passport icon indicating copy to clipboard operation
passport copied to clipboard
verified publisher icon jaredhanson

req.logIn does not set req.authInfo if callback is given

Open mp3por opened this issue 8 years ago • 2 comments

Hello,

Thank you for creating this awesome library.

I am writing a SailsJS application which uses passport and oauth2orize to handle API authentication.

In my app I would like to display custom errors when the API user does not specify required parameters. Therefore I would like to "catch" errors coming out from passport.authenticate which automatically sends an error response if one occurs and no callback has been specified. Thus I wrote a callback in my SailsJS policy file which guards the route. The way policies work in SailsJS is that they have to call next() if there is no problem or next(err) if there is an error to be displayed.

POLICY

As you can see I am doing the "manual login" so that I can return a custom error when passport fails because of missing required arguments like client_id or client_secret so that I can handle the error ( which is very troublesome since it breaks the flow and I see no reason why passport does not simply call my next function with an appropriate error, rather than just exiting as fast as possible, but there is already an issue for that ).

The issue:

req.logIn does not set authInfo when I pass in a callback programmed on line 213. This is a problem because after my authentication is done through passport I handle control to oauth2orize for access tokens and it expects authInfo to be set and thus fails if I do not manually do that part as well. This combined with the aforementioned issue caused me tons of time in debugging.

My problem is that this is not something I should be doing like this.

By not setting this I get an error in my exchangePasswordHandler about missing req.session.

The solution:

I believe there a very easy solution to this problem. If you run the callback not before but rather after you have actually logged in the user it would run perfectly. Something like this

mp3por avatar Nov 22 '17 20:11 mp3por

Hello ???

mp3por avatar Dec 04 '17 11:12 mp3por

I may be a little late but posting this for others who might have the same issue. It's really simple:

async (err, user, info) => {
        
       if (err || !user || _.isEmpty(user)) {

           // Pass the error to the next error handling middleware

          return next(info)

        } else {

          // Preserve req.authInfo for the next route

          req.authInfo = info

          // Prepare the user for the next route

          req.user = user

          return next()

        }
}

soulwax avatar Aug 26 '22 07:08 soulwax