node:internal/modules/cjs/loader:996:19)
Reaction has a .nvmrc
with node 14.11.0 which does not support named exports.
Solution: bump version in main package
When shifting from dev to prod mode in local, because of different secret, the session is lost and the authentication fails.
In order to refresh an expired access token, the accounts js schema provides the refreshTokens
mutation. The problem is that before the request for refreshing the auth token can be executed by accountsjs, the flow goes through a middleware that gets the user for the session if the authorization header is present:
From the client-side there is no easy way to make refreshTokens
request without adding the Authorization
header (The accountsjs client automatically adds the header) and the solution to this problem is to introduce a change in the authentication plugin.
Currently, we have the following scenario:
When we have an expired access token and a valid refresh token, we make a refreshTokens
request.
The expired access token is added to the headers non the less
The refreshing fails because the request fails even before it had reached the accountsjs logic for refreshing.
The correct workflow should be as follows:
If the provided Authorization header is expired, proceed with the execution of the code as if no header was added. In other words, it should skip the provided token in the Authorization
header before it tries to get the user session.
This plugin was originally created as plugin-authentication
, but the name has been updated to include the api
prefix.
We need to deprecate the original package on npm.
After some discussion, we've decided to prefix our API plugins with the work api
.
This plugin needs to be updated to be api-plugin-authentication
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.