Geek Answers Handbook

Using passport.js with yoman and grunt for authentication

I am trying to figure out how to use passport.js with grunt / yoman. I have the following:

// at the top of my gruntfile.js var passport = require('passport'); var BasicStrategy = require('passport-http').BasicStrategy; passport.use(new BasicStrategy( function(username, password, done) { return done(null, true); // I would expect this to always succeed, but still challenge for credentials } )); // further down in my connect config. livereload: { options: { middleware: function (connect) { return [ lrSnippet, passport.initialize(), passport.authenticate('basic', { session: false }), mountFolder(connect, '.tmp'), mountFolder(connect, yeomanConfig.app) ]; } } }

In each request, the response contains only unauthorized . Removing the passport.authenticate call makes the page work, but obviously there is no authentication now. I tried changing the order of the middle layer and it didn’t help, and I don’t know the expert with yoman / grunt, so I’m not quite sure what else to try ...

Any help would be greatly appreciated.

+4
source share
1 answer

I think you need to pass the done() object inside your BasicStrategy . As far as I remember, the JS passport uses this object to populate req.user in express applications, and because of this, I think that it probably expects object not a boolean .

Here is a more robust example of the same function that I use in many applications:

  passport.use(new BasicStrategy( function(clientID, clientSecret, done) { AuthClient.findOne({ clientID: clientID }, function(err, client) { if (err) { return done(err); } if (!client) { return done(null, false); } if (client.secret != clientSecret) { return done(null, false); } return done(null, client); }); } ));

As you can see, BasicStrategy uses clientID and clientSecret for analysis, which is equivalent to a combination of your username and password. Since you are not actually pulling it from db, as shown in my example, I would expect that if you just follow the above sentence and pass {} to done(null, {}) , it might work better.

0
source

More articles:


All Articles