passwordless
passwordless copied to clipboard
florianheinemann
Is there a success callback after a token is accepted?
Note: See my comment below.
I’m switching from Mozilla Persona to Passwordless. Persona provided a callback after it verified a visitor’s email; in this callback, I would store the visitor’s information in the req.session object, which persists across page views and sessions (it think, it works via a persistent session cookie, but I’m not sure).
Basically:
- Persona confirms a visitor’s email and sets it to
req.session.emailautomatically - Persona invokes my callback function
- Inside the callback, I retrieve the visitor’s data from my “users” database based on that email, and store it inside the
req.sessionobject (req.session.active = true, etc.) - From now on, throughout my app, I can perform checks like
if (req.session.active) { /* active subscriber */ }
If Passwordless provided a success handler after a token is accepted, I could use it to write to req.session like I did with Persona. I hope this is possible somehow.
I guess, I could do:
app.use(function (req, res, next) {
if (req.user && !req.session.email) {
// token was accepted but the corresponding req.session fields
// don’t exist yet; create them now
} else {
next();
}
})
but that runs during every request, so doing it once inside an acceptToken handler would be preferred 😅.
Ok, I’ve looked in the “sessions” database. Passwordless adds a field. It looks like req.user === req.session.passwordless. Good to know!
Sorry about the confusion; I wasn’t sure how req.user relates to the session, but I think it’s more clear to me now.
It would still be great to have a one-time handler to add extra fields to the session, though.
