passport.js

问题 I am developing a MEAN application. I am using passport for authentication- local, facebook and google strategies. I am using angularjs client. All the routing is handled at client. I am only consuming server data apis. When using passport-facebook strategy, I am using below code at node server as per passport docs. app.get('/auth/facebook',passport.authenticate('facebook-auth', { scope : ['email'] })); app.get('/auth/facebook/callback',passport.authenticate('facebook-auth', { successRedirect

问题 I wrote a JS script for a webserver that includes authentication using the passport and the digest strategy. I am not using sessions, but I have tried using sessions and it does not change the results. The browser requests the "/login" route and displays a built-in login dialog. Authentication works fine, but I can't get the user to "logout." The problem seems to be that the browser remembers the login credentials and resends them automatically. The end result is that the user must close the

问题 I am using the local strategy of Passport.js to authenticate users for my API. I am writing tests for this API, and I need a way of mocking Passport.js in the tests to simulate an authenticated/unauthenticated user hitting the API. What would be the most efficient way of doing this? 回答1: One possible option: in your test setup, you can passport.use a mock strategy under the local name: passport.use('local', new MockStrategy()); Implement MockStrategy to pass the request, or whatever your test

问题 I have created an app that simply uses a JWT sent by the server upon correct login credentials, and authorizes against any /api route on my backend Express.js server. AngularJS, on the other hand, took this token, stored it in session storage, and used an auth interceptor every go around to send the token back to the server. I've more recently come to understand how dangerous this practice is. I understand the transfer method of tokens back and forth, in this scenario. However, would someone

问题 I'm using Passport.js to do authentication, and per Google's OAuth2 documentation, I'm passing in a state variable: app.get('/authenticate/googleOAuth', function(request, response) { passport.authenticate('google', { scope: [ 'https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email' ], state: { blah: 'test' } })(request, response); }); However, I can't seem to access that variable at a later date: passport.use(new googleStrategy( { clientID: '...',

问题 I am new to PassportJS and AngularJS and I have a doubt about how to proceed with this authorization. I have Spring REST API Secured by Oauth2, but I have to send together user credentials like this: [http://localhost:8080/myapp/oauth/token] grant_type=password&username=email&password=password&client_id=09e749d8309f4044&client_secret=189309492722aa5a&scope=read In client my application I use passport and I want to authorize/authenticate my users, how can I create a Stratagy for this ? I will

问题 I'm using Express 4 where I have a route protected by passport.js, like this: var media = require('express').Router(); media.get('/', function(req, res) { // provide results from db }); media.post('/', passport.authenticate('bearer'), function(req, res) { // This route is auth protected }); So - get collection routes should (mostly) not be protected for me, and create/update routes should. But this requires me to pass passport to all my route files (I have 7 so far), then to add that as a

问题 I have a nodejs api with an angular frontend. The API is successfully using JWT with passport to secure it's endpoints. I am now conscious that after the tokens have expired, my front end will still allow the user to request my api endpoints without prompting them to reenter their log in details to get a fresh token. This is how my backend generates the token: function generateToken(user) { return jwt.sign(user, secret, { expiresIn: 10080 // in seconds }); } So to implement this logic I think

问题 I use Passport.js and passport-google-oauth20 in my nodejs aplication for authenticating with a "Google Strategy". I just received an email from Google indicating that I use "plus.people.get" from the Google+ API and that it will be deprecated. Should I change something? I do not use directly this API call but maybe Passport does? 回答1: Yes the Google OAuth strategy for Passport currently uses the Google+ API endpoints for retrieving the user's profile information. If you disable the Google+

问题 We have two types of Users, Admin and general Users. passport.serializeUser(function(user, done) { console.log('Sear'); done(null, user.id); }); passport.deserializeUser(function(id, done) { console.log(id); console.log("Deser"); User.findById(id, function(err, user) { if(err) done(err); if(user){ done(null, user); }else{ vendorUser.findById(id, function(err, user){ if(err) done(err); done(null,user); }); } }); }); Console.log gets outputted frequently (even on a single API request) with the