with all those deprecated messages it becomes really neccessary

so RedirectToRoute('login) instead of Redirect('#/login)

In the Quick Start (http://aurelia-authentication.spoonx.org/Quick%20start.html) in the "Provide a UI for a logon, Signup and Profile" section it states "See aurelia-authentication-samples for more details."

Where's aurelia-authentication-samples located? Is there a working sample application to download?

add 'fake' typings like aurelia

currently dirty checked. that'd better change

basics are simple. just delete the config map entry before travis jspm install

• It would be nice if we could specify the payload parameter keys for login authentication with local strategies. As of now the payload sent to the server is always {email: email, password: password}, while my server expects a username key as a parameter for authentication.

some parts of authUtils might be replacable with aurelia-oath
http://aurelia.io/docs.html#/aurelia/path/1.0.0-beta.1.1.1/doc/api/overview

add dependency entries as there are for jspm

As per subject,
this happens because the popup (pollPopup) check for the host only

https://github.com/SpoonX/aurelia-auth/blob/master/src/popup.js#L81

A solution may be to check for the path too

var documentOrigin = document.location.host + document.location.pathname;
var popupWindowOrigin = self.popupWindow.location.host + self.popupWindow.location.pathname;

You know

I think the OAuth2 spec prefers that login token requests are sent with Content-Type: application/x-www-form-urlencoded - often with a grant_type value as well.

I can't see an easy way to do this with aurelia-auth, but I may be missing something.

I'm trying to call a .Net Web Api with OWIN for all the auth stuff, and I don't have a lot of flexibility on the type of requests that will be accepted.

We should use import {Redirect} from 'aurelia-router'; instead of using window.location for SPA redirects (as eluded to here). This will:

• make things consistent (note the loginRoute configuration option)
• probably be safer by conforming to aurelia's routing methods. I don't know if the current method could break the application's location history in some way.
• allow new defaults to support pushstate enabled applications (which do not use hashes)

Hey guys,

So LinkedIn fails to authorize if redirect_uri value is not encoded. I am getting around it by overriding redirectUri property in the configuration file. For example

redirectUri: encodeURI(window.location.origin || window.location.protocol + '//' + window.location.host)

You guys may want to support it by default

send logout to server for those who want that. easy to do and no harm done

so much repetition

Hi guys,

installing aurelia-authentication and aurelia-api breaks my tests (not my app). I think this is somehow related to the dependencies. I have the following in package.json:

      "aurelia-api": "github:SpoonX/aurelia-api@^2.2.0",
      "aurelia-authentication": "github:SpoonX/aurelia-authentication@^2.1.1",

This generates a config.js with three entries:

    "github:SpoonX/[email protected]": {
    "github:SpoonX/[email protected]": {
    "github:spoonx/[email protected]": {

My jspm_packages only has a SpoonX directory. Karma gives me the following error:

15 04 2016 19:51:30.411:WARN [web-server]: 404: /base/jspm_packages/github/spoonx/[email protected]
15 04 2016 19:51:30.433:WARN [web-server]: 404: /base/jspm_packages/github/spoonx/[email protected]/aurelia-api.js
Chrome 49.0.2623 (Windows 8.1 0.0.0) ERROR: 'Potentially unhandled rejection [8] Error: XHR error (404 Not Found) loading http://localhost:9876/base/jspm_packages/github/spoonx/[email protected]
    at error (http://localhost:9876/base/jspm_packages/system.src.js?6536115be64e0ff966e05546f7767676fa7c03d6:1020:16)
    at XMLHttpRequest.xhr.onreadystatechange (http://localhost:9876/base/jspm_packages/system.src.js?6536115be64e0ff966e05546f7767676fa7c03d6:1028:13)'

Any advice? NPM install of auth is not possible at the moment because of some install errors (see #81).

My bundle is missing authFilter:

...
      "github:polymer/[email protected]/MutationObserver.js",
      "github:spoonx/[email protected]",
      "github:spoonx/[email protected]/config.js",
      "github:spoonx/[email protected]/endpoint.js",
      "github:spoonx/[email protected]/index.js",
      "github:spoonx/[email protected]/rest.js",
      "github:spoonx/[email protected]",
      "github:spoonx/[email protected]/app.fetch-httpClient.config.js",
      "github:spoonx/[email protected]/authService.js",
      "github:spoonx/[email protected]/authUtils.js",
      "github:spoonx/[email protected]/authentication.js",
      "github:spoonx/[email protected]/authorizeStep.js",
      "github:spoonx/[email protected]/baseConfig.js",
      "github:spoonx/[email protected]/index.js",
      "github:spoonx/[email protected]/oAuth1.js",
      "github:spoonx/[email protected]/oAuth2.js",
      "github:spoonx/[email protected]/popup.js",
      "github:spoonx/[email protected]/storage.js",
      "npm:[email protected]",
...

authFilter is required here: https://github.com/SpoonX/aurelia-auth/blob/e62c9eb9d39d674cc218ea390fa87600b7346c9f/src/index.js#L16

But is not imported, thus not bundled and so results in a 404.

I assume you just need to add import './authFilter'; to fix this.

we should have a look at those again for issues and ideas

Perhaps allow authentication to be linked up with ORM?

.getMe() could return a User entity (for instance).

@RWOverdijk

fix on build branch

have look at 4cfe33b

and if it's fine i recommend changing master to dev, build to master (+default) and releasing 2.1.1

spoonx/aurelia-api is injected in several files, but is not a listed JSPM dependency in package.json.

separately installing it is required.

Also you can remove the legacy "aurelia-http-client" dependency while you are in there, as I believe you solely rely on fetch client now.

when installing aurelia-authentication from jspm it fails with this log

C:\Users\Alfred\Source\Projects\ElyfeASP4\ElyfeGh\src\Elyfe.Web> jspm install aurelia-authentication
     Updating registry cache...
     Looking up npm:aurelia-authentication
     Downloading npm:[email protected]

warn Error on processPackageConfig
     Package.json dependency aurelia-dependency-injection set to npm:aurelia-dependency-injection@^1.0.0-beta.1.2.0, whi
ch is not a valid dependency format for npm.
     It's advisable to publish jspm-style packages to GitHub or another registry so conventions are clear.

err  Error: Error processing package config for npm:aurelia-authentication.
         at C:\Users\Alfred\Source\Projects\ElyfeASP4\ElyfeGh\src\Elyfe.Web\node_modules\jspm\node_modules\systemjs-builder\lib\builder.js:27:9
         at Object.lib$rsvp$events$$default.trigger (C:\Users\Alfred\Source\Projects\ElyfeASP4\ElyfeGh\src\Elyfe.Web\node_modules\rsvp\dist\rsvp.js:245:13)
         at null._onTimeout (C:\Users\Alfred\Source\Projects\ElyfeASP4\ElyfeGh\src\Elyfe.Web\node_modules\rsvp\dist\rsvp.js:779:47)
         at Timer.listOnTimeout (timers.js:92:15)

err  Error processing package config for npm:aurelia-authentication.

Given that Satellizer didn't support Azure AD, does your library inherit this limitation?

sahat/satellizer#433
sahat/satellizer#453

From: Sahat Yalkabov [mailto:[email protected]]
Sent: Friday, 10 July 2015 2:37 PM
To: sahat/satellizer
Cc: nigel-dewar
Subject: Re: [satellizer] Azure AD ? (#453)

I have decided not to add Azure AD authentication after all. It was the most frustrating experience. Their single sign-on process is either broken or just so horribly unintuitive. I couldn't even get past sign in popup to get authorization code. The page kept redirecting back after clicking on my account to https://login.microsoftonline.com/common/reprocess?sessionId=....... And if I were to log out I couldn't get to sign-in at all. When I enter an email and press TAB to enter a password, it automatically tries to sign you in, it then redirects to microsoft login, after logging in there, it redirects me back to Azure login. And the cycle repeats.

So the gist here is if I click a link, and it turns out for whatever reason I'm not/no longer authenticated, I get redirected to the login... fine. But when I login, I get redirected back to home or wherever that is statically configured in my authentication settings. It would be good if we could support redirecting back to the original page I wanted to reach.

I actually wanted to submit a PR for this, I started fiddling, and essentially I can make it work... but to make it right, I need to understand a little more about the getAllInstructions() method. How/why would there be multiple instructions in one navigation? If you guys can give the help with this context, I'll happily submit my PR for this.

https://gist.github.com/vuorinem/6b57225915e00920e3b1

Configure accept config based on paulvanbladel/aurelia-auth#71

toString makes everything just to {} or so.

to manually set tokens

It would be a lot easier to handle on the server side if there was an optional separate url route for the refresh token request.

Across spoonx libraries you have changed lib references from github:/spoonx/* to just npm:*

There are still references in /dist/* sources to 'spoonx/aurelia-api' in this project so it's still loading that old reference as a dependency.

related to #53

The baseUrl gets overwritten. That's not cool; inherit the default and allow for optionally passing along an instance on configure.

paulvanbladel/aurelia-auth#59

Following #93 I wonder if we could change something else. The whole token nesting by using Prop => Root => Name is more than a bit sucky. Without reading the comments the options are unclear and the names don't flow Root isn't the root.

Anyone have a better solution? I considered a single property that represents the path some.pathTo.theToken but I'm not sure how easy that is to unwrap or if that is less flexible for some reason.

i don't like that auth is added to the route instead of config.auth as i think it's supposed to be. breaking change, i know, but i'd still like it changed. could support both for some time

I have a webpack-based aurelia project. I installed aurelia-authentication using npm i aurelia-authentication.

WebPack (via npm run dev) complains about not being able to find spoonx/aurelia-api:

ERROR in ./~/aurelia-authentication/dist/commonjs/aurelia-authentication.js
Module not found: Error: Cannot resolve module 'spoonx/aurelia-api' in /Users/mspencer/Developer/Lelander/skills/webapp/node_modules/aurelia-authentication/dist/commonjs
 @ ./~/aurelia-authentication/dist/commonjs/aurelia-authentication.js 12:18-47

ERROR in ./~/aurelia-authentication/dist/commonjs/app.fetch-httpClient.config.js
Module not found: Error: Cannot resolve module 'spoonx/aurelia-api' in /Users/mspencer/Developer/Lelander/skills/webapp/node_modules/aurelia-authentication/dist/commonjs
 @ ./~/aurelia-authentication/dist/commonjs/app.fetch-httpClient.config.js 22:18-47

Since the Aurelia team updated some packages, my aurelia-auth has broken, and I can't figure out if it's me doing things wrong, or if there's a bug in aurelia-auth or the aurelia code base..

Any clues would be very much appreciated!

This happens on page loading, just after loading the nav-bar.html (DEBUG [templating] importing resources for http://localhost:9000/dist/nav-bar.html []):

Unhandled promise rejection TypeError: Cannot read property 'filter' of undefined
    at AuthFilterValueConverter.toView (http://localhost:9000/jspm_packages/github/spoonx/aurelia-auth@master/authFilter.js:22:26)
    at ValueConverter.evaluate (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-binding.js:1121:33)
    at Binding.bind (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-binding.js:4600:36)
    at Controller.bind (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:2745:19)
    at View.bind (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:847:24)
    at Controller.bind (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:2766:19)
    at View.bind (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:847:24)
    at Controller.bind (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:2766:19)
    at Controller.automate (http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:2712:12)
    at http://localhost:9000/jspm_packages/npm/[email protected]/aurelia-templating.js:3733:22
(anonymous function) @ es6.promise.js:151
module.exports @ _invoke.js:5queue.
(anonymous function) @ _task.js:36
run @ _task.js:23
listner @ _task.js:27

The es6.promise.js and associated stuff is all from core-js v 2.0.3, which it seems the Aurelia team is moving to..

I'm stumped, so hope you have some clues..

Just to make the config slightly easier, allow the accessTokenProp to be specified as (examples):

• 'accessToken' (on root)
• 'tokenResponse.accessToken' (in sub-object)
• 'tokenResponse.access.tokenValue' (and so on...)

Just a suggestion :)

The readme is waaaaay way too long. For a module of this size, I think it's best to break it up into smaller documents. I have two suggestions:

1. Put it in separate markdown files in the doc/ dir
2. Put it in the wiki (which can also be managed through version control)

My preference is option 2, because the wiki is a decent place to put this.

I've asked the question myself and I've seen it asked at least twice since. Save yourselves some time and stick it in the README!

See here for comments: https://gitter.im/SpoonX/Dev?at=56e7dd5e618c335373ebf2dc

How this differs from 'paulvanbladel/aurelia-auth'

This repository was originally a fork of paulvanbladel/aurealia-auth. It was forked when the original repository was in a period of inactivity, and later made into a repository of it's own. As such we often get asked how this repository differs from the original. So, at the time of writing the differences are as follows:

• Provides the option to use endpoints, introduced by spoonx/aurelia-api, which simplifies API access.
  • By using aurelia-api the developer can specify which endpoints require the authentication patch.
• TypeScript support added through the addition of d.ts (typescript definition) files
• Lots of bug fixes
• Refactored code to be more readable and performant

Aside: Public SpoonX repositories are open to the community and actively maintained and used by the SpoonX company. They follow a strict deploy cycle with reviews and follow semantic versioning. This ensures code quality control and long term commitment.

I saw on the sahat/satlelizer repo that they have the ability to prevent the authorization token on a per request basis like so:

How can I avoid sending Authorization header on all HTTP requests?

By default, once user is authenticated, JWT will be sent on every request. If you would like to prevent > that, you could use skipAuthorization option in your $http request. For example:

$http({
  method: 'GET',
  url: '/api/endpoint',
  skipAuthorization: true  // `Authorization: Bearer <token>` will not be sent on this request.
});

Is this something that could be added to aurelia-auth?

Hi
I just implemented auth0-lock integration in my fork, to use in my latest app. This is the commit:
pfurini@17ed43a

It is a bit rough, and I don't know how to implement proper testing for this, but at least it works..

Key points:

• It predates the oauthType config property, checking if it is equal to auth0-lock to use the auth0Lock.js provider. It's a bit hacky, but it'd be better if that property was named type like it used to be in the past..
• It expects a global Auth0Lock class defined. One should load the lock-9.1.min.js script directly in index.html
• It supports only the token responseType
• Only tested in popup mode (speaking of lock options), probably not working in redirect mode, but it should be trivial to adjust

Let me know if anyone is interested in merging this, and what can be done to improve it (especially how to implement tests).

Thx

UPDATE: I changed the commit, the old one was wrong. The relevant files are only auth0Lock.js (added) and authentication.js (changed).

if that's possible. i'll have a try on it

https://github.com/Microsoft/TypeScript/wiki/Typings-for-npm-packages

add a convenient way to have users provide their own

Yammer has OAuth 2 authentication but I can't make it work.
https://developer.yammer.com/docs/oauth-2

Is it supported?
Do you have an example of how should I config?

Thanks

And compare with jwt.decode libs