An authentication strategy is any object or class that implements at least an authenticate(data, params) method. They can be registered with the AuthenticationService to authenticate service calls and other requests. The following strategies already come with Feathers:
- JWTStrategy in
- LocalStrategy in
- OAuthStrategy in
More details on how to customize existing strategies can be found in their API documentation. This section describes the APIcommon methods for all authentication strategies and how a custom authentication strategy can implemented.
Will be called with the
name under which the strategy has been registered on the authentication service. Does not have to be implemented.
Will be called with the Feathers application instance. Does not have to be implemented.
Will be called with the Authentication service this strategy has been registered on. Does not have to be implemented.
Synchronously verify the configuration for this strategy and throw an error if e.g. required fields are not set. Does not have to be implemented.
authentication data with additional
params. A strategy may check for
data.strategy being set to its
name and throw an error if it does not match.
authenticate will be called for all strategies.
authenticate should throw a
NotAuthenticated if it failed or return an authentication result object.
Parse a given plain Node HTTP request and response and return
null or the authentication information it provides. Does not have to be implemented.
AuthenticationBaseStrategy class provides a base class that already implements some of the strategy methods below with some common functionality:
- setName sets
- setApplication sets
- setAuthentication sets
entityServicegetter returns the entity (usually
/users) service from
Examples for authentication strategies can be found in the Cookbook: