Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Problems with using superlogin on apps

See original GitHub issue

Issue Description

What’s the problem ?

I’ve some problems using superlogin while creating an app with nodewebkit

I’ve used superlogin-demo as a base.

But had to overwrite some parts like the logout in routers and the authorization on the profile refresh.

The main problem is that in superlogin, passeport’s “bearer” and header.authorization on http request are often used to find the user’s session. But it looks like if the server and the client aren’t hosted on the same computer, it doesn’t work.

Here are some “patch” that I used in my fork :

Commit 1 Commit 2

How to repeat the problem, without Nodewebkit ?

  1. Clone superlogin-demo
  2. Configure superlogin-demo server, and start it with npm start (like said in the Readme)
  3. Copy the client part on an apache Server
  4. Start the apache server, and access to the superlogin-demo Client by Apache.
  5. Remove “<base href="/">” in index.html, and remove the use of $location in src/app.js and src/token/token.js (By passing the problem parts as comment)
  6. In src/app.js, configure superloginConfig.baseUrl to set your nodejs server url (Like http://localhost:3000/auth/)
  7. Sign-up and/or log-in
  8. Try to** log out** and you should have also a 401 error on superlogin-demo Server
{ error: 'unauthorized', status: 401 }
POST /auth/logout 401
  1. You’ll have the same problem when you try to access to the user’sprofile. But to see the 401, you have to modify the url of the http.get in src/profile/profile.js and you should see 401 error on superlogin-demo Server. Url sample : http://localhost:3000/user/profile

If you try it in localhost on you computer, you should need to add cors to the nodejs server

I’ll try to easily upload a .zip with the nodejs server and apache client ready, so it’ll be more easy to setup.

I’ve also tried it with a distant server, to see if it’s not the cors and localhost the problem but the same problem occurs.

So, is there a way to solve more easily my problems than my patches ?

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

colinskowcommented, Apr 20, 2016

That is a strange issue. You should dig deep to figure out what is happening to the bearer header? Is it being suppressed by the client or by the server?

Meanwhile check out the source code for my bearer implementation. You can use the Authorization header or a bearer_token property in the body, or a bearer_token query parameter. But the query parameter is not secure since it is not encrypted even over an https connection. (You do not have to modify any SuperLogin source code to make this work.)

But since the Authorization header is the simplest and most secure way to make it work, it is worth researching why NodeWebkit is giving you problems. Try this solution and see if it helps.

mredbishopcommented, Apr 19, 2017

@colinskow The query string is absolutely encrypted over an SSL (https) connection. The server might be writing it to log files or something similar but the entire request including the query string, the whole URL, and the type of request like GET or POST is encrypted.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SuperLoginClient.refresh() and .logout() · Issue #43 - GitHub
I want to call refresh at certain points in my app so that the token is refreshed and they have in turn done...
Read more >
Very long delay for registering a new user with SuperLogin ...
I am facing a 30-second delay when registering a new user through SuperLogin in a CouchDB database. Sometimes it's even longer, causing a ......
Read more >
How to Fix Login Issues on your iPhone or iPad - YouTube
Are you having trouble logging into to apps or websites on you iOS device? In this video I explain why you might be...
Read more >
is Maritime Super not working / having issues for you?
Too many users using the app at same time. Please try after few minutes. ✓ I'm having Maritime Super login issue or account...
Read more >
Access your account online | Super Fund | Superannuation
Access your account online in two ways – through the Aware Super mobile app and your secure member dashboard online. Manage your account...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found