Routing-controllers: Please support OAuth providers with @Authorized

Created on 28 Jul 2019  路  5Comments  路  Source: typestack/routing-controllers

It would be nice to if we can get some nicer out of the box support or some examples of how to support OAuth providers.

OAuth providers are covered in passport.js who currently support 500+ providers known as strategies. But this would require us using @UseBefore(passport.authenticate(string)) and not the @Authorized() middleware.

The question:
What are your recommendations for using @Authorized() with third party OAuth providers like Facebook / Google?

awaiting answer

Most helpful comment

@gruckion, it can be implemented with next configuration:

import express from 'express';
import { Action, useExpressServer } from 'routing-controllers';

const app = express();

useExpressServer(app, {
  authorizationChecker: (action: Action) => new Promise<boolean>((resolve, reject) => {
    passport.authenticate('bearer', (err, user) => {
      if (err) {
        return reject(err);
      }
      if (!user) {
        return resolve(false);
      }
      action.request.user = user;
      return resolve(true);
    })(action.request, action.response, action.next);
  }),
  currentUserChecker: (action: Action) => action.request.user,
});

Then you'll be able to use both @Authorized() and @CurrentUser decorators.

However @UseBefore(passport.authenticate(string)) is not so bad as well.

All 5 comments

Any updates?

@gruckion, it can be implemented with next configuration:

import express from 'express';
import { Action, useExpressServer } from 'routing-controllers';

const app = express();

useExpressServer(app, {
  authorizationChecker: (action: Action) => new Promise<boolean>((resolve, reject) => {
    passport.authenticate('bearer', (err, user) => {
      if (err) {
        return reject(err);
      }
      if (!user) {
        return resolve(false);
      }
      action.request.user = user;
      return resolve(true);
    })(action.request, action.response, action.next);
  }),
  currentUserChecker: (action: Action) => action.request.user,
});

Then you'll be able to use both @Authorized() and @CurrentUser decorators.

However @UseBefore(passport.authenticate(string)) is not so bad as well.

@gruckion, it can be implemented with next configuration:

import express from 'express';
import { Action, useExpressServer } from 'routing-controllers';

const app = express();

useExpressServer(app, {
  authorizationChecker: (action: Action) => new Promise<boolean>((resolve, reject) => {
    passport.authenticate('bearer', (err, user) => {
      if (err) {
        return reject(err);
      }
      if (!user) {
        return resolve(false);
      }
      action.request.user = user;
      return resolve(true);
    })(action.request, action.response, action.next);
  }),
  currentUserChecker: (action: Action) => action.request.user,
});

Then you'll be able to use both @Authorized() and @CurrentUser decorators.

However @UseBefore(passport.authenticate(string)) is not so bad as well.

Very nice @DimaIT, I will take a look at this soon and let you know what I end up with.

Stale issue message

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mlarsson picture mlarsson  路  5Comments

d-bechtel picture d-bechtel  路  6Comments

humbertowoody picture humbertowoody  路  4Comments

iangregsondev picture iangregsondev  路  3Comments

ghost picture ghost  路  5Comments