Passport: Where is the strategy naming scheme documented?

Created on 18 Sep 2015  Â·  8Comments  Â·  Source: jaredhanson/passport

This has always confused me about passport. When I register a BearerStrategy, I can later use it to authenticate a route by using passport.authenticate("bearer"). From where should I infer that I have to use the string bearer here?

From what I can tell, it's simply a constant that is used in the strategy's constructor and I can only guess it, based on the name of the strategy, or by looking at the source of it.

Additionally, what if I need to use multiple BearerStrategy instances in my application? Can I assign different names to them? If so, how?

Is this documented somewhere and I'm simply missing it?

All 8 comments

passport.use('foo', new BearerStrategy())

passport.use('bar', new BearerStrategy())

passport.authenticate('foo')

Sent from my iPhone

On Sep 18, 2015, at 4:02 AM, Oliver Salzburg [email protected] wrote:

This has always confused me about passport. When I register a BearerStrategy, I can later use it to authenticate a route by using passport.authenticate("bearer"). From where should I infer that I have to use the string bearer here?

From what I can tell, it's simply a constant that is used in the strategy's constructor and I can only guess it, based on the name of the strategy, or by looking at the source of it.

Additionally, what if I need to use multiple BearerStrategy instances in my application? Can I assign different names to them? If so, how?

Is this documented somewhere and I'm simply missing it?

—
Reply to this email directly or view it on GitHub.

I actually think this is a pretty important/useful feature. It took me days of pain to figure out. It's only mentioned closed to the bottom of the documentation. My team was looking at me like :/

Additionally I believe this issue belongs here: https://github.com/passport/www.passportjs.org

Thanks for the help :)

This is really one of the aspects that was hardest for me to understand when reading the code samples. The string parameter that is used with passport.authenticate() seems to come out of nowhere. It is not made clear why this specific string needs to be used there.

IMHO, the documentation and examples would be much easier to understand if a name was always given when registering a strategy. That way the user will not be confused as to why a specific string is used. The option to not supply the name (and, thus, use the default name supplied by the strategy) should be noted, but I personally don't see the advantage.

Another option might be to expose the strategy name on the strategy itself, so you could use passport.authenticate(BearerStrategy.name). Which I would also consider easier to grasp.

@Kinnardian You're probably right that this is, if anything, a documentation issue. If requested, I'd be happy to work on a PR.

Thanks again for the support. Cheers

Was this ever fixed or documented properly? Just stumbled across the same issue. Was bewildered, where the "jwt" string for JSONWebToken strategy came from.

Same issue, seven months later. Was this fixed?

No, this isn't documented anywhere and this hasn't changed in the past 5 years. I was also not requested to make documentation changes. If you want to use a strategy, just look at the source code.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

angel1st picture angel1st  Â·  5Comments

tobymurray picture tobymurray  Â·  6Comments

franckl picture franckl  Â·  5Comments

itaditya picture itaditya  Â·  5Comments

ginovski picture ginovski  Â·  6Comments