Isaac
asked on
express passportjs confusion
Hello All,
I am reading a book called express.js Blueprints. I am trying to wrap my mind around understanding authentication using passport. serializing and deserializing is not registering to me. I have just started learning node and express js so that's a big reason why.
Here's a code from the book on setting up passport. Starting with line 5, can someone please break down what's happening? Where is the "user" parameter coming from in the serializeUser function? Where did "user.id" come from?
I am reading a book called express.js Blueprints. I am trying to wrap my mind around understanding authentication using passport. serializing and deserializing is not registering to me. I have just started learning node and express js so that's a big reason why.
Here's a code from the book on setting up passport. Starting with line 5, can someone please break down what's happening? Where is the "user" parameter coming from in the serializeUser function? Where did "user.id" come from?
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var User = require('mongoose').model('User');
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, done);
});
passport.use(new LocalStrategy(function(email, password, done) {
User.findOne({
email: email
}, function(err, user) {
if (err) return done(err);
if (!user) {
return authFail(done);
}
if (!user.validPassword(password)) {
return authFail(done);
}
return done(null, user);
});
}));
In answer to your first question
The serialize and deserialize functions are used to save user data to passport and retrieve it again. When you login the user object (details associated with your user) are only available at authentication time. That means if you want to get user info relating to the user account after login you need to save those values in the session (or query them each time which would require you save at least a unique ID linked to the user).
The serialize method is where you tell passport what data you want it to save in the session relating to the user. The deserialize function is where you ask passport to give that data back to you.
It is explained in detail in the docs here http://passportjs.org/docs#sessions
With reference to your second question - the username and password is handled differently depending on the strategy you use. In the case of one of the in-built strategies passport handles that for you. In the case of a custom strategy you setup a form with username and password fields and then create a route that sends this to passport.
You can read more about this here http://passportjs.org/docs#configuration
The serialize and deserialize functions are used to save user data to passport and retrieve it again. When you login the user object (details associated with your user) are only available at authentication time. That means if you want to get user info relating to the user account after login you need to save those values in the session (or query them each time which would require you save at least a unique ID linked to the user).
The serialize method is where you tell passport what data you want it to save in the session relating to the user. The deserialize function is where you ask passport to give that data back to you.
It is explained in detail in the docs here http://passportjs.org/docs#sessions
With reference to your second question - the username and password is handled differently depending on the strategy you use. In the case of one of the in-built strategies passport handles that for you. In the case of a custom strategy you setup a form with username and password fields and then create a route that sends this to passport.
You can read more about this here http://passportjs.org/docs#configuration
ASKER
Where does the 'user.id' come from?
I'm trying to use 'local-strategy' and 'passport-local-mongoose'.
passport.serializeUser(function(user, done) {
done(null, user.id);
});
Is it checking the database? I don't have a 'user' field in my mongo db.I'm trying to use 'local-strategy' and 'passport-local-mongoose'.
ASKER
>>When you login the user object (details associated with your user) are only available at authentication time.
Is the user object created when they try to sign into the database?
Is the user object created when they try to sign into the database?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How does the username and password get passed to the function?
Open in new window