OAuth depends on REST provider

[akagomez]

Steps to reproduce

• Generate an app without REST:

  ? Project name foobar
  ? Description A group voting application
  ? What folder should the source files live in? src
  ? Which package manager are you using (has to be installed globally)? npm
  ? What type of API are you making? Realtime via Socket.io
     create package.json
     create config/default.json
     create LICENSE
     create public/favicon.ico
     create public/index.html
     create .editorconfig
     create .eslintrc.json
     create src/app.hooks.js
     create src/channels.js
     create src/index.js
     create src/hooks/logger.js
     create src/middleware/index.js
     create src/services/index.js
     create .gitignore
     create README.md
     create src/app.js
     create test/app.test.js
     create config/production.json
  

• Generate authentication for Auth0

  ? What authentication providers do you want to use? Other PassportJS strategies not in this li
  st can still be configured manually. Auth0
  ? What is the name of the user (entity) service? hosts
  ? What kind of service is it? Mongoose
  ? What is the database connection string? mongodb://localhost:27017/foobar
      force config/default.json
     create src/services/hosts/hosts.service.js
     create src/authentication.js
      force src/app.js
      force src/services/index.js
     create src/models/hosts.model.js
     create src/services/hosts/hosts.hooks.js
     create test/services/hosts.test.js
     create src/mongoose.js
  npm WARN foobar@0.0.0 No repository field.
  npm WARN foobar@0.0.0 No license field.
  
  + @feathersjs/authentication-jwt@2.0.0
  + @feathersjs/authentication-oauth2@1.0.3
  + @feathersjs/authentication@2.1.3
  + passport-auth0@0.6.1
  removed 18 packages and updated 4 packages in 12.205s
  npm WARN foobar@0.0.0 No repository field.
  npm WARN foobar@0.0.0 No license field.
  
  + feathers-mongoose@6.1.0
  added 1 package from 4 contributors in 12.028s
  npm WARN foobar@0.0.0 No repository field.
  npm WARN foobar@0.0.0 No license field.
  
  + mongoose@5.0.12
  added 17 packages from 15 contributors in 12.494s
  
  Woot! We've set up your mongodb database connection!
  Make sure that your mongodb database is running, the username/role is correct, and "mongodb://localhost:27017/foobar" is reachable and the database has been created.
  Your configuration can be found in the projects config/ folder.
  

• Navigate to /auth/auth0

Expected behavior

Redirected to Auth0 login page.

Actual behavior

An error is thrown:

error:  TypeError: Cannot set property 'headers' of undefined
    at exposeHeaders (/Users/akagomez/Code/akagomez/foobar/node_modules/@feathersjs/authentication/lib/express/expose-headers.js:9:26)
    at Layer.handle [as handle_request] (/Users/akagomez/Code/akagomez/foobar/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/Users/akagomez/Code/akagomez/foobar/node_modules/express/lib/router/index.js:317:13)
    at /Users/akagomez/Code/akagomez/foobar/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/Users/akagomez/Code/akagomez/foobar/node_modules/express/lib/router/index.js:335:12)
    at next (/Users/akagomez/Code/akagomez/foobar/node_modules/express/lib/router/index.js:275:10)
    at SendStream.error (/Users/akagomez/Code/akagomez/foobar/node_modules/serve-static/index.js:121:7)
    at SendStream.emit (events.js:182:13)
    at SendStream.error (/Users/akagomez/Code/akagomez/foobar/node_modules/send/index.js:270:17)
    at SendStream.onStatError (/Users/akagomez/Code/akagomez/foobar/node_modules/send/index.js:421:12)
    at next (/Users/akagomez/Code/akagomez/foobar/node_modules/send/index.js:736:16)
    at onstat (/Users/akagomez/Code/akagomez/foobar/node_modules/send/index.js:725:14)
    at FSReqWrap.oncomplete (fs.js:182:21)

Workaround

Assign an object to the feathers property on the req object for the authentication plugin:

app.use(function (req, res, next) {
  req.feathers = { provider: 'socket.io' };
  next();
});
app.configure(authentication);

Theory

Without the REST transport, req.feathers never gets assigned here: https://github.com/feathersjs/express/blob/9bc5541107bfd1ec58d3e38fb968b91832cda377/lib/rest/index.js#L33

[daffl]

This is a limitation that I don't think can easily be changed at the moment. @feathersjs/authentication (which currently itself needs Express, see feathersjs-ecosystem/authentication#384) relies on PassportJS which requires Express to work for oAuth.

Maybe the generator should grey out oAuth if you don't have @feathersjs/rest in your dependencies.

[ghost]

Also found that this error is thrown when you try to configure the authentication before you configure the express middleware

[daffl]

This has been addressed in Feathers v4 authentication which is framework-independent. See the Authentication API and the Migration guide for more information on how to upgrade.