Couldn't store jwt token in cookies

[tention]

Steps to reproduce

Setup a new project with feathers-authentication-local and feathers-authentication-oauth2 with the latest pre release. Create a simple page using feathers-authentication-client to authenticate.

Simulate the process of login through facebook through http://localhost:3030/auth/facebook. Once logged in a cookies was created with the jwt token but not localStorage. Tried the same with local, a jwt token was created in localStorage but not cookies. This is OK for localSotrage as it is stored through my React code.

Cookies was enabled in default.json.

"cookie": {
"enabled": true,
"name": "feathers-jwt",
"httpOnly": false,
"secure": false,
"domain": "localhost" //replace with your actual domain or IP address
}

Expected behavior

Cookies should be created for both local and facebook

Actual behavior

Enabled debug mode, these was observed when logging through local. However the cookies is not found within developer tools (FF and Chrome).

feathers-authentication:middleware:set-cookie Running setCookie middleware with options: { enabled: true,
name: 'feathers-jwt',
httpOnly: false,
secure: false,
domain: 'localhost' } +1ms
feathers-authentication:middleware:set-cookie Clearing old 'feathers-jwt' cookie +0ms
feathers-authentication:middleware:set-cookie Setting 'feathers-jwt' cookie with options { httpOnly: false,
secure: false,
domain: 'localhost',
expires: 2017-04-18T02:40:29.411Z } +1ms
feathers-authentication:express:expose-headers Exposing Express headers to hooks and services +40ms
feathers-authentication:express:expose-cookies Exposing Express cookies to hooks and services undefined +0ms

Enabled debug mode, these was observed when logging through oauth2. Cookies created within developer tools (FF and Chrome).

feathers-authentication:middleware:set-cookie Running setCookie middleware with options: { enabled: true,
name: 'feathers-jwt',
httpOnly: false,
secure: false,
domain: 'localhost' } +1ms
feathers-authentication:middleware:set-cookie Clearing old 'feathers-jwt' cookie +0ms
feathers-authentication:middleware:set-cookie Setting 'feathers-jwt' cookie with options { httpOnly: false,
secure: false,
domain: 'localhost',
expires: 2017-04-18T02:41:35.079Z } +0ms

System configuration

Tell us about the applicable parts of your setup.

Module versions (especially the part that's not working):
"feathers-authentication": "^1.2.2",
"feathers-authentication-hooks": "^0.1.2",
"feathers-authentication-jwt": "^0.3.1",
"feathers-authentication-local": "^0.3.4",
"feathers-authentication-oauth2": "^0.2.4",
"feathers-authentication-client": "^0.3.1",

NodeJS version:
v6.9.5

Operating System:
MacOS

Browser Version:
FF 45

[PavelPolyakov]

Hi,

Today started to play with authentication in feathers, and also experience that the feathers-jwt is not set.

Created another issue with the full reproduction:
feathersjs-ecosystem/authentication#514

Regards,

[ekryski]

This is a duplicate of feathersjs-ecosystem/authentication#514. Closing because this one because the other is in the right spot and has way more context. 😄

[thngdude]

I am seeing the exact same issue as described by @tention. Cookie is set for facebook auth, but not for local. I've set my client storage to localstorage.

Here are my server dependencies:

`"@feathersjs/authentication": "^2.1.3",

"@feathersjs/authentication-jwt": "^2.0.0",

"@feathersjs/authentication-local": "^1.1.1",

"@feathersjs/authentication-oauth2": "^1.0.3",

"@feathersjs/configuration": "^1.0.2",

"@feathersjs/errors": "^3.3.0",

"@feathersjs/express": "^1.2.1",

"@feathersjs/feathers": "^3.1.4",

"@feathersjs/socketio": "^3.2.0",`

Cookie config:
`"cookie": {

  "enabled": true,

  "name": "feathers-jwt",

  "httpOnly": true,

  "secure": false

}`

[daffl]

Local authentication does not have to store the token in a cookie. If you want the token in it you will have to set it manually or follow this guide.

[thngdude]

Please correct me if I'm wrong: The guide you linked shows how to parse the cookie on incoming requests to the server, so that's assuming the cookie is already set.

Would appreciate if you could clarify further, as to which of the following is correct (or both wrong):

1. By setting "cookie.enabled": true, the cookie (with jwt) should be set after any type of authentication on the server (OAuth or local).

2. It is expected that by setting "cookie.enabled": true only sets cookies following OAuth and if we want the cookie set after local auth, we need to set the cookie ourselves.

[daffl]

Feathers does not use and never reads the cookie (on the server). The only reason why it is there so that after an oAuth login we can read it on the client and set it in localStorage. Besides that there is no reason to use cookies with Feathers.

If you need to authenticate manually you either set the JWT in the Authorization for REST calls or register it with the authenticate event on a socket connection.

The guide just shows how to set and read the cookie with local server rendered authentication.