Passport's logIn() function is not called

[blissi]

Hallo,
when using the guard to protect the login-route, the user is correctly set at the request-object when the user passes the right credentials (I am using the LocalStrategy). So I though, everything would be alright...
but the user is not persisted to the session.

By debugging I found out that the AuthGuard doesn't call Passport's logIn()-function and therefore the user is only set to the request, but not persisted to the session. I believe this is quite an unexpected behavior for most users because it is different to the default way that Passport works.

In my opinion this should either be fixed or at least documented.

[artonio]

Yes I ran into the same issue, the documentation is quite young but I did manage to get it working, and here is a tutorial on it: NestJS Basic Auth and Sessions Tutorial

[Kapnobatai3434]

Hey guys, will this fix be merged into the master branch?

[kamilmysliwiec]

See Inheritance section https://docs.nestjs.com/techniques/authentication

[Offlein]

I'm confused by the Inheritance section you refer to, @kamilmysliwiec.

In that section, you have a code comment that reads:

// Add your custom authentication logic here
// for example, call super.logIn(request) to establish a session.

But request is not defined in that context. I assume I am meant to get it instead like super.logIn(context.switchToHttp().getRequest());?

As well, there's a sample app for this section (https://github.com/nestjs/nest/tree/master/sample/19-auth/src) which has a jwt-auth.guard.ts file in, but that file isn't even seemingly called from anywhere.

Assuming that the super.logIn method actually works (and it would be great to understand how and why this is happening), I didn't understand for a while how to implement my custom AuthGuard child class.

Finally, I imported it as a provider in the .module.ts file, and then, in my controller, replaced the @UseGuards(AuthGuard('google')) line I had (..using Google, obviously!) with @UseGuards(GoogleAuthGuard), and I think I might be at least moving forward. Although I don't know if that's right or wrong.

...Although I'm getting issues in my Google strategy now, so we'll see what's up there... It's running my Strategy's serializeUser method with an undefined user and then crashing.

Edit: Whoops; I realized it wasn't crashing, just throwing a console.log because serializeUser didn't have a User yet.

Anyway, I successfully got the Google OAuth2 page, clicked it and got a profile back (which I've been able to do since yesterday), but it's still not an active session. When I go back to a page that requires auth, it still has no user in serializeUser and re-prompts me back to Google's authentication. :(