Menu
I search a lot on internet but I can not find the answer.
I am using my frontend on one port and my backend in another. I use cors to enable the requests and this works. But when I implement passport js and sessions with mongodb whit does not work, it means when I try to get the user with req.user this is undefined. Here is my index.js code
app.use(cors());
app.use(session({
resave: false,
saveUninitialized: false,
secret: 's3cr3et',
store: new MongoStore({
url: process.env.MONGO_URI
})
}));
app.use(passport.initialize());
app.use(passport.session());
my passport js is
Here i define my auth, serialize and deserialize user. My Auth and serialize is working well but deserialize not
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function (id, done) {
User.findById(id, (err, user) => {
done(null, user);
});
});
passport.use(new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {
User.findOne({ email: email.toLowerCase() }, (err, user) => {
if (err) { return done(err); }
if (!user) { return done(null, false, { error: 'Invalid credentials.' }); }
user.comparePassword(password, (err, isMatch) => {
if (err) { return done(err); }
if (isMatch) {
return done(null, user);
}
return done(null, false, { error: 'Invalid credentials.' });
});
});
}));
I tried also cookie session instead mongo db but I guess is not the solution. The problem is the cors, for some reason passport dont read the session.
Also I tried to enable in coors credentials and specify the origin but deserialize still not set the user
app.use(cors({
credentials: true,
origin: ['http://localhost:8080']
}));
I hope you can help me because I can not get it work Thanks !!
680
Passport will establish a persistent login session after successful authentication. This session is maintained via a cookie in the user's browser.
Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.
This series of requests and responses, each associated with the same user, is known as a session. HTTP is a stateless protocol, meaning that each request to an application can be understood in isolation - without any context from previous requests.
I had the same issue. In my case, I was having an SPA on the frontend with a RESFful (well, not really as we are maintaining state here) backend on Node.js. Later I found out that I was not sending the browser cookies along with the data when I used to make requests to my RESTful API. This was exactly where the issue was that what was not letting users get Deserialized because we need cookies data on the backend to find out which user has sent a particular request. Try doing the same, I hope that would solve your problem as it did mine. :)
122
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
