Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passport's logIn() function is not called #7

blissi opened this issue May 12, 2018 · 4 comments


Copy link

@blissi blissi commented May 12, 2018

when using the guard to protect the login-route, the user is correctly set at the request-object when the user passes the right credentials (I am using the LocalStrategy). So I though, everything would be alright...
but the user is not persisted to the session.

By debugging I found out that the AuthGuard doesn't call Passport's logIn()-function and therefore the user is only set to the request, but not persisted to the session. I believe this is quite an unexpected behavior for most users because it is different to the default way that Passport works.

In my opinion this should either be fixed or at least documented.


This comment has been minimized.

Copy link

@artonio artonio commented Jun 8, 2018

Yes I ran into the same issue, the documentation is quite young but I did manage to get it working, and here is a tutorial on it: NestJS Basic Auth and Sessions Tutorial

revant added a commit to revant/passport that referenced this issue Jul 1, 2018
Call Passport's logIn() function to set and persist user to the request

Fixes issue nestjs#7 Passport's logIn() function is not called

This comment has been minimized.

Copy link

@Kapnobatai3434 Kapnobatai3434 commented Jul 16, 2018

Hey guys, will this fix be merged into the master branch?


This comment has been minimized.

Copy link

@kamilmysliwiec kamilmysliwiec commented Aug 31, 2018


This comment has been minimized.

Copy link

@Offlein Offlein commented Sep 15, 2018

I'm confused by the Inheritance section you refer to, @kamilmysliwiec.

In that section, you have a code comment that reads:

// Add your custom authentication logic here
// for example, call super.logIn(request) to establish a session.

But request is not defined in that context. I assume I am meant to get it instead like super.logIn(context.switchToHttp().getRequest());?

As well, there's a sample app for this section ( which has a jwt-auth.guard.ts file in, but that file isn't even seemingly called from anywhere.

Assuming that the super.logIn method actually works (and it would be great to understand how and why this is happening), I didn't understand for a while how to implement my custom AuthGuard child class.

Finally, I imported it as a provider in the .module.ts file, and then, in my controller, replaced the @UseGuards(AuthGuard('google')) line I had (..using Google, obviously!) with @UseGuards(GoogleAuthGuard), and I think I might be at least moving forward. Although I don't know if that's right or wrong.

...Although I'm getting issues in my Google strategy now, so we'll see what's up there... It's running my Strategy's serializeUser method with an undefined user and then crashing.

Edit: Whoops; I realized it wasn't crashing, just throwing a console.log because serializeUser didn't have a User yet.

Anyway, I successfully got the Google OAuth2 page, clicked it and got a profile back (which I've been able to do since yesterday), but it's still not an active session. When I go back to a page that requires auth, it still has no user in serializeUser and re-prompts me back to Google's authentication. :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
5 participants
You can’t perform that action at this time.