Make passport.authenticate() callbacks more useful #423
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
callback
argument is challenging to use because passport treats it as analternative to its default behavior for Strategy#succes, #fail and #error, but
the callback doesn't have access to the same middleware variables (req, res,
next, multi and failures) that passport does.
This is change moves all passport login logic into a function, and uses that
function as the default value of
callback
. The only API change is that thesignature of the
callback
function changes from:To
This changes code that previously needed to do this:
To be able to do this:
This has three main benefits:
passport
developers
I feel this is valuable because the only reason you'd want to use the callback
argument instead of default passport handling is if your application was
delegating session management outside of Express (e.g. to another service), and
performance was a major consideration.
Given the existing workarounds for the issue, the change should also not have
any negative security implications.