Joe

please! (eta on this?) :+1:

Any ETA on this? The glob stuff alone for `ignore` is killing me.

We do this in our application as well though we have to set up the initial storage outside of feathers (hooked into the transports for REST and socket.io) to maintain...

What i've found is the feathers auth client will not ever respond to an authentication request if the error that's returned is not a 401 (say, a 404). We had...

The way we see it happen in practice is when we try to authenticate a jwt with a sub/userId reference to a user that no longer exists in the users...

The technical approach to this would vary a bit based on 2FA implementation. A 2FA system that required a code for all users could send a user+pass+code to a custom...

I don't have anything I can publicly share - this is mostly an amalgamation of things we've built pre-v4 and how we'd want to (re)build it. If I find some...

We've seen weird issues with our authentication service when it returns non-401 errors and client state, to the point where we now have an `after` hook on our auth services...

Thirded. I'd expect that somewhere in `service_provider.rb` (`current_metadata`?) that it would call `refresh_metadata` though there's a number of gotchas and loops w/r/t checking signatures (`valid_signature?` depends on `should_validate_signature?` which looks...

seeing the same on 2.0.6->2.0.7 (node 16.16, TS 4.7.4)