I'm now trying to apply passport module in my apps.
I'm reading some manuals, and there say,
app.use(passport.initialize());
app.use(passport.session());
what is app.use(passport.initialize())
exactly doing?
passport.session()
is maybe for the passport to use the session information,
But I have no idea about the passport.initialize()
Passport is Express-compatible authentication middleware for Node. js. Passport's sole purpose is to authenticate requests, which it does through an extensible set of plugins known as strategies.
In this route, passport. authenticate() is middleware which will authenticate the request. By default, when authentication succeeds, the req. user property is set to the authenticated user, a login session is established, and the next function in the stack is called.
Passport is authentication middleware for Node. js. As it's extremely flexible and modular, Passport can be unobtrusively dropped into any Express-based web application. A comprehensive set of strategies supports authentication using a username and password, Facebook, Twitter, and more.
Passport is authentication middleware for Node. js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
passport.initialize()
is a middle-ware that initialises Passport.
Middlewares are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle.
Passport is an authentication middleware for Node that authenticates requests.
So basically passport.initialize()
initialises the authentication module.
passport.session()
is another middleware that alters the request object and change the 'user' value that is currently the session id (from the client cookie) into the true deserialized user object. It is explained in detail here.
Sometimes it's better to look into the code: passport github on initialize()
TL;DR
With sessions, initialize()
setups the functions to serialize/deserialize the user data from the request.
You are not required to use passport.initialize()
if you are not using sessions
.
/**
* Passport initialization.
*
* Intializes Passport for incoming requests, allowing authentication strategies
* to be applied.
*
* If sessions are being utilized, applications must set up Passport with
* functions to serialize a user into and out of a session. For example, a
* common pattern is to serialize just the user ID into the session (due to the
* fact that it is desirable to store the minimum amount of data in a session).
* When a subsequent request arrives for the session, the full User object can
* be loaded from the database by ID.
*
* Note that additional middleware is required to persist login state, so we
* must use the `connect.session()` middleware _before_ `passport.initialize()`.
*
* If sessions are being used, this middleware must be in use by the
* Connect/Express application for Passport to operate. If the application is
* entirely stateless (not using sessions), this middleware is not necessary,
* but its use will not have any adverse impact.
...
From the Passportjs documentation:
In a Connect or Express-based application, passport.initialize() middleware is required to initialize Passport. If your application uses persistent login sessions, passport.session() middleware must also be used.
If we have a look at the source code, we can see that passport.initialize() middleware basically add passport instance to incoming requests so that authentication strategy can be proceed.
If there is a session, it is added to requests as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With