Comments (10)
Is there something wrong with the way I have worded the question?
from koa-passport.
Hi @dagda1, your question is fine, I just was on vacation. What version of koa-passport
are you using?
from koa-passport.
Thank you for responding.
I am using koa-passport@^3.0.0-rc.1
from koa-passport.
Does adding a return ctx.login(user)
at the end of passport.authenticate
help?
from koa-passport.
Yes that ensures serializeUser is called. What I am looking to do is have ctx.user
set on the server for the session so that I don't have to pass the id back to the client.
How can I ensure that it set?
from koa-passport.
Looking at your example (considering you have added the ctx.login
) it should actually already work. The user should be at ctx.state.user
. Is this the case?
from koa-passport.
yes, it works. Brilliant, thanks!
from koa-passport.
I really apologise about reopening but deserializeUser is not called. I am confused as to when this should be called.
What I want to get away from is having the id in the jwt that is returned to the client.
When should I set ctx.state.user
and how can I then ensure it is in the session on each request that has a valid jwt without storing the id in the jwt on the client.
from koa-passport.
I cannot spot an error in your implementation, yet. ctx.state.user
should be set automatically once a user is logged in. Passport should set a cookie containing the information you returned in serializerUser
. If such a cookie is found, the deserializeUser
is called with this information, which is the user id in you case. That is, you do not need to have the user id in the jwt, because it is saved in the cookie (in a encrypted way).
I've updated koa-passport-example to make use of async/await and in this example, deserialzeUser
is called properly and I don't really see a difference to your implementation.
Something else: a goal of using JWTs is to do not have to use sessions (sessions in terms of restoring the user on each request). So you are maybe mixing up two different approaches. If you are doing this on purpose, this is of course fine. If you are just going to use JWT for authentication, I would actually ditch the koa-passport
dependency. Because all you need is a route the checks username and password and creates a JWT accordingly. If you need to restore a user from a cookie, you can also save the JWT to a cookie (but make sure to save it using HttpOnly
and Secure
flags; and very important, take means to protect the token against CSRF!).
from koa-passport.
Thank you for the advice. I removed koa-passport
from koa-passport.
Related Issues (20)
- koa-passport doesn't work with local-strategy? HOT 1
- Delegate Koa's ctx.protocol in request HOT 1
- external session storage does not work HOT 2
- The callback in ctx.login() is not being executed, "Error: Failed to serialize user into session" HOT 9
- Strange behavior for passport.authenticate() function HOT 8
- passport.authenticate("jwt", {session: false}) will not executed. Does koa-passport support JWT strategies? HOT 1
- passport serialize user: next is not a function HOT 2
- mocking request loses original koa app instance, breaking resolving of req.subdomains, because req.app.subdomainOffset is undefined HOT 4
- Documentation | authenticate() HOT 2
- Use koa-passport without koa-session HOT 1
- Not work well with @koa/router in Typescript HOT 2
- koa-passport@next is broken! HOT 1
- Passing multiple strategies to passport.authenticate() HOT 1
- export `AuthenticateOptions` HOT 1
- Should `ctx.state.user` contains `password`? HOT 1
- Update passport to latest version HOT 2
- req.session.regenerate is not a function HOT 17
- Mix of express/koa with passport in both breaks HOT 3
- Passport authentification - LocalStrategy async/await issue
- userProperty option doesn't work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from koa-passport.