passport icon indicating copy to clipboard operation
passport copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Strategies challanges string or object?

Open peteruithoven opened this issue 8 years ago • 2 comments

I'm trying to figure out how challenges should be handled.

Looking through passport's authenticate middleware's fail handling I understand that the challenge a strategy should give to fail can either be a string or object with fields like type and message. Only string challenges are put into the WWW-Authenticate header, but challenges that are objects are way more usable in a callback. This kind of means the strategy needs to consider the API it's used in, which seems like an issue?

I for example like to use a bearer strategy for a json api and return possible authentication errors through json. But this strategy returns challenge strings.

The best docs I could find on Passport strategies mention challange should be string btw: https://github.com/jaredhanson/passport-strategy#strategyfailchallenge-status

peteruithoven avatar Dec 20 '16 14:12 peteruithoven

From what I read on the source, it should always be a string.

barraponto avatar Oct 27 '17 12:10 barraponto

The comments on the source code say it should be a string. But I found actually it's an object or Error.

feibyte avatar Jan 04 '20 23:01 feibyte