How can I verify a user by local strategy on client without real authentication?

[flight9]

How can I verify a user by username/password(like local strategy) on client without call authenticate() to really login?

[daffl]

If I understand correctly, that is not possible. Only the server knows the actual hashed password to compare the credentials against. You could call app.service('authentication').create({ strategy: 'local', email, password }) which will not authenticate your application (but return an access token).

[flight9]

@daffl I'm using vuex on client and I can't get service('authentication') directly, I tried this:

...mapActions('authentication', {createAuthentication: 'create'}),

but failed with error: [vuex] module namespace not found in mapActions(): authentication/

[flight9]

I found in feathers-vuex a feathersClient which can help me get service on client:

import feathersClient from '@/api/feathers-client'

const authService = feathersClient.service('/authentication')
  let res = await authService.create({
    strategy: 'local',
    email,
    password
  })

@daffl But then another question is even if I pass in a wrong email or password, the create() will always return an accessToken, that can't help me verify an invalid user.

Is the state that I'm logining as user A, and use the code above to verify user B, affect the result of create()?

[flight9]

I have to logout first, then use service('authentication').create() or auth/authenticate() to verify or authenticate a user.

@daffl thanks for your reply.

Though I find a way to bypass the limit, I think there still maybe some scenarios when a logined user need to verify whether another account is a valid account.

[daffl]

Yes. This is a known issue and tracked in feathersjs/feathers#1017. Closing this one since this repository will be moved.