jfaissolle
commented
10 years ago I have the same type of need in my app. I have found that you can simply wrap the filter like this and put it at the end of the chain.
var apiKeyFilter = passport.authenticate('localapikey', {session: false});
function(req, res, next) {
if (!req.isAuthenticated()) {
return apiKeyFilter(req, res, next);
} else {
next();
}
}
I have use case where I use LocalAPIKey strategy to authenticate each REST request with apikey passed in query string with each request. And at the same time I am using password authentication with sessions to allow browser app have access to the same API endpoints. To allow that I had to allow Local API Key strategy not fail when 'apikey' is not found. This is optional and should not break existing applications.