Comments (5)
That is a strange issue. You should dig deep to figure out what is happening to the bearer header? Is it being suppressed by the client or by the server?
Meanwhile check out the source code for my bearer implementation. You can use the Authorization
header or a bearer_token
property in the body, or a bearer_token
query parameter. But the query parameter is not secure since it is not encrypted even over an https connection. (You do not have to modify any SuperLogin source code to make this work.)
But since the Authorization
header is the simplest and most secure way to make it work, it is worth researching why NodeWebkit is giving you problems. Try this solution and see if it helps.
from superlogin.
I believe this answer may solve your issue without modifying any SuperLogin code on client or server.
from superlogin.
The simplest solution is to disable web-security
in NodeWebkit to remove cross origin limitations.
from superlogin.
Ok, So I followed you advice and looked about the header.
I noticed that the authorization wasn't included. So I search about it in the client, and BOUM I found
service.request = function(request) {
var session = superloginSession.getSession();
if(session && session.token) {
superloginSession.checkRefresh();
}
if(checkEndpoint(request.url, endpoints)) {
if(session && session.token) {
request.headers.Authorization = 'Bearer ' + session.token + ':' + session.password;
}
}
return request;
};
What does it means ? It's just a problem of endpoints, and I didn't declared any endpoint in the config.
So, if you have the same problem as me, you simply have to configure your app like this :
var superloginConfig = {
baseUrl: 'http://localhost:3000/auth/',
endpoints: ["localhost:3000"], //Here
checkExpired: 'stateChange',
providers: ['facebook', 'google', 'github', 'windowslive', 'linkedin']
};
superloginProvider.configure(superloginConfig);
from superlogin.
@colinskow The query string is absolutely encrypted over an SSL (https) connection. The server might be writing it to log files or something similar but the entire request including the query string, the whole URL, and the type of request like GET or POST is encrypted.
from superlogin.
Related Issues (20)
- How can I remove confirmPassword requirement?
- Validation failed HOT 8
- Validation failed HOT 1
- Calling /auth/session with authorization header is returning unauthorized HOT 1
- Use template-literal instead of EJS
- user-db-added event doesn't get emitted HOT 1
- New release? HOT 13
- Validation Failed HOT 1
- Register vaildation failed HOT 18
- Mandatory Migration from Cloudant to BlueMix not compatible with Superlogin HOT 1
- Superlogin with CouchDB crypto.pbkdf2 "digest" argument required HOT 1
- how to add profile data with registration?
- removeUser not working
- Live demo isn't working HOT 1
- Forgot Password function
- TypeError: Cannot read property 'valid' of undefined at Function.PouchDB.parseAdapter
- Howto: use superlogin with current nodejs HOT 6
- Set a Doc create limit per user
- super login spaming console with errors
- Graphql
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from superlogin.