passport.js with multiple authentication providers?

Passport’s middleware is built in a way that allows you to use multiple strategies in one passport.authenticate(…) call. However, it is defined with an OR order. This is, it will only fail if none of the strategies returned success. This is how you would use it: app.post(‘/login’, passport.authenticate([‘local’, ‘basic’, ‘passport-google-oauth’]), /* this is how */ … Read more

Express-mysql-session preventing passport deserializeUser from running

It was impossible to replicate the problem, so I prepared a working example. [Github repo.] Its crafted for Openshift, since I saw the usage of its environment variables (it can be adapted with ease for other use cases). I did some modifications to the original concept : Replaced the old, deprecated (express) bundled middleware usages. … Read more

Sending back a JSON response when failing Passport.js authentication

I had a similar issue with Passport and failed login responses. I was building an API, and wanted all responses to be returned as JSON. Passport responds to an invalid password with status: 401 and body: Unauthorized. That’s just a text string in the body, not JSON, so it broke my client which expected all … Read more

nodejs passport authentication token

Simply use the access token on every request. Using a session is NOT needed. The following is the workflow: POST /signin The username and password are posted in the client request. The server authenticates the user by using passport’s Local Strategy. See passport-local. If the credentials represent a valid user, the server returns the access … Read more

Express Passport (node.js) error handling

The strategy-implementation works in conjunction with passport.authenticate to both authenticate a request, and handle success/failure. Say you’re using this route (which is passed an e-mail address and a password): app.post(‘/login’, passport.authenticate(‘local’, { successRedirect: ‘/loggedin’, failureRedirect: ‘/login’, // see text failureFlash: true // optional, see text as well }); This will call the code in the … Read more

How to authenticate Supertest requests with Passport?

As zeMirco points out, the underlying superagent module supports sessions, automatically maintaining cookies for you. However, it is possible to use the superagent.agent() functionality from supertest, through an undocumented feature. Simply use require(‘supertest’).agent(‘url’) instead of require(‘supertest’)(‘url’): var request = require(‘supertest’); var server = request.agent(‘http://localhost:3000’); describe(‘GET /api/getDir’, function(){ it(‘login’, loginUser()); it(‘uri that requires user to be … Read more

Why is PassportJS in Node not removing session on logout

Brice’s answer is great, but I still noticed an important distinction to make; the Passport guide suggests using .logout() (also aliased as .logOut()) as such: app.get(‘/logout’, function(req, res){ req.logout(); res.redirect(“https://stackoverflow.com/”); //Can fire before session is destroyed? }); But as mentioned above, this is unreliable. I found it behaved as expected when implementing Brice’s suggestion like … Read more