Skip to content
This repository has been archived by the owner on Mar 22, 2022. It is now read-only.

Is there anyway to load a secret at runtime? #671

Closed
cdrandin opened this issue Apr 26, 2018 · 3 comments
Closed

Is there anyway to load a secret at runtime? #671

cdrandin opened this issue Apr 26, 2018 · 3 comments

Comments

@cdrandin
Copy link

cdrandin commented Apr 26, 2018
edited
Loading

Steps to reproduce

I have been trying to override app.set('auth', authOptions); and app.set('authentication', authOptions);. Which none have worked authenticate('jwt') already stores what authOptions it cares about already. I could pass in the authenticate('jwt', OPTIONS_HERE), but would have to delay the whole process just to wait for the promise to return for the key.

Possibly I am going about this the wrong way.

This is how I am trying to get my key.

  const Datastore = require('@google-cloud/datastore');
  const datastore = new Datastore();
  datastore.runQuery(datastore.createQuery('Settings').select('MY_SECRET'))
  .then((res) => {
    console.log('Successfully loaded secret');
    const authOptions = app.get('authentication');

    // This doesn't using the proper secret when trying to verify JWT token
    authOptions.secret = res[0][0]['MY_SECRET'];
    app.set('auth', authOptions);
    app.set('authentication', authOptions);
    console.log('New secret:', app.get('authentication').secret);
  })

Expected behavior

The new secret should be used to throughout feathers app.

Actual behavior

The secret that was loaded in at runtime isn't being used since authenticate was called prior to loading the secret and didn't want to slow down the rest of the process.

System configs were omitted since this seems more like how do you really do it than a properly with feathers.
@daffl
Copy link
Member

daffl commented Apr 27, 2018

Have you tried setting the nested secret property?

app.get('authentication').secret = '12324';

@cdrandin
Copy link
Author

cdrandin commented Apr 27, 2018
edited
Loading

Yes, that is what I did originally and which is why the code above goes as far as to even set back the authOptions by setting it directly via app.set.

The reason why I believe it isn't working is every time I use the above code and try to use the endpoints which require jwt I always get NotAuthenticated: invalid signature. Which leads me to believe the secrets aren't matching when the hook is set using authenticate('jwt'). The secret in there is different from when I set it later.

@daffl daffl mentioned this issue Oct 6, 2018
Closed
@daffl
Copy link
Member

daffl commented May 8, 2019

Feathers v4 authentication supports dynamically setting options in a single place and at runtime.

Please see the migration guide for more information. Closing this issue in order to archive this repository. Related issues can be opened at the new code location in the Feathers main repository.

@daffl daffl closed this as completed May 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daffl @cdrandin