passport authenticate with support for XHR

Created on 9 Apr 2013  路  14Comments  路  Source: jaredhanson/passport

I just wrote some code for authenticate that handles xhr

https://gist.github.com/cultofmetatron/5349630

in this day and age, I feel it should be default behavior to have parameters for xhr requests in express. If enough people agree or I have the blessings of the upstream guys, I can go in and try to add such functionality myself.

This is the idea of what Im going for

passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/login',
successXhr: JSONToSendBack
failureXhr: JSONToSendifFailure
failureFlash: true

Most helpful comment

Why isn't this documented?

All 14 comments

+1

+1 :+1:

+1

+1

+1

+1

I've implemented a failWithError option that makes it easy to customize both success and response handling, without a custom callback. It would look something like:

app.post('/login',
  passport.authenticate('local', { failWithError: true }),
  function(req, res, next) {
    // handle success
    if (req.xhr) { return res.json({ id: req.user.id }); }
    return res.redirect('/');
  },
  function(err, req, res, next) {
    // handle error
    if (req.xhr) { return res.json(err); }
    return res.redirect('/login');
  }
);

PS: The above will be available in Passport 0.2.0.

does this work with 'basic' strategy.
I am getting 500 for authentication when I tried to get back the error. Here is my code sample:
Without failWithError, i am getting 401 and I looked into the source code and find the
if (options.failWithError) {
console.log(http.STATUS_CODES[res.statusCode])
return next(new AuthenticationError(http.STATUS_CODES[res.statusCode], rstatus));
}
and it seems it is set up properly. Any thoughts on this ?

  authenticate: (request, response, callback) =>
    console.log('success_non')
    response.send { authentication_token: request.user.authentication_token }

  errorhandling: (error, request, response, callback) =>
    console.log('error')
    response.json(error)

  setRoutes: (key, server) ->
    super
    server.get("/authentication", passport.authenticate('basic', { session: false, failWithError: true }), @authenticate, @errorhandling)
HTTP/1.1 500 Internal Server Error
WWW-Authenticate: Basic realm="Users"
Content-Type: application/json
Content-Length: 26
Date: Wed, 19 Feb 2014 22:57:54 GMT
Connection: keep-alive

{"message":"Unauthorized"}

curl -i --user tstuser1:12345678 -H 'Content-type: application/json' -X GET http://localhost:8080/authentication

{"message":"Unauthorized"}

    passport.use new BasicStrategy { passReqToCallback: true }, (request, username, password, done) =>
      # Set the master db for now and we want to load the right database from the request object
      User.findOne { username: username }, (error, user) ->
        if error
          return done(error)
        if not user
          console.log 'dsf'
          return done(null, false, { message: 'Username does not exist'} )
        if not user.validPassword(password)
          return done(null, false, { message: 'Incorrect Password'} )
        return done(null, user)

Why isn't this documented?

This should be documented. Client-side needed to retrieve errors in .json format, so flashes would not work. Fail with error fixed my problem though. Thanks.

+1 I'd love to see this documented too
Someone wrote up an issue for that here: https://github.com/jaredhanson/passport/issues/458

This is still useful in 2021. The API support in passport needs to be updated imo. This allowed me to return errors to the client in JSON format.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

fvgs picture fvgs  路  6Comments

angel1st picture angel1st  路  5Comments

Manubi picture Manubi  路  6Comments

xingrz picture xingrz  路  5Comments

apowers313 picture apowers313  路  6Comments