-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The key authentication.currentUser was not bound to any value (mixed auth/noauth controller) #1275
Comments
This might not be relevant, but I found basic-auth.acceptance.ts and noticed the setup is a bit different. The README does: .bind(AuthenticationBindings.STRATEGY).toProvider(MyPassportStrategyProvider); to the |
Hi @joeytwiddle , I created an app using the latest https://github.com/virkt25/lb4-auth-test If everything you're doing is the same and it's still not working for you can you please provide a reproduction sandbox. Thanks and hope this helps :)
This gets added from the |
Taking a quick look, it seems like EDIT: @virkt25 beat me in terms of quality with his reply 😆 |
Thanks so much! I will compare our repos and feedback. Perhaps your demo repository could be linked or imported into the loopback docs examples page, as an example for others. (If the authentication API is stable.) |
OK, so apparently the demo works fine. The reason I was confused is this: my controller has some routes which require authentication, and other routes which should be publicly accessible. (For example, we allow an unauthed Unfortunately it seems if my controller uses If I leave
I forked a branch to reproduce that behaviour. This simple commit demonstrates the problem. Does that seem like expected behaviour to you guys? I was thinking of some possible ways to improve the situation:
|
Regarding 3, my approach was to create two new auth strategies:
Unfortunately I haven't had time to complete the module. You are very welcome to use the code or just use the idea. If the problem I described in the previous comment (controllers with a mixture of auth and non-auth routes) is not really a problem, please feel free to close this Issue. |
I'm going to be investigating this. Our intended use case was that users wouldn't have to decorate routes that don't require authentication. Thanks for bring this up! |
Just got back from a talk with @raymondfeng and told me what is happening here. Each time a route is accessed, a controller instance is created and resolves the injections given to it (in this case it'd be Here are three approaches to get this working in the intended way:
We also plan on documenting these approaches (#1334), as we don't feel it was adequately explained enough in the README, so stay tuned! |
Closing in favour of #1334 |
I have started from a generated server and tried following the authentication instructions.
But whenever I try to access
an authenticateda route, I see this error:Where is the CURRENT_USER provider supposed to get added to the registry?☑️ Answered below.Is there an example server with working authentication anywhere?☑️ Got one below. Thanks virkt25!Another thing to note is that the
verify()
function in MyAuthStrategyProvider never gets called. Although it does get called in virkt25's example, so I need to work out what the difference is between our projects.The text was updated successfully, but these errors were encountered: