I just wrote some code for authenticate that handles xhr
https://gist.github.com/cultofmetatron/5349630
in this day and age, I feel it should be default behavior to have parameters for xhr requests in express. If enough people agree or I have the blessings of the upstream guys, I can go in and try to add such functionality myself.
This is the idea of what Im going for
passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/login',
successXhr: JSONToSendBack
failureXhr: JSONToSendifFailure
failureFlash: true
+1
+1 :+1:
+1
+1
+1
+1
I've implemented a failWithError option that makes it easy to customize both success and response handling, without a custom callback. It would look something like:
app.post('/login',
passport.authenticate('local', { failWithError: true }),
function(req, res, next) {
// handle success
if (req.xhr) { return res.json({ id: req.user.id }); }
return res.redirect('/');
},
function(err, req, res, next) {
// handle error
if (req.xhr) { return res.json(err); }
return res.redirect('/login');
}
);
PS: The above will be available in Passport 0.2.0.
does this work with 'basic' strategy.
I am getting 500 for authentication when I tried to get back the error. Here is my code sample:
Without failWithError, i am getting 401 and I looked into the source code and find the
if (options.failWithError) {
console.log(http.STATUS_CODES[res.statusCode])
return next(new AuthenticationError(http.STATUS_CODES[res.statusCode], rstatus));
}
and it seems it is set up properly. Any thoughts on this ?
authenticate: (request, response, callback) =>
console.log('success_non')
response.send { authentication_token: request.user.authentication_token }
errorhandling: (error, request, response, callback) =>
console.log('error')
response.json(error)
setRoutes: (key, server) ->
super
server.get("/authentication", passport.authenticate('basic', { session: false, failWithError: true }), @authenticate, @errorhandling)
HTTP/1.1 500 Internal Server Error
WWW-Authenticate: Basic realm="Users"
Content-Type: application/json
Content-Length: 26
Date: Wed, 19 Feb 2014 22:57:54 GMT
Connection: keep-alive
{"message":"Unauthorized"}
curl -i --user tstuser1:12345678 -H 'Content-type: application/json' -X GET http://localhost:8080/authentication
{"message":"Unauthorized"}
passport.use new BasicStrategy { passReqToCallback: true }, (request, username, password, done) =>
# Set the master db for now and we want to load the right database from the request object
User.findOne { username: username }, (error, user) ->
if error
return done(error)
if not user
console.log 'dsf'
return done(null, false, { message: 'Username does not exist'} )
if not user.validPassword(password)
return done(null, false, { message: 'Incorrect Password'} )
return done(null, user)
Why isn't this documented?
This should be documented. Client-side needed to retrieve errors in .json format, so flashes would not work. Fail with error fixed my problem though. Thanks.
+1 I'd love to see this documented too
Someone wrote up an issue for that here: https://github.com/jaredhanson/passport/issues/458
This is still useful in 2021. The API support in passport needs to be updated imo. This allowed me to return errors to the client in JSON format.
Most helpful comment
Why isn't this documented?