The model doesn't seem to be a built in model in loopback 2.0. Its not present in the model-config.json file along with other built-in models such as User, Role etc. I tried manually adding it to this json fileand I get the following error.

Error: Model not found: UserIdentity
at Function.registry.getModel (/Users/.../node_modules/loopback/lib/registry.js:202:9)

I'd like users to validate their emails when signing up. However the passport local auth never seems to invoke user.login which is the function that actually checks if a user is verified. I'm stumped...

see: strongloop/loopback-example-user-management#6

Affecting version 1.3.0

It's the same issue as the one that has been raised by aol-nnov before.
#31

The issue has been fixed by aol-nnov's pull request #31, commit 893d0c,
893d0c9

but the fix has been removed in a later commit 6989f8 (ldap authentication) for some reasons.
6989f8a#diff-0d9ea68c1756ce2fc5c960b5796850aaR428

Thus the current latest version 1.3.0 in npm is broken, which results in the default cookie expiry to be 20min instead of 2 weeks.

What's this?

C:\Users\Acaspita\Documents\Stratap\SandraAPIs\node_modules\loopback-datasource-juggler\lib\relation-definition.js:491
    modelTo.dataSource.defineForeignKey(modelTo.modelName, fk, modelFrom.model
                       ^
TypeError: Cannot call method 'defineForeignKey' of null
    at Function.hasMany (C:\Users\Acaspita\Documents\Stratap\SandraAPIs\node_modules\loopback-datasource-juggler\lib\relation-definition.js:491:24)

I suppose it's generated from the lines I've added to support loopback-component-passport.

// Set up related models
passportConfigurator.setupModels({
    userModel: app.models.user,
    userIdentityModel: app.models.userIdentity,
    userCredentialModel: app.models.userCredential
});

Where should I define these loopback-component-passport models? Aren't they built-in?

I couldn't find this anywhere so could be a feature request.

Is there any way to handle authentication and linking on mobile,
when we are authenticating using the Facebook SDK?

any direction would be really appreciated.

PS: Without any hacks or loading a webview to handle OAuth etc...

thanks

While accessToken model has the following defaults

"ttl": {
      "type": "number",
      "ttl": true,
      "default": 1209600,
      "description": "time to live in seconds (2 weeks by default)"
    },

Which, to my understanding, means that loopback internals expect ttl to be in seconds, while res.cookie expects maxAge param to be in milliseconds (http://expressjs.com/4x/api.html#res.cookie).
After that I have my session expire in something 20 minutes instead of two weeks due to the following code in loopback-component-passport: (https://github.com/strongloop/loopback-component-passport/blob/master/lib/passport-configurator.js#L372)
res.cookie('access_token', info.accessToken.id, { signed: req.signedCookies ? true : false, maxAge: info.accessToken.ttl });

Please advice the correct way around this issue.

Thanks in advance,
Andrey

When I log into loopback with oauth2 and using client_credentials type, the req.authInfo.user is always filled with the first inserted user in DB.
Since the first user is admin, that were causing all my apps logging in to be admin (I was using register resolver for ACL based on the user email).

Using loopback 2.14 and loopback-component-oauth2 1.0

hello sir, can you provide a simple passport exp for facebook login ???

When I walk through example and document,
Seems currently we only have the option to set successRedirect in providers.json statically,
Do u have support for dynamic successRedirect url in the future?
ex: stay at same page when user submit ted login

or already have it but I missed.
Thanks for any answer and suggestion

Using this component, alongside the passport-google-oauth module with a Postgresql datastore fails with the following error:

error: value too long for type character varying(1024)
    at Connection.parseE (.../node_modules/loopback-connector-postgresql/node_modules/pg/lib/connection.js:534:11)
    at Connection.parseMessage (.../node_modules/loopback-connector-postgresql/node_modules/pg/lib/connection.js:361:17)
    at Socket.<anonymous> (.../node_modules/loopback-connector-postgresql/node_modules/pg/lib/connection.js:105:22)
    at Socket.emit (events.js:107:17)
    at readableAddChunk (_stream_readable.js:163:16)
    at Socket.Readable.push (_stream_readable.js:126:10)
    at TCP.onread (net.js:538:20)

Using memory datastore succeeds.

I've narrowed it down to the UserIdentity model. It's likely the "profile" field, which is of type "Object" in the model and apparently creates a postgresql column of type: character varying(1024)

As such, I don't know whether this issue is better suited to the postgresql connector not assigning a better data type to the column, or whether it's better handled here (I'm new to loopback).

@raymondfeng
I'm trying to push my JSDoc changes to loopback-passport but I get this message:

ERROR: Permission to strongloop/loopback-passport.git denied to crandmck.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Can you please give me access to this repo?

I don't know if this is meant to be a supported scenario but it does not appear to be possible to use the standard OAuth2Strategy out of the box because the passport-configurator does not pass through these properties:

• authorizationURL URL used to obtain an authorization grant
• tokenURL URL used to obtain an access token

Just spent quite a while getting authorization to work for REST requests in my angular app, kept getting 401 Unauthorized.

Essentially, because logging in using facebook (twitter etc.) just involves sending the browser to /auth/facebook and lets passport handle the rest. LoopBackAuth is never configured because User.login() is never called (as it would be with a login form), so none of the requests are signed with the authorisation=access_token header, ergo many 401s..

I have worked around this with a bit of server side templating but would like to know if there is a better way of doing this.

script.
      angular.module('app').factory('currentUser', ['LoopBackAuth',function (LoopBackAuth) {
        var user = !{JSON.stringify(user)};
        LoopBackAuth.setUser("!{authToken}", user.id, user);
        LoopBackAuth.rememberMe = true;
        LoopBackAuth.save();
        return user;
      }]);

It seems obvious now that I've figured it out but I was wondering if this could be made clearer or be added to the getting started docs.

Is there a way to make providers in loopback-component-passport available via API?

Afer I log in with facebook via loopback-component-passport 1.1.2, Loopback itself seems not to get the correct requests forwarded:

module.exports = function(MyModel) {
    MyModel.beforeRemote('*', function(ctx, modelInstance, next) {
        ctx.req.accessToken; // always null
        ctx.req.isAuthenticated(): // always false
        next();
    });
};

In server.js for this call isAuthenticated correctly returns true:

app.get('/loggedin', function(req, res) {
    res.send(req.isAuthenticated() ? req.user : '0'); 
});

Any hints on what could be the problem here? Maybe some initialization order I am missing?

Hi!
First of all, congratulations to the job you are doing with Loopback. It is just awesome.

I'm looking for using social logins + email/password in application that using AngularJS as client.

The ng-lb generator generates the login and logout for user/pass authentication, but I'm looking for extendind it to provide also Facebook, Google and Twitter authentication.

Is there any example of this?

Hello there, I was wondering if there's any way to customize the Cookie Settings after log in? I tried to customize this via app.session so I can use these cookies to sub domain (e.g., *.mydomain.com), but after login the access_token and userId cookies is set to mydomain.com.

res.cookie('access_token', info.accessToken.id,
  {
    signed: req.signedCookies ? true : false,
    maxAge: 1000 * info.accessToken.ttl,

    // Domain Option Here
    domain: '.mydomain.com'
  });
res.cookie('userId', user.id.toString(), {
  signed: req.signedCookies ? true : false,
  maxAge: 1000 * info.accessToken.ttl,

  // And maybe another one here?
  domain: '.mydomain.com'
});

I am new to loopback
Looking through the doc, After local User.login()
I can get access_token through local login (http://docs.strongloop.com/display/public/LB/Logging+in+users)
but seems loopback-passport does all the thing for me, how can I still get access_token after social login

I am building a app needing all the user-identity and only using social login, I think I can get all the identity as long as I get the loopback access_token and do query

I can only come up in 3 ways but all not so good if I can get the access_token in ajax response

1. through express.expose and expose req.signCookies.access_token to client, but I'm not sure if there any security problem
2. auto attach access_token on query string before any routing happen, like this

app.use('*', function (req, res, next){
  if(req.signedCookies.access_token){
    req.query.access_token = req.signedCookies.access_token;
  }
  next();
});

but it didn't work, and seems a bit weird
3. rewrite every api (create, update, ...) to attach access_token on query string, but seems crazy

Can I have a better way to get this around, or am I missing something really easy?

I tried to implement the social login stuff today in combination with angular. So I was following mainly this document:
http://docs.strongloop.com/display/LB/Third-party+login
And that example:
https://github.com/strongloop/loopback-example-passport

It seems to work now fine. However when I visit the facebook login-link while I am already logged in I get the following error message and then the process dies:

/var/www/phonegap/backend/node_modules/loopback-component-passport/lib/models/user-identity.js:142
        return identity.user(function (err, user) {
                        ^
TypeError: Object #<ModelConstructor> has no method 'user'

So apart from it not beeing incredible important because normally that button which links to that page would not be visible for logged in users anway, I just wanted to inform you guys. Is also quite possible that I did setup something wrong in that case it would be interesting to know what it is.

Thanks!

Would be nice to see an example!

Is it possible to return a JSON response instead of a 302 pointing to successRedirect on a successful user login? I am attempting to implement a login flow that utilizes https://github.com/drudge/passport-facebook-token so that we can use the native FB login on our mobile app consumers.

Hello!

As I have my app installed on a subdirectory, It would be very helpful to have an option to set the desired path for the cookies. Because using Angular on the client side I cannot manage them correctly.

I can code a PR to support it, but I would like to know which approach is better.

1. Set the cookie path in the providers.json file, for each strategy (not so good)
2. Guess the correct path from the auth request. (ideally?)

Let me know.

Cheers ;)

Hi,

I wanted to get the current user in a remote method. I'm using passport for login right now (mostly copied from example)

I came across contexts: http://docs.strongloop.com/display/RU/Using+current+context
But I cant seem to make passport and contexts work nicely together :(
When calling the method, the error I get is this:

loopback.token() middleware requires a AccessToken model

Everything worked fine and I could login and stuff, but just getting context to work is a problem.
If anyone knows how to do this that would be awesome! I have been searching for hours...
I'm writing in coffeescript but I converted to JS so that all users can read it properly ;)

I set up my server using this code:

var app, boot, flash, loopback;

require('./global');

loopback = require('loopback');

boot = require('loopback-boot');

app = module.exports = loopback();

flash = require('express-flash');

global.app = app;

app.use(flash());

require('./passport').beforeBoot(app);

app.use(loopback.context());

app.use(loopback.token({
  model: 'accessToken'
}));

app.use(function(req, res, next) {
  if (!req.accessToken) {
    return next();
  }
  app.models.UserModel.findById(req.accessToken.userId, function(err, user) {
    var loopbackContext;
    log('user', user);
    if (err) {
      return next(err);
    }
    if (!user) {
      return next(new Error('No user with this access token was found.'));
    }
    loopbackContext = loopback.getCurrentContext();
    if (loopbackContext) {
      loopbackContext.set('currentUser', user);
    }
    next();
  });
});

app.use(function(req, res, next) {
  res.header("X-Powered-By", "Blood, sweat, and tears");
  return next();
});

require('loopback-ds-readonly-mixin')(app);

boot(app, __dirname);

require('./passport').afterBoot(app);

app.start = function() {
  return app.listen(function() {
    app.emit('started');
    console.log('Web server listening at: %s', app.get('url'));
  });
};

app.get('/login', function(req, res, next) {
  res.send({});
});

app.get('/auth/logout', function(req, res, next) {
  req.logout();
  res.redirect('/');
});

app.start();

Passport module is this:

var PassportConfigurator, ensureLoggedIn, loopbackPassport, passportConfigurator;

loopbackPassport = null;

PassportConfigurator = null;

passportConfigurator = null;

ensureLoggedIn = null;

module.exports = {
  beforeBoot: function(app) {
    var c, config, err, s;
    loopbackPassport = require('loopback-component-passport');
    PassportConfigurator = loopbackPassport.PassportConfigurator;
    passportConfigurator = new PassportConfigurator(app);
    ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn;
    passportConfigurator.init();
    config = {};
    try {
      config = require('../providers.json');
    } catch (_error) {
      err = _error;
      console.trace(err);
      process.exit(1);
    }
    for (s in config) {
      c = config[s];
      c.session = c.session !== false;
      passportConfigurator.configureProvider(s, c);
    }
    return app.get('/auth/account', ensureLoggedIn('/login'), function(req, res, next) {});
  },
  afterBoot: function(app) {
    return passportConfigurator.setupModels({
      userModel: app.models.user,
      userIdentityModel: app.models.userIdentity,
      userCredentialModel: app.models.userCredential
    });
  }
};

// ---
// generated by coffee-script 1.9.2

Hi.
I'm very new to loopback. I tried to implement passport.js but I'm getting this error.

Error: passport.initialize() middleware not in use
    at IncomingMessage.req.login.req.logIn (/Users/gabrielciulei/loop/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport/lib/passport/http/request.js:30:30)
    at /Users/gabrielciulei/loop/common/models/user-identity.js:22:17
    at /Users/gabrielciulei/loop/node_modules/loopback-datasource-juggler/lib/dao.js:1408:5
    at allCb (/Users/gabrielciulei/loop/node_modules/loopback-datasource-juggler/lib/dao.js:1339:7)
    at /Users/gabrielciulei/loop/node_modules/loopback-connector-couchbase/lib/cb.js:386:4
    at /Users/gabrielciulei/loop/node_modules/loopback-connector-couchbase/lib/cb.js:117:5
    at Request._callback (/Users/gabrielciulei/loop/node_modules/loopback-connector-couchbase/node_modules/couchbase/lib/bucket.js:353:14)
    at Request.self.callback (/Users/gabrielciulei/loop/node_modules/loopback-connector-couchbase/node_modules/couchbase/node_modules/request/request.js:199:22)
    at Request.emit (events.js:98:17)
    at Request.<anonymous> (/Users/gabrielciulei/loop/node_modules/loopback-connector-couchbase/node_modules/couchbase/node_modules/request/request.js:1160:14)

server.js

var loopback = require('loopback');
var boot = require('loopback-boot');
var path = require('path');

var app = module.exports = loopback();

// Passport configurators..
var loopbackPassport = require('loopback-component-passport');
var PassportConfigurator = loopbackPassport.PassportConfigurator;
var passportConfigurator = new PassportConfigurator(app);

// Bootstrap the application, configure models, datasources and middleware.
// Sub-apps like REST API are mounted via boot scripts.
boot(app, __dirname);

/*
 * body-parser is a piece of express middleware that
 *   reads a form's input and stores it as a javascript
 *   object accessible through `req.body`
 *
 */
var bodyParser = require('body-parser');

/**
 * Flash messages for passport
 *
 * Setting the failureFlash option to true instructs Passport to flash an
 * error message using the message given by the strategy's verify callback,
 * if any. This is often the best approach, because the verify callback
 * can make the most accurate determination of why authentication failed.
 */
var flash = require('express-flash');

// attempt to build the providers/passport config
var config = {};
try {
    config = require('../providers.json');
} catch (err) {
    console.trace(err);
    process.exit(1); // fatal
}

// Set up the /favicon.ico
app.use(loopback.favicon());

// request pre-processing middleware
app.use(loopback.compress());



app.set('view engine', 'ejs'); // LoopBack comes with EJS out-of-box
app.set('views', path.resolve(__dirname, 'views'));
app.use(loopback.static(path.resolve(__dirname, '../client')));

// to support JSON-encoded bodies
app.use(bodyParser.json());
// to support URL-encoded bodies
app.use(bodyParser.urlencoded({
    extended: true
}));

// The access token is only available after boot
app.use(loopback.token({
  model: app.models.accessToken
}));

app.use(loopback.cookieParser(app.get('cookieSecret')));
app.use(loopback.session({
    secret: 'kitty',
    saveUninitialized: true,
    resave: true
}));
passportConfigurator.init();

// We need flash messages to see passport errors
app.use(flash());

passportConfigurator.setupModels({
    userModel: app.models.user,
    userIdentityModel: app.models.userIdentity,
    userCredentialModel: app.models.userCredential
});
for (var s in config) {
    var c = config[s];
    c.session = c.session !== false;
    passportConfigurator.configureProvider(s, c);
}
var ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn;

// Requests that get this far won't be handled
// by any middleware. Convert them into a 404 error
// that will be handled later down the chain.
app.use(loopback.urlNotFound());

// The ultimate error handler.
app.use(loopback.errorHandler());

app.start = function() {
  // start the web server
  return app.listen(function() {
    app.emit('started');
    console.log('Web server listening at: %s', app.get('url'));
  });
};

// start the server if `$ node server.js`
if (require.main === module) {
  app.start();
}

routes.js

module.exports = function(app) {
  var router = app.loopback.Router();

  router.get('/tasks', function(req, res) {
    console.log("USER", req.user);

    res.render('layout', {
      projectData: 'var currentProject = null;',
      viewPath: './tasks'
    });
  });
  app.use(router);
};

middleware.json

{
  "initial:before": {
    "loopback#favicon": {}
  },
  "initial": {
    "compression": {}
  },
  "session": {
  },
  "auth": {
  },
  "parse": {
  },
  "routes": {
    "loopback#status": {
      "paths": "/"
    }
  },
  "files": {
  },
  "final": {
    "loopback#urlNotFound": {}
  },
  "final:after": {
    "errorhandler": {}
  }
}

Can anybody tell me what's wrong?

Thank you.

So I've bumped loopback to 1.10.0 and having following error:

/api/node_modules/loopback-component-passport/lib/models/user-identity.js:64
var UserIdentity = DataModel.extend('UserIdentity', properties, options);

TypeError: Cannot call method 'extend' of undefined

I was trying to use make an authenticated api call after logging in using the passport-local. But the accessToken signed cookie is not being set for local.

When I login through Fb, I get a signed cookie with accessToken but that is not happening for local. I have added the following option to providers.json for local but still the cookie is not being set.

"setAccessToken": true

Steps to reproduce:
Clone the loopback-example-passport repo and use the local login. You will see that the accessToken is virtually impossible to retrieve.

on 2.1.4.

I'm not getting the difference between userIdentity and userCredentials.

What I expect on a high level is the following:

• ability to login with an account.
• if account doesn't exist create User 1 + identity A
• while still logged in to User 1 link other account --> new identity B added to existing User 1
• after logging out User 1, logging in with identity A as well as identity B should log me into User 1.

This doesn't take into account the following:

• if account doesn't exist create User 1 + identity A
• logout
• if account doesn't exist create User 2 + identity B
• while still logged in to User 2 link to identity A.
• problem: should we merge User 1 and User 2? If profile-details were added to as well User 1 and 2, which profile details should we take?

I'm not sure how this translates to userIdentity and userCredentials.
What I'm sure of is that the above flow doesn't work as expected.

What I'm observing is the following:

1. if account doesn't exist create User 1 + identity A.
   This actually results in:

   • 1 new User
   • 1 new AccessToken
   • 1 new UserIdentity
   • 0 new UserCredentials

   The result under Third Party Profiles shows: contents of 1 new UserIdentity

2. while still logged in to User 1 link other account --> new identity B added to existing User 1.
   This actually results in:

   • 0 new User
   • 1 new AccessToken
   • 0 new UserIdentity
   • 1 new UserCredentials

   The result under Third Party Profiles shows: contents of 1 new UserCredentials . Note the previously shown UserIdentity (with which the User was created) isn't shown anymore. This seems weird.

3. while still logged in to User 1 link other account --> new identity C added to existing User 1.
   This actually results in:

• 0 new User
• 1 new AccessToken
• 0 new UserIdentity
• 1 new UserCredentials

The result under Third Party Profiles shows: contents of 2 UserCredentials (1 now created + 1 from previous flow) . Note the previously shown UserIdentity still isn't shown
4. Logout
5. Login given identity A.
The result under Third Party Profiles shows: content of UserIdentity A (with which the User was originally created). Note, no sign anymore of the 2 UserCredentials for identity B and C (which are stored as UserCredentials). This seems weird.
6. Logout
7. Login given identity B (which is linked as a UserCredential to User 1). I therefore expect User 1 to be loaded (as in 5. but with all identities A,B,C, as I expected to be the case with 5.) .
However this actually results in:

• 1 new User
• 1 new AccessToken
• 1 new UserIdentity
• 0 new UserCredentials

In short: A new User 2 is created, while the identity (although stored as a UserCredential) was already linked to User 1. This seems weird.

Perhaps something eludes me completely about the difference between UserCredential and UserIdentity , but it seems exactly this separation of logic (instead of treating them all as, say, UserIdentities and just getting rid of UserCredentials) that results in the above logical strangeness.

at the moment support of local provider is the most complex to integrate compare to oauth and openID.

adding support of passport-http could be an hassle free authentication for local user.

Hi,

I keep getting this error when logging in with the correct username but wrong password:

http.js:689
    throw new Error('Can\'t set headers after they are sent.');
          ^
Error: Can't set headers after they are sent.
  at ServerResponse.OutgoingMessage.setHeader (http.js:689:11)
  at ServerResponse.res.setHeader (/usr/src/app/node_modules/loopback-explorer/n
ode_modules/express/node_modules/connect/lib/patch.js:134:22)
  at /usr/src/app/node_modules/errorhandler/index.js:132:15
  at fs.js:271:14
  at Object.oncomplete (fs.js:107:15)

Program node --harmony --debug ./server/server.js exited with code 8

This is what's causing the error:
https://github.com/strongloop/loopback-component-passport/blob/master/lib/passport-configurator.js#L228

I believe changing to this will fix this issue:

return done(null, false, {message: 'Incorrect password.'});

Looks like a couple warnings are showing up due to some changes:

express-session deprecated undefined resave option; provide resave option server/server.js:23:18                                        
express-session deprecated undefined saveUninitialized option; provide saveUninitialized option server/server.js:23:18

http://stackoverflow.com/questions/24477035/express-4-0-express-session-with-odd-warning-message

It can be fixed by simply setting the defaults, which are currently both true:

app.use(loopback.session({
  secret: 'some secret?',
  resave: true,
  saveUninitialized: true
}));

Depending of providers system do not offer the same results.

oauth 1/2 and openid return cookies (i.e. acces_token and user_id) whereas local just provides nothing by default and require activation of express session.

will it be possible that local also provide cookies on successfull login.

I am trying to build a base profile out using loopbacks new hook syntax. It seems that using the before save method does not expose the data user creation using this component. Is it possible to get that information directly on the hook?

cc @QuincyLarson @terakilobyte

Is there an example of third-party login with Loopback 2.x?

I'm implementing Passport in my own project by following the loopback-example-passport project, however, when I create my own models for userIdentity and userCredetial and have them extend UserIdentity and UserCredential, models for all four are created in the datasource.

However, using the example project only the models for the extended models are created. Any idea why UserIdentity and UserCredential are not being overwritten?

AFAIK, You cannot do any access-control when using third party

Reason:
When a new account is created through Fb (or any other oAuth), you are creating a user with a random password, and as a result, losing the ability to login (because you don't know the password).
And when we are logging in the user, we are doing a db query and setting the req.user with the query results.

So as we are not logging in, we cannot have an access-token with access-level of authenticated_user. The access token being set when logged in via Fb, is I think one with access level of all

It would be good if there was a nice way to integrate loopback's acl system into passport-component. Instead of us building a custom ACL.

At the moment the OpenID integration do not configure passport-opend#saveAssociation in order to store association information (i.e. diffie hellman negotiated secret) in DB.
Consequently Open ID does not work in cluster environment since association are stored per loop only (c.f. opendid#_associations).
Using smart mode in cluster env becomes counterproductive!

It appears that the access_token is being created in local strategy, however, there when logging in using the local strategy the user profile that is created on line 196 in passport-configurator.js:

 var userProfile = {
                provider: 'local',
                id: u.id,
                username: u.username,
                emails: [
                  {
                    value: u.email
                  }
                ],
                status: u.status,
                accessToken: null
              }; 

is never saved to database, which for me, is a mongo collection. I say this because when I try to get the req.user I dont get back the profile for the user, which contains the access token. I need the access token in a cookie to send back in the response, so that I can make subsequent requests with that logged in user to loopback models. Is there a reason we dont create a profile for local provider logins, or dont send back the access token for local strategy via cookie?

As I understand passport uses Session/Cookie for callbacks. While loopback uses AccessTokens for user validation.

Is it possible somehow to redirect using AccessToken and UserId instead of session/cookie?

Thanks

for example: if I wanna do something after loopback-component-passport create the user,
and do other thing before the user login
I thought I can use remote hooks to get the timing I want.
like:

MyUser.afterRemote('create', function(context, instance, next) {
    // do something here
    next();
  });

  MyUser.beforeRemote('login', function(context, instance, next) {
    // do something here
    next();
  });

I found out it didn't work.

so I use operation hook

MyUser.observe('after save', function(ctx, next) {
    if (ctx.instance) {
      // I can know it's a newly created user
    } else {
     // otherwise...
    }
    next();
  });

But I still can't get any hint about when I can access before user login?

Did I miss something, or anyone has a better idea about doing the other way?

Diddn't loopback-component-passport use User.login, User.create?

We use a specific profileToUser function which is similar to the one given here minus a few details. Because of this we have to dig into the module to get the generateKey function. It would be awesome to expose this to allow others to use it in a similar fashion.

The passport.authorize call inside lib/passport-configurator.js should allow us to override / add properties to the options object.

I saw that there is an option of specifying custom callback but there is no reference in the docs.

Also I see that it has to specified in the providers.json but how do I specify a function in JSON?

I was looking at the switch statement in passport-configurator.js file starting on line 177, and it appears that if you set a flag in your providers.json file for "setAccessToken" : true the statement will use the login function attached to the User model. like so:

 self.userModel.login({username: username, password: password},
                    function (err, accessToken) {
                      if (err) {
...

This is great, however, most applications use email as the person's username. Is there a way around this, or do I have to add an if statement to use email if login using username returns nothing? I would like to have the access token attached to a cookie and sent back to the browser, and this seems to be the only way to accomplish this using local auth.

loopback-component-passport does not work with extended User models - i.e.,
common/models/user.json

{
  "name": "user",
  "plural": "users",
  "base": "User",
...

This is due to hardcoded references to User in user-credential.json and user-identity.json models - i.e.,

  "relations": {
    "user": {
      "type": "belongsTo",
      "model": "user",
      "foreignKey": "userId"
    }

They have exactly the same properties, the only difference is UserIdentity has a login method to login with third party account, while UserCredential has a link method to link third party account to current user.

But that means, if I have already linked a google account, I can't use google account to login back next time. Because linked accounts store in UserCredential table/collection, while login will only retrieve from UserIdentity table/collection.

So why there are separated?

Raymond Feng: In change log for 1.5.0 version you stated: "Make sure passport is registered with session phase" but unfortunately I don't know how to do that. Is there any example available?

Best regards,
Simon Šander

Currently all authPath routes are set to handle non-local callbacks using GET. However, passport-local requires a POST route to be able to post the username/password from a login form. It would be nice if passport-local was added to the example project as well.

I'm having to overwrite a bunch of login logic because we need our users to be able to login through multiple auths without creating a new account.

At the moment user credentials is useless to us and it doesn't make sense for it to control the linking logic. We overwrite the link function and provide our own that has userIdentity as its context. That solved some of our issues but introduced others.

Since the loopback makes a distinction between login and linking, when our user links their account and then later tries to login with a linked account loopback instead creates a new account instead of loading the linked account. This is due to provider being different between link and login options (i.e. 'github-login' and 'github-link').

For now we are going to override UserIdentity.login so that we can change the provider string used to create the identity, but this definitely should be something supported by this module.

Most of our users use twitter to login. Twitter does not return emails so we have had it optional in our past setup.

Currently switching to loopback and running into this modul erring when userObj.email is null (which is our default, a lot of our system depends on this so it is not possible to change it).

Would a PR be accepted to add a flag to make email optional?
here and here

from:

// login func
if (!userObj.email) {
    return cb('email is missing from the user profile');
}

// profileToUser
if (options.emailOptional && !email) {
      // Fake an e-mail
      email = (profile.username || profile.id) + '@loopback.' +
              (profile.provider || provider) + '.com';
}

to

// login func
if (!userObj.email && !options.emailOptional) {
    return cb('email is missing from the user profile');
}

// profileToUser
if (!email && !options.emailOptional) {
      // Fake an e-mail
      email = (profile.username || profile.id) + '@loopback.' +
              (profile.provider || provider) + '.com';
}

cc @terakilobyte @QuincyLarson

/lib/passport-configurator.js
function: defaultCallback line:423

the third param is a function with params 'req', 'res' which will be called when authentication succeeds, should like below:

app.get('/auth/facebook/callback',
  passport.authenticate('facebook', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

but in defaultCallback:

passport.authenticate(name, _.defaults({session: session},options.authOptions), function(err, user, info) {});

I think the callback 'function(err, user, info)' doesn't really work