Menu
How would you explain the workflow of Passport's serialize and deserialize methods to a layman.
Where does user.id go after passport.serializeUser has been called?
We are calling passport.deserializeUser right after it where does it fit in the workflow?
// used to serialize the user for the session passport.serializeUser(function(user, done) { done(null, user.id); // where is this user.id going? Are we supposed to access this anywhere? }); // used to deserialize the user passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { done(err, user); }); }); I'm still trying to wrap my head around it. I have a complete working app and am not running into errors of any kind.
I just wanted to understand what exactly is happening here?
Any help is appreciated.
999
Passport uses serializeUser function to persist user data (after successful authentication) into session. Function deserializeUser is used to retrieve user data from session.
deserializeUser() functions. Passport.serialize and passport.deserialize are used to set id as a cookie in. the user's browser and to get the id from the cookie when it then used to get user info in a callback. The. done() function is an internal function of passport.js and the user id which you provide as the second.
Data serialization is the process of converting an object into a stream of bytes to more easily save or transmit it. The reverse process—constructing a data structure or object from a series of bytes—is deserialization.
- Where does
user.idgo afterpassport.serializeUserhas been called?
The user id (you provide as the second argument of the done function) is saved in the session and is later used to retrieve the whole object via the deserializeUser function.
serializeUser determines which data of the user object should be stored in the session. The result of the serializeUser method is attached to the session as req.session.passport.user = {}. Here for instance, it would be (as we provide the user id as the key) req.session.passport.user = {id: 'xyz'}
- We are calling
passport.deserializeUserright after it where does it fit in the workflow?
The first argument of deserializeUser corresponds to the key of the user object that was given to the done function (see 1.). So your whole object is retrieved with help of that key. That key here is the user id (key can be any key of the user object i.e. name,email etc). In deserializeUser that key is matched with the in memory array / database or any data resource.
The fetched object is attached to the request object as req.user
Visual Flow
passport.serializeUser(function(user, done) { done(null, user.id); }); │ │ │ └─────────────────┬──→ saved to session │ req.session.passport.user = {id: '..'} │ ↓ passport.deserializeUser(function(id, done) { ┌───────────────┘ │ ↓ User.findById(id, function(err, user) { done(err, user); }); └──────────────→ user object attaches to the request as req.user }); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
