I am using passport.js for authentication in my web app. I am following the example given here, that is the following code:
app.get('/api/me',
passport.authenticate('bearer', { session: false }),
function(req, res) {
res.json(req.user);
});
now, the thing is that the code inside function(req, res) is called only with the correct access_token. If the login is wrong the function is never called and it just returns "Unauthorized". Is there a way to execute the function anyway? For example something like this:
app.get('/api/me',
passport.authenticate('bearer', { session: false }),
function(req, res) {
if(req.user){
res.json(req.user);
} else {
res.json({ error: 'whatever' })
}
});
which obviously does not work as the function is never called!
here is a pastie from my code. I would basically like my router to render the page anyway, even with wrong credentials.
From Passport's authenticate page, the authenticate method accepts an optional custom callback function as its third argument.
I haven't tried out with a Bearer strategy, but I don't think it will be any different.
BUT bear in mind that if you this callback function, you have to handle the login process yourself, using res.logIn()
So
app.get('/api/me',
passport.authenticate('bearer', { session: false },
function(err, user,info) {
if (err) { return next(err); } // If there's an error the process
if (!user) { return res.json({ error: 'user not found' }) } // If the user's not found
req.logIn(user, function(err) { // User exists !
if (err) { return next(err); }
return res.json(req.user);
});
});
);
Does that help you ?