move to passport.js from key,email,client

Question

In my app, there are 3 ways to auth. Google, Facebook, and local. I'm not using passport yet.

After the user auth, he choose a client (every user must have at least one client).

Then every API request contains 3 querystring parameters: email, key, client. Currently I'm manullay adding req.user and req.client to req object

I'm want to move to passport, because then the app will easily support twitter and linked signin.

Before I start other login method, I need to migrate the current app to passport.

My app currently not using sessions or cookies. all credentials data, saved in browser localStorage, and sent in each request. I don't want to change it.

The question is: How to make passport login using email, key, and client? how to make it add req.client and not only req.user.

I do not really understand where is the bet option to put my logic, and where to give passport the power.

Do I need to use passport.serializeUser? What to put in the route, and what to put in the app.use??

Express sets **req.session.passport.user** after it finds the cookie in user request. **Passport.js** uses the content of **req.session.passport.user** and then sets **req.user** , what you have to do is also set the **req.client** and I bet the best place would be **deserializeUser** method. Please have a look at my answer to this question for details http://stackoverflow.com/questions/35359295/how-does-passport-js-stores-user-object-in-session/35360972#35360972 — Raf, Feb 16 '16 at 12:51
Are you sure? I thing that passport call deserializeUser only to require a session. So it will not be called in the first time user try to login. — Aminadav Glickshtein, Feb 17 '16 at 06:20
if you attach passport.session() to the app, then it will attach session to each request and that means each request calls deserializeUser. If you put your passport.session() above express static config, then deserializeUser is even called once for each static content i.e. image, css, javascript, etc. Read my answer about serialize and deserialize user in here http://stackoverflow.com/questions/34675655/when-serialize-and-deserialize-call-in-passport-js/34888253#34888253 — Raf, Feb 17 '16 at 09:46
But the first request afrer authenticate the session is created not restored. deserialUser called only when restoring user from session. Right after auhtenticate success i'm sure that deserialaizerUser function dont run. And want about i want req.client not session.client. this is stateless app — Aminadav Glickshtein, Feb 17 '16 at 10:42

score -1 · Answer 1 · answered Feb 16 '16 at 23:49

I would recommend a standards-based way to support cookie-less authentication. Check out: https://github.com/themikenicholson/passport-jwt

var JwtStrategy = require('passport-jwt').Strategy,
    ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = 'secret';
opts.issuer = "accounts.examplesoft.com";
opts.audience = "yoursite.net";
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
    User.findOne({id: jwt_payload.sub}, function(err, user) {
        if (err) {
            return done(err, false);
        }
        if (user) {
            done(null, user);
        } else {
            done(null, false);
            // or you could create a new account
        }
    });
}));

Well it is an answer, it just might not be what you want to hear. — tutley, Feb 16 '16 at 23:53

move to passport.js from key,email,client

1 Answers1