It fails at the line const token = jwt.sign(user, config.secret, { With error “Expected “payload” to be a plain object” Your user object is initialized here: User.getUserByUsername(username, (err, user) Which I assume is mongoosejs object, which contains many methods and is not “serializable”. You could handle this by passing a plain object, by either using … Read more
The best solution I found for that problem would be to redirect to the expected page with a cookie which holds the JWT. Using res.json would only send a json response and would not redirect. That’s why the other suggested answer here would not solve the problem I encountered. So my solution would be: app.get(‘/auth/facebook/callback’, … Read more
Can I send a url, or some other value, to the IdP that will get round-tripped and POSTed back in the response SAML? And if so, how can I access it in my /login/callback route? To round-trip a value via the IdP you need to use RelayState. This is a value that you can send … Read more
Am doing the same course, fix is there on udemy. From Udemy : Passport v.0.6.0 is currently broken due to an incompatibility: https://github.com/jaredhanson/passport/issues/907 The maintainer suggests using the latest v0.5.0 until a fix is pushed out. Use: npm uninstall passport npm install [email protected] this worked fine for me.
What you are seeing there is the string substitution patterns that are built into console.log() or console.debug(). The pattern goes as I have presented below: %s for a String %d or %i for Number %f for Floating points %o for an Object %j for an JSON So essentially you are replacing the specifier with the … Read more
The reason this doesn’t work is because you’re passing state as an object instead of a string. Seems like passport doesn’t stringify that value for you. If you want to pass an object through the state param, you could do something like this: passport.authenticate(“google”, { scope: [ ‘https://www.googleapis.com/auth/userinfo.profile’, ‘https://www.googleapis.com/auth/userinfo.email’ ], state: base64url(JSON.stringify(blah: ‘test’)) })(request, response); … Read more
You could create a simple middleware that checks the group: var needsGroup = function(group) { return function(req, res, next) { if (req.user && req.user.group === group) next(); else res.send(401, ‘Unauthorized’); }; }; app.get(‘/api/users’, passport.authenticate(‘local’), needsGroup(‘admin’), function(req, res) { … }); This assumes that the object stored in req.user has a property group. This object is … Read more
Alternatively, you can hijack the ‘router:request’ event to plug in passport for socket requests. I do this in ‘config/bootstrap.js’: module.exports.bootstrap = function (cb) { var passport = require(‘passport’), initialize = passport.initialize(), session = passport.session(), http = require(‘http’), methods = [‘login’, ‘logIn’, ‘logout’, ‘logOut’, ‘isAuthenticated’, ‘isUnauthenticated’]; sails.removeAllListeners(‘router:request’); sails.on(‘router:request’, function(req, res) { initialize(req, res, function () { … Read more
You can just create your own AuthGuard for example by extending the existing one: export class OptionalJwtAuthGuard extends AuthGuard(‘jwt’) { // Override handleRequest so it never throws an error handleRequest(err, user, info, context) { return user; } } And then use this one on your controllers instead: @UseGuards(OptionalJwtAuthGuard)
TL;DR You must verify the signature of JWS in the server always. Client-side signature verification doesn’t gives much, unless you have a specific case where it makes sense don’t do it. You don’t need to verify the signature of a JWS token to check expiration in the client. (unless you were encrypting the claims, aka … Read more