在不覆盖用户请求对象的情况下使用多种策略的passport.js [英] Using passport.js with multiple strategies without overwriting user request object
问题描述
我使用passport.js 本地策略进行身份验证.我还需要用户通过 Facebook、Twitter 和 G+ 进行身份验证,但不是作为身份验证的替代方案,而是让用户能够从这些服务中检索他们的内容.
I'm using passport.js local-strategy for auth. I also need users to authenticate with Facebook, Twitter, and G+, but not as auth alternatives, but to enable the user to retrieve their content from those services.
正如所写的,每个身份验证策略都会将一个用户对象写入请求对象.这具有注销我的 root 用户的效果.有没有办法为这些额外的身份验证策略利用通行证,但不覆盖用户对象?
As written, each auth strategy writes a user object to the request object. This has the effect of logging-out my root user. Is there a way to leverage passport for these additional auth strategies, but not override the user object?
以下是规范示例:
var passport = require('passport')
, TwitterStrategy = require('passport-twitter').Strategy;
passport.use(new TwitterStrategy({
consumerKey: TWITTER_CONSUMER_KEY,
consumerSecret: TWITTER_CONSUMER_SECRET,
callbackURL: "http://www.example.com/auth/twitter/callback"
},
function(token, tokenSecret, profile, done) {
User.findOrCreate(..., function(err, user) {
if (err) { return done(err); }
done(null, user); //trashes my existing user object
});
}
));
推荐答案
一种方法是使用回调而不是重定向.通常你会调用 req.login() 来设置请求对象.你可以跳过这一步,对响应做任何你想做的事情.
A way to do this is to use a callback rather than a redirect. Usually you would call req.login() to set the request object. You can just skip that step and do whatever you want with the response.
app.get('/auth/twitter/callback', function (req, res, next) {
passport.authenticate('twitter', function (err, user, info) {
res.send({err: err, user: user, info: info}); //skip req.login()
})(req, res, next)
});
这篇关于在不覆盖用户请求对象的情况下使用多种策略的passport.js的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!