search

jaredhanson / passport-local

Username and password authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-local/?utm_source=github&utm_medium=referral&utm_campaign=passport-local&utm_content=about
MIT License
2.74k stars 498 forks source link

Get user details of request from req.headers or req.query #116

Closed kimmobrunfeldt closed 9 years ago

kimmobrunfeldt commented 9 years ago

I'm not sure if this issue belongs to passport or passport strategies, but posted it here to get started. I created the same issue to passport repository too, feel free to close this if it belongs to the other repo.

My API authentication currently works so that users send x-token header to authenticate: x-token: <token>. The details of my authentication request don't matter. I might want to send the token or user credentials in query parameters, headers or body.

It seems that passport strategies enforce that the credentials are pulled from req.body object. It would be more generic if I could pass a getter function which would get the credentials req object, like this:

function(req) {
    return {apiKey: req.headers['x-token']};
}

What would be the best solution to overcome this? Create my own strategy? This problem exists at least in passport-local and passport-localapikey. Would you be willing to merge a pull request which would make the library API more generic?

I didn't find this problem mentioned in other issues.

jaredhanson commented 9 years ago

Duplicate of https://github.com/jaredhanson/passport/issues/410. Please don't file the same issue on multiple projects.