Menu
I found that done() method (or success(), as told by my debugger) has a third argument as well which is called info. Can anybody tell me what happens to value passed into it?
EDIT
The done() method I am referring to is the one we have to call in a strategy callback. e.g.
var passport = require('passport')
, LocalStrategy = require('passport-local').Strategy;
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
if (!user.validPassword(password)) {
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
}
));
The snippet is from here. As it can be seen, in some cases, a message is being passed in an object as third argument to done(). How can we access this message in a route method?
326
Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.
You can use the request itself to transfer some additional parameters from and to the strategy function. In the following example the two parameters _toParam and _fromParam are used for this concern. app. get('/auth/facebook/:appId', function(req,res,next){ req.
The “Passport JS” library connects with the “expression-session” library, and forms the basic scaffolding to attach the (authenticated) user information to the req. session object. The main Passport JS library deals with already authenticated users, and does not play any part in actually authenticating the users.
Strategies are responsible for authenticating requests, which they accomplish by implementing an authentication mechanism. Authentication mechanisms define how to encode a credential, such as a password or an assertion from an identity provider (IdP), in a request.
You should be able to access the information passed as the third parameter as req.authInfo.
You can see the processing here as info, where it is assigned to authInfo and used for flash messages.
186
info is an optional argument that can contain additional user information, such as roles, user profile, or authorization, that may have been determined during the verification function.
This helps with third-party authentication strategies, as these details about an authenticated user can be passed along once the user is successfully authenticated. Otherwise, you might have to look them up a second time later one, which is inefficient.
And as loganfsmyth pointed out, info is set at req.authInfo so that middlware or routes can access it later on.
Additionally, you can transform the info object futher by registering the transformAuthInfo, like this:
passport.transformAuthInfo(function(info, done) {
Client.findById(info.clientID, function (err, client) {
info.client = client;
done(err, info);
});
});
For LocalStrategy, you can see in the verified function that info gets passed to both fail and success actions.
So additionally, you can specify a type and a message properties and these will be used in flash status information messages displayed to the user. (type defaults to 'success' when user is authenticated, and 'error' otherwise).
Flash messages work in Express 2.x via the request.flash() function. This was removed in Express 3.x - connect-flash middleware is recommended if you need this functionality.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
