"error: NotAuthenticated: invalid signature when running local with vue.js" frontend

[cirosantilli]

I first managed to get a fully working vue-js Node.js Express setup as shown at: gothinkster/node-express-realworld-example-app#116 which indicates that the Vue setup and my MongoDB are actually working.

So now I wanted to replace the Node.js Express backend with this FeathersJS backend at 8bc3a09 and I ran it with:

MONGODB_FEATHERS_REALWORLD=mongodb://localhost:27017/feathers_realworld npm start

and patched the Vue frontend to point it to this server:

diff --git a/src/common/config.js b/src/common/config.js
index 03af84e..592a4fb 100644
--- a/src/common/config.js
+++ b/src/common/config.js
@@ -1,2 +1,2 @@
-export const API_URL = "https://conduit.productionready.io/api";
+export const API_URL = "http://localhost:3030/api";
 export default API_URL;

but then, when I visit the homepage at http://localhost:8080/ , the "Loading articles..." never disappears, indicating a problem, and on the server I see:

> [email protected] start /home/ciro/git/feathers-realworld-example-app
> node src/

info: mongodb://localhost:27017/feathers_realworld
(node:222399) Warning: Accessing non-existent property 'count' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
(node:222399) Warning: Accessing non-existent property 'findOne' of module exports inside circular dependency
(node:222399) Warning: Accessing non-existent property 'remove' of module exports inside circular dependency
(node:222399) Warning: Accessing non-existent property 'updateOne' of module exports inside circular dependency
info: Feathers application started on http://localhost:3030
error: NotAuthenticated: invalid signature
    at new NotAuthenticated (/home/ciro/git/feathers-realworld-example-app/node_modules/@feathersjs/errors/lib/index.js:93:17)
    at /home/ciro/git/feathers-realworld-example-app/node_modules/@feathersjs/authentication/lib/hooks/authenticate.js:87:31
error: NotAuthenticated: invalid signature
    at new NotAuthenticated (/home/ciro/git/feathers-realworld-example-app/node_modules/@feathersjs/errors/lib/index.js:93:17)
    at /home/ciro/git/feathers-realworld-example-app/node_modules/@feathersjs/authentication/lib/hooks/authenticate.js:87:31

Any clues?

[cirosantilli]

I had emailed Randy as well, and he suggested looking into the following:

The service will attempt to authenticate if an ‘Authorization’ header is present in the request (see src/hooks/authenticateif.js). Perhaps that header is present but not valid? I think the service assumes that non-authenticated access will not have an ‘Authorization’ header.

[randyscotsmithey]

I was able to use a fresh installation of the vue-js real world app calling a local version of the feathers-realworld-example-app without any trouble. I notice that the vue app does not seem to clear the Authorization header properly (gothinkster/vue-realworld-example-app#296 (comment)). Is it possible that a token generated by the node-express-realworld_-example-app was retained by the vue app in the Authorization header and then passed to the feathers app? This would produce the result you observed. The feathers app will return an error indicating the token is invalid (invalid signature).

[cirosantilli]

Thanks for looking into this Randy,

When I tried again with chromium-browser --temp-profile the error was gone, so there was something leftover in the browser state, I should have tried that earlier.

BTW, I noticed that error reporting back to user on UI was not very correct, e.g. trying to login with a wrong username/password shows on UI:

body [object Object]

The message on the server terminal is clearer however:

error: NotAuthenticated: Invalid login
    at new NotAuthenticated (/home/ciro/git/feathers-realworld-example-app/node_modules/@feathersjs/errors/lib/index.js:93:17)
    at /home/ciro/git/feathers-realworld-example-app/node_modules/@feathersjs/authentication/lib/hooks/authenticate.js:87:31
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

Do you know if this is a bug/missing feather here or on the Vue frontend? I might send a pull request to the relevant project later on to fix it.

Edit: tested react now, it fails on slightly different ways. So part of the problem is definitely on the frontend.

[randyscotsmithey]

Thanks for checking the feathers app. Here's what I've found checking the Vue app with Feathers and Node Express.

The feathers error message looks like there might be a problem in the feathers error handling because the response includes extra (redundant) stuff. The client has to grab the “errors” instead of assuming that’s all there is.

Looks like this:

{
   "name": "NotAuthenticated",
    "message": "Invalid login",
    "code": 401,
    "className": "not-authenticated",
    "data": {
        "message": "Invalid login"
    },
    "errors": {
        "body": [
            {
                "name": "NotAuthenticated",
                "code": 401,
                "message": "Invalid login"
            }
        ]
    }
}

Should probably look like this:

{
    "errors": {
        "body": [
            {
                "name": "NotAuthenticated",
                "code": 401,
                "message": "Invalid login"
            }
        ]
    }
}  

However, it looks like the Vue app does grab the “errors” value properly but doesn’t handle the “body” array properly and this is why we see body [object Object]..

The “body” array is in the spec:
Errors and Status Codes

If a request fails any validations, expect a 422 and errors in the following format:

{
  "errors":{
    "body": [
      "can't be empty"
    ]
  }
}

So that seems to mean that the Vue app has a problem.

A further wrinkle is that the Node Express app doesn’t include the “body” array in its error response.

{
    "errors": {
        "email or password": "is invalid"
    }
}

And that’s why the Vue app displays a better error message when calling the Node Express app.