Skip to content

Authentication Strategies

An authentication strategy is any object or class that implements at least an authenticate(data, params) method. They can be registered with the AuthenticationService to authenticate service calls and other requests. The following strategies already come with Feathers:

More details on how to customize existing strategies can be found in their API documentation. This section describes the common methods for all authentication strategies and how a custom authentication strategy can be implemented.


Will be called with the name under which the strategy has been registered on the authentication service. Does not have to be implemented.


Will be called with the Feathers application instance. Does not have to be implemented.


Will be called with the Authentication service this strategy has been registered on. Does not have to be implemented.


Synchronously verify the configuration for this strategy and throw an error if e.g. required fields are not set. Does not have to be implemented.

authenticate(authentication, params)

Authenticate authentication data with additional params. authenticate should throw a NotAuthenticated if it failed or return an authentication result object.

parse(req, res)

Parse a given plain Node HTTP request and response and return null or the authentication information it provides. Does not have to be implemented.

This is called by the authentication service. See AuthService.parse


The AuthenticationBaseStrategy class provides a base class that already implements some of the strategy methods below with some common functionality:

  • setName sets
  • setApplication sets
  • setAuthentication sets this.authentication
  • configuration getter returns this.authentication.configuration[]
  • entityService getter returns the entity (usually /users) service from


Examples for authentication strategies can be found in the Cookbook:

Released under the MIT License.