Problems with using superlogin on apps about superlogin HOT 5 CLOSED

That is a strange issue. You should dig deep to figure out what is happening to the bearer header? Is it being suppressed by the client or by the server?

Meanwhile check out the source code for my bearer implementation. You can use the Authorization header or a bearer_token property in the body, or a bearer_token query parameter. But the query parameter is not secure since it is not encrypted even over an https connection. (You do not have to modify any SuperLogin source code to make this work.)

But since the Authorization header is the simplest and most secure way to make it work, it is worth researching why NodeWebkit is giving you problems. Try this solution and see if it helps.

from superlogin.

I believe this answer may solve your issue without modifying any SuperLogin code on client or server.

from superlogin.

The simplest solution is to disable web-security in NodeWebkit to remove cross origin limitations.

from superlogin.

Ok, So I followed you advice and looked about the header.

I noticed that the authorization wasn't included. So I search about it in the client, and BOUM I found

    service.request = function(request) {
      var session = superloginSession.getSession();
      if(session && session.token) {
        superloginSession.checkRefresh();
      }
      if(checkEndpoint(request.url, endpoints)) {
        if(session && session.token) {
          request.headers.Authorization = 'Bearer ' + session.token + ':' + session.password;
        }
      }
      return request;
    }; 

What does it means ? It's just a problem of endpoints, and I didn't declared any endpoint in the config.

So, if you have the same problem as me, you simply have to configure your app like this :

var superloginConfig = {
      baseUrl: 'http://localhost:3000/auth/',
      endpoints: ["localhost:3000"], //Here
      checkExpired: 'stateChange',
      providers: ['facebook', 'google', 'github', 'windowslive', 'linkedin']
    };
    superloginProvider.configure(superloginConfig);

from superlogin.

@colinskow The query string is absolutely encrypted over an SSL (https) connection. The server might be writing it to log files or something similar but the entire request including the query string, the whole URL, and the type of request like GET or POST is encrypted.

from superlogin.