Authentication Service

npm install @feathersjs/authentication --save

The AuthenticationService is a Feathers service that allows to register different authentication strategies and manage access tokens (using JSON web tokens (JWT) by default). This section describes

The standard setup used by the generator
How to configure authentication and where the configuration should go
The different authentication flows
The methods available on the authentication service
How to customize the authentication service
The Events sent by the authentication service

Setup

The standard setup initializes an AuthenticationService at the /authentication path with a JWT strategy, Local strategy and OAuth authentication (if selected).

import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication'
import { LocalStrategy } from '@feathersjs/authentication-local'
import type { Application } from './declarations'

declare module './declarations' {
  interface ServiceTypes {
    authentication: AuthenticationService
  }
}

export const authentication = (app: Application) => {
  const authentication = new AuthenticationService(app)

  authentication.register('jwt', new JWTStrategy())
  authentication.register('local', new LocalStrategy())

  app.use('authentication', authentication)
}

Configuration

The standard authentication service configuration is normally located in the authentication section of a configuration file (default: config/default.json).

Note

The authentication service can also be configured dynamically or without Feathers configuration by using app.set, e.g. app.set('authentication', config).

The following options are available:

secret: The JWT signing secret.
service: The path of the entity service
authStrategies: A list of authentication strategy names to allow on this authentication service to create access tokens.
parseStrategies: A list of authentication strategies that should be used to parse HTTP requests. Defaults to the same as authStrategies.
entity: The name of the field that will contain the entity after successful authentication. Will also be used to set params[entity] (usually params.user) when using the authenticate hook. Can be null if no entity is used (see stateless tokens).
entityId: The id property of an entity object. Only necessary if the entity service does not have an id property (e.g. when using a custom entity service).
jwtOptions: All options available for the node-jsonwebtoken package.

An authentication service configuration in config/default.json can look like this:

json

{
  "authentication": {
    "secret": "CHANGE_ME",
    "entity": "user",
    "service": "users",
    "authStrategies": ["jwt", "local"],
    "jwtOptions": {
      "header": { "typ": "access" },
      "audience": "https://yourdomain.com",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "1d"
    }
  }
}

info

typ in the header options is not a typo, it is part of the JWT JOSE header specification.

Additionally to the above configuration, most

Authentication Service ​

Setup ​

Configuration ​

Authentication Service

Setup

Configuration