Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what is passport.initialize()? (nodejs express)

I'm now trying to apply passport module in my apps.

I'm reading some manuals, and there say,

app.use(passport.initialize());
app.use(passport.session());

what is app.use(passport.initialize()) exactly doing?

passport.session() is maybe for the passport to use the session information,

But I have no idea about the passport.initialize()

like image 420
jwkoo Avatar asked Oct 09 '17 10:10

jwkoo


People also ask

What is passport used for in node JS?

Passport is Express-compatible authentication middleware for Node. js. Passport's sole purpose is to authenticate requests, which it does through an extensible set of plugins known as strategies.

What does passport authenticate () do?

In this route, passport. authenticate() is middleware which will authenticate the request. By default, when authentication succeeds, the req. user property is set to the authenticated user, a login session is established, and the next function in the stack is called.

What is Passport login in node JS?

Passport is authentication middleware for Node. js. As it's extremely flexible and modular, Passport can be unobtrusively dropped into any Express-based web application. A comprehensive set of strategies supports authentication using a username and password, Facebook, Twitter, and more.

What is passport JS strategy?

Passport is authentication middleware for Node. js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.


3 Answers

passport.initialize() is a middle-ware that initialises Passport.

Middlewares are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle.

Passport is an authentication middleware for Node that authenticates requests.

So basically passport.initialize() initialises the authentication module.

passport.session() is another middleware that alters the request object and change the 'user' value that is currently the session id (from the client cookie) into the true deserialized user object. It is explained in detail here.

like image 172
Harikrishnan Avatar answered Oct 24 '22 06:10

Harikrishnan


Sometimes it's better to look into the code: passport github on initialize()

TL;DR

With sessions, initialize() setups the functions to serialize/deserialize the user data from the request.

You are not required to use passport.initialize() if you are not using sessions.

/**
 * Passport initialization.
 *
 * Intializes Passport for incoming requests, allowing authentication strategies
 * to be applied.
 *
 * If sessions are being utilized, applications must set up Passport with
 * functions to serialize a user into and out of a session.  For example, a
 * common pattern is to serialize just the user ID into the session (due to the
 * fact that it is desirable to store the minimum amount of data in a session).
 * When a subsequent request arrives for the session, the full User object can
 * be loaded from the database by ID.
 *
 * Note that additional middleware is required to persist login state, so we
 * must use the `connect.session()` middleware _before_ `passport.initialize()`.
 *
 * If sessions are being used, this middleware must be in use by the
 * Connect/Express application for Passport to operate.  If the application is
 * entirely stateless (not using sessions), this middleware is not necessary,
 * but its use will not have any adverse impact.
...
like image 21
jpenna Avatar answered Oct 24 '22 06:10

jpenna


From the Passportjs documentation:

In a Connect or Express-based application, passport.initialize() middleware is required to initialize Passport. If your application uses persistent login sessions, passport.session() middleware must also be used.

If we have a look at the source code, we can see that passport.initialize() middleware basically add passport instance to incoming requests so that authentication strategy can be proceed.
If there is a session, it is added to requests as well.

like image 5
TGrif Avatar answered Oct 24 '22 05:10

TGrif