[Question] Can I get request.user?

[lonix1]

In passport and other similar libraries, once username/password are checked, and therefore the request is authorised, the user object is attached to the request - req.user can thus be used in the route handler without another database lookup.

Can I do the same here? The docs say that req.auth exposes username and password, but how do I attach the user object as well? I thought I could return it from the authentication function and it would be attached, but it doesn't seem to work that way.

[toverux]

You're right, that's not possible, the library only attaches { username, password } to the request. Nothing else. I'm surprised that no more people asked for that, by the way. To be frank, although still maintained, this library is now quite old-ish and needs a proper rewrite and to answer some limitations and use cases, and I suppose that @LionC is totally aware of that and will address these issue if the rewrite happens.

I suggest that you use another library for this time, as there's no way to do that properly for now.

[lonix1]

@toverux I don't mean to be rude, I appreciate the work that went into this library. But until the rewrite, would you mind recommending such an alternative library?

[LionC]

As soon as the request object will be available to the authorizer, this will be easily possible, as the request object can be modified (so you can just attach whatever you need). I will close this issue until then and mark it for the rewrite, if you want to help @lonix1 out, message them privately.

@lonix1 Don't worry, it's not rude to need features that this library can not offer :-)

[lonix1]

LOL... open source competition and advertising. I stepped over the line!! :-)