docs.nestjs.com icon indicating copy to clipboard operation
docs.nestjs.com copied to clipboard

Published 20 hours ago • verified publisher icon nestjs

Add documentation for custom strategies

Open MickL opened this issue 3 years ago • 1 comments

Is there an existing issue that is already proposing this?

  • [X] I have searched the existing issues

Is your feature request related to a problem? Please describe it

Reading the documentation the topic writing custom strategies is left out IMO. For me the following questions come up implementing a custom strategy:

  • Should we import Strategy from passport or from passport-custom?
  • Why can we also write a authenticate() function and what are the differences to validate()? For what should validate() and for what authenticate() be used?
  • When using authenticate() there are functions like this.success(), this.pass(), this.error() but inside the validate() they are not existent, why is that?
  • Why do I need to call this.sucess(authedUserObj) within authenticate() but in validate() I can just return the authedUserObj?
  • When using authenticate() the validate() function is never called, why is that?

Describe the solution you'd like

Extend the documentation. If you would answer my questions (so I understand it more) I would make a PR to the docs.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

It is not described how to write a custom strategy at all. For example I might want to have a custom strategy that validates a refresh token within my database.

MickL avatar Jun 13 '22 13:06 MickL

  • Should we import Strategy from passport or from passport-custom?

It depends on what type of strategy are you looking for. For local you import Strategy from passport-local, for custom - from passport-custom.

  • Why can we also write a authenticate() function and what are the differences to validate()? For what should validate() and for what authenticate() be used?

Validate() calls authenticate under the hood.

  • When using authenticate() there are functions like this.success(), this.pass(), this.error() but inside the validate() they are not existent, why is that?

That way nest helps us abstract from details. They are still called (prev answer).

  • Why do I need to call this.sucess(authedUserObj) within authenticate() but in validate() I can just return the authedUserObj?

Same reason as mantioned above.

  • When using authenticate() the validate() function is never called, why is that?

Always validate when working with nest, when with express - probably use authenticate.

Useful article: https://dev.to/nestjs/setting-up-sessions-with-nestjs-passport-and-redis-210

By the way, who knows what is session option of PassportModule options is responsible for?

alexander-dobrin avatar Oct 24 '23 14:10 alexander-dobrin