passport-http-bearer
passport-http-bearer copied to clipboard
jaredhanson
Unable to send custom messages from passport.authenticate in route
I had implemented passport-http-bearer for authentication and upon token expiry i need to send token expired message from my rest api.For that I throw a message from BearerStrategy .But from the library it throws only 'Unauthorized' message. `passport.use(new BearerStrategy( function(accessToken, done) {
AccessToken.findOne({where:{token:accessToken}}).then((token) => {
if (!token) {
return done(null, false);
}
if( Math.round((Date.now()-token.created_at)/1000) > config.expireTime ) {
AccessToken.destroy({where:{token: accessToken}}).catch(err =>{console.log(err);return done(err);});
return done(null, false, { message: 'Token expired' });
}
User.findById(token.user_id).then((user)=>{
if (!user) {
return done(null, false, { message: 'Unknown user' });
}
var info = { scope: '*' };
done(null, user, info);
}).catch(err => {console.log(err);return done(err); })
}).catch(err=>{console.log(err);return done(err);});`
And the api route is
app.get(version+'/grids',passport.authenticate('bearer', { session: false }),gridsController.list);
How to get the token expired message instead of 'Unauthorized' message
Have you verified the "Token expired" branch is run?
I'd dive in deeper if you could provide a minimal runnable example (maybe as a gist).
Another minor performance hint: I'd calculate the token expiration date in milliseconds, save that, and then just compare it to Date.now() in each check, since the check operation is probably performed lots more times.
Update:
from the library it throws only 'Unauthorized' message.
I guess you mean the "HTTP/1.1 401 Unauthorized" status code? That's a standardized part of the protocol. The place for custom messages would be in the error response body, which might be generated by later middleware using the data in req.authInfo.
You could also try providing a custom error as the first arument to done.
