Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to user-authenticate via headers:authorization #195

Closed
jaideepdas opened this issue Dec 9, 2015 · 12 comments
Closed

Ability to user-authenticate via headers:authorization #195

jaideepdas opened this issue Dec 9, 2015 · 12 comments

Comments

@jaideepdas
Copy link

I am working on a app where I have to use phantomjs to download the view as pdf, now for phantomjs able to render the page I need to pass access_token to the api, as its a angular app using the loopback sdk. Is there a way I can set the auth_token for the app to login.

I am using https://github.com/sgentle/phantomjs-node on the server side and have tried by setting the header also like this

page.set('customHeaders', {
          Authorization: req.query.token
        });

But unable to make the app login using the token.

@davidcheung davidcheung self-assigned this Dec 11, 2015
@davidcheung
Copy link
Contributor

hi @jaideepdas, not sure if I understand your situation correctly, but you are trying to get the accessToken in Loopback, not sure if this issue is tackling the same issue.

And btw we only accept feature requests and bug reports on the github issues page
https://github.com/strongloop/loopback/wiki/Questions, if you have further questions please use the Google group
Thanks!

@jaideepdas
Copy link
Author

This is kinda feature request. To test my angular app which is auth protected I need phantom to be able to set access token. So it will be a good feature if the sdk finds a access token in the header of the request, even if we haven't used .login() function of the sdk to authenticate we can authenticate the user based on the header value if its valid.

@davidcheung
Copy link
Contributor

Sorry @jaideepdas, I have reopened the issue as it does seem like a feature request, but I'm unsure if I understand what you are suggesting. If you could clarify more of the context of the SDK feature you would like to see?
Are you saying when the Application initiates, it would also understand it is logged in as a user based on Headers:Authorization instead of session/localStorage?

@jaideepdas
Copy link
Author

I am saying how about both, we check both, if server is sending authorization then use that, if there is no authorization header but local storage has then use that.
So my use case is that I am using phantom js to capture a angular view and covert to pdf. Now as in phantom I have set the header based on the current logged in user, but the angular sdk wont consider it. So I don't have a session within phantom even though in the server I do have a session.
That is why I am suggesting that the angular sdk should take into account if authorization header is set.

@davidcheung
Copy link
Contributor

@jaideepdas right, I believe its much clearer now, instead was a poor choice of word on my end, sorry for that.

it would also understand it is logged in as a user based on Headers:Authorization instead of session/localStorage?

Okay that make sense, would you mind changing the title to something more inline of a feature request, maybe something like, and maybe to briefly describe the context of change in the description as well.

Ability to user-authenticate via headers:authorization

I believe there will also be some decision needs to be made for what receives precedence in different scenarios.
I doubt this will make it into our priority for implementation. Therefore it might be fastest for your feature to be implemented if you make a Pull request for the feature if you don't mind.

Thanks

@jaideepdas jaideepdas changed the title PhantomJS access_token set Ability to user-authenticate via headers:authorization Dec 12, 2015
@jaideepdas
Copy link
Author

regarding pull request I am not sure what you mean by that, you want me to work on this change and send a pull request ?

@davidcheung
Copy link
Contributor

@jaideepdas yes if you don't mind that would be great, then we can discuss implementation and concerns in the PR as well.

One more clarification, are you trying to bypass using the LoopBackAuth login and use the model resources methods that requires user to be logged in, correct? (this would mean we need to provide way to pass in Header Auth in all resources)

Or you are trying to become logged in state via Header:Authorization

@bajtos any thoughts?

@jaideepdas
Copy link
Author

Could you please suggest a stop gap solution so that I wrap up my task.

@davidcheung
Copy link
Contributor

@jaideepdas Sorry for the late reply, is this still an issue for you? I'm not too sure the best way to solve this

I believe you can put a workaround at https://github.com/strongloop/loopback-sdk-angular/blob/master/lib/services.template.ejs#L289-L295
perhaps something like a new function setUserByHeader() maybe before load()? To provide LoopBackAuth the info needed for setUser accessToken.id, accessToken.userId, accessToken.user.

@jaideepdas
Copy link
Author

yeah issue remains but this functionality is put on hold, but thanks for the suggestion. but shouldn't we put this feature in the sdk itself instead of people putting individual hacks.

@davidcheung
Copy link
Contributor

@jaideepdas yes we have labelled this as a feature request, but unfortunately we have quite a backlog of feature requests and bug fixes, there are no promises that this can be delivered in a timely manner.

@bajtos
Copy link
Member

bajtos commented Apr 19, 2018

Unfortunately we don't have bandwidth to implement this feature ourselves. Contributions are welcome though!

@bajtos bajtos closed this as completed Apr 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants