You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just discovered your package here and wanted to ask you about a potential implementation of it, if you had a moment to help me understand if it is possible given my use case, I would greatly appreciate it.
My use case is this: I have a multitenant setup of Expressjs with multiple sub-apps and middlewares that intercept all traffic across the subdomains of the host. I am also using Passportjs to authenticate users and provide credentials for certain features across my app.
My problem to solve is this: I cannot authenticate with passport and share that state across apps. I've tried a couple of different solutions, but my thinking is that because these are separately created apps (const newApp = express() ; mainApp.use(newApp)) that passport isn't able to span the req object modifications across each app.
The behavior I'm experiencing is this: A user can go to login.{host} and login with any of the passport authentication strategies I am using. Then, the user is logged in and cookies/session state is saved for that user on the domain login.{host}. However, they are not logged in anywhere else on the host; {host}, other.{host}, etc... all appear to have separate states when it comes to the req object and passport's method of authenticating (req.isAuthenicated() === false on all others). I can do other.{host}/login to login to the other.{host} subdomain of the app and req.isAuthenticated becomes true for that domain but the user isn't shared. I am hoping to have a single landing page for logging in across all of the different subdomains, or just some of the subdomains based on roles and permissions.
How I think uest may be able to help: Sharing state? If I put uest in front of my subdomain routing (which I handle entirely within Express, not outside of the application in any way through DNS or proxy) can I inject the authentication from one subdomain to all of the others? I am thinking of something like the example below, but I don't know if I am fully understanding this right.
const uest = require('uest')
app.use(uest())
app.all((req, res, next) => {
return req.uest({
method: 'POST',
url: '/api/sessions',
body: {email, password}
}, (er, resp, body) => {
if (er) {
// Deal with specific "Forbidden" error
if (er.status === 403) {
return res.render('login', {error: "Wrong login/password"})
}
return next(er); // for any other error
}
console.log('User-session created for', body.user)
// `req.session` is up-to-date
console.log(`Welcome back ${req.session.user.firstname}!`
res.redirect('/profile')
})
}
)
I did a quick copy and paste of the example in the README, obviously my code is more complex than the example above.
I've been searching for a way to resolve this issue I am having. I have been concerned that what I am trying to do is not possible and that it is a limitation of subdomains and requests in the browser/express. Did I just get lucky and stumble across the solution to all my woes here? Is this package made to be used for exactly the problem I am experiencing? Thank you for your insights on this.
Note: I will try to put uest into my codebase sometime this week and actually do some testing. I just wanted to ask this question ahead of that in case I'm just totally misunderstanding. Thanks for contributing to FOSS! <3
The text was updated successfully, but these errors were encountered:
Hello !
I just discovered your package here and wanted to ask you about a potential implementation of it, if you had a moment to help me understand if it is possible given my use case, I would greatly appreciate it.
My use case is this: I have a multitenant setup of Expressjs with multiple sub-apps and middlewares that intercept all traffic across the subdomains of the host. I am also using Passportjs to authenticate users and provide credentials for certain features across my app.
My problem to solve is this: I cannot authenticate with passport and share that state across apps. I've tried a couple of different solutions, but my thinking is that because these are separately created apps (
const newApp = express() ; mainApp.use(newApp)
) that passport isn't able to span thereq
object modifications across each app.The behavior I'm experiencing is this: A user can go to login.{host} and login with any of the passport authentication strategies I am using. Then, the user is logged in and cookies/session state is saved for that user on the domain
login.{host}
. However, they are not logged in anywhere else on the host; {host}, other.{host}, etc... all appear to have separate states when it comes to the req object and passport's method of authenticating (req.isAuthenicated() === false
on all others). I can do other.{host}/login to login to the other.{host} subdomain of the app and req.isAuthenticated becomes true for that domain but the user isn't shared. I am hoping to have a single landing page for logging in across all of the different subdomains, or just some of the subdomains based on roles and permissions.How I think
uest
may be able to help: Sharing state? If I putuest
in front of my subdomain routing (which I handle entirely within Express, not outside of the application in any way through DNS or proxy) can I inject the authentication from one subdomain to all of the others? I am thinking of something like the example below, but I don't know if I am fully understanding this right.I've been searching for a way to resolve this issue I am having. I have been concerned that what I am trying to do is not possible and that it is a limitation of subdomains and requests in the browser/express. Did I just get lucky and stumble across the solution to all my woes here? Is this package made to be used for exactly the problem I am experiencing? Thank you for your insights on this.
Note: I will try to put
uest
into my codebase sometime this week and actually do some testing. I just wanted to ask this question ahead of that in case I'm just totally misunderstanding. Thanks for contributing to FOSS! <3The text was updated successfully, but these errors were encountered: