Session Issues

[toadzky]

I'm trying to use grant with koa, but my boss is pretty insistent that we not use session store for ANYTHING except the auth flows. So I can't just do what you examples do:

app.use(session(app)

I'm using the koa-joi-router and I tried this:

router.use('/connect', session(app))

to limit it to just the grant endpoints but I keep getting an error that I the session is missing or misconfigured. Based on some logs I added to grant in my node_modules folder, it looks like the redirect comes back and grant can't find session.grant or a provider. I added this to the callback generator around line 119:

    var grant = this.session.grant || {}
    var provider = config.provider(app.config, grant)
    var flow = flows[provider.oauth]
    console.log('callback invoked', this.session, provider);

which spits out: callback invoked {} {}.

Any suggestions or workarounds?

[simov]

I'm not sure if the session can be set per endpoint. Probably you can add a middleware before Grant's mount point and check if the user is about to navigate to a /connect/[provider] route, and initialize the session accordingly this.session = {}, then in your final callback where you receive the access token you can destroy the session this.session = null

[toadzky]

My solution was to fork the project and add a constructor parameter for additional middleware. That allows it to be added to the koa app that gets mounted. If i figure out how to do the same (if there is even a parallel idiom) for hapi/express, i'll probably send a PR your way.

[simov]

Got it. Actually up until version 3.0.3 Grant was using its own internal session store.
Then a few users wanted to have control over the session store used, so I just moved the middleware initialization outside of the Grant app. I never though about your use case actually.
If there is a strong demand for this feature I will reconsider it.