使用Everyauth/Passport.js通过Twitter进行身份验证，同时询问用户名/电子邮件/密码 [英] Using Everyauth/Passport.js to authenticate with Twitter whilst asking for username/email/password

问题描述

我想创建一个身份验证系统，用户可以通过该系统注册Twitter"，但是有效地做的就是对他们的Twitter帐户进行身份验证，并用他们的Twitter用户名预填写注册表.然后将要求用户输入电子邮件和密码(或备用用户名).

I want to create an authentication system whereby the user can "sign up with Twitter", but all this effectively does is authenticate their Twitter account and prefills a registration form with their Twitter username. The user will then be asked to enter an email and password (or an alternative username).

因此，在注册时，用户已经对他们的Twitter帐户进行了身份验证访问，并且访问令牌可以存储在数据库中.接下来，我将使用它来访问Twitter API.

Thus, upon registration, the user has authenticated access to their Twitter account, and the access token can be stored in a database. Later down the line I will use this to access the Twitter API.

Node模块(例如everyauth和passport)通过OAuth进行了大量繁重的工作，但它们似乎仅提供了findOrCreateUser方法，该方法并没有太多的喘息空间来执行类似的操作我需要做的-也就是说，在注册用户之前重定向到注册表单，或者如果找到用户，只需照常登录即可.

Node modules such as everyauth and passport do a lot of the heavy lifting with OAuth, but they only appear to provide a findOrCreateUser method, which doesn't offer a lot of breathing space to do something like what I need to do – that is, redirect to a registration form before registering the user, or if a user is found, just logging them in as per usual.

推荐答案

以下是此方法的简要概述:

Here's a quick sketch of a possible approach for this:

请注意，Passport不提供findOrCreateUser方法.所有数据库管理和记录创建都是由您的应用程序定义的(应该如此)，Passport只是提供了用于身份验证的功能.

Note that Passport does not provide a findOrCreateUser method. All database management and record creation is defined by your application (as it should be), Passport simply provides facilities for authentication.

此方法的关键是从Twitter提供的配置文件数据中简单地在数据库中创建一个不完整"的用户记录.然后，在应用程序的路由中，可以检查是否满足所需条件.如果不是，请将用户重定向到提示他们填写缺少的详细信息的表单.

The key to this approach is to simply create an "incomplete" user record in your database, from the profile data given by twitter. Then, in your application's routes, you can check if the conditions you need are met. If not, redirect the user to a form where they are prompted to fill out missing details.

passport.use(new TwitterStrategy({
    consumerKey: TWITTER_CONSUMER_KEY,
    consumerSecret: TWITTER_CONSUMER_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/twitter/callback"
  },
  function(token, tokenSecret, profile, done) {
    // Create a user object in your database, using the profile data given by
    // Twitter.  It may not yet be a "complete" profile, but that will be handled
    // later.
    return done(null, user);
  }
));

app.get('/auth/twitter',
  passport.authenticate('twitter'));

app.get('/auth/twitter/callback', 
  passport.authenticate('twitter', { failureRedirect: '/login' }),
  function(req, res) {
    // The user has authenticated with Twitter.  Now check to see if the profile
    // is "complete".  If not, send them down a flow to fill out more details.
    if (req.user.isCompleteProfile()) {
      res.redirect('/home');
    } else {
      res.redirect('/complete-profile');
    }
  });

app.get('/complete-profile', function(req, res) {
  res.render('profile-form', { user: req.user });
});

app.post('/update-profile', function(req, res) {
  // Grab the missing information from the form and update the profile.
  res.redirect('/home');
});

这篇关于使用Everyauth/Passport.js通过Twitter进行身份验证，同时询问用户名/电子邮件/密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！