http2 and perhaps many other server implementations not supported

[shekhei]

Since passport modifies the IncomingMessage.prototype directly, there are some server implementations out there that seems to be affected, most significantly node-http2.

node-http2 does not use the http.IncomingMessage. Any plans on improving this technique of directly modifying the http.IncomingMessage.prototype?

[AdrianRossouw]

it seems to be separated out enough that it's possible to use different integrations : https://github.com/jaredhanson/passport/blob/master/lib/http/request.js

I was actually just considering whether it would be possible to do authenticated node streams (object mode of course). I can't think of anything that would block this in the core library (although individual strategies might)

[jaredhanson]

Yep, exactly. At one point I did have some prototypes of using Passport to authenticate other, non-HTTP protocols. The idea is that this is modular enough that you can swap out the underlying protocol implementation. Obviously that's not the primary use case, so if you try this and run into any gotcha's, let me know and we can clean it up.

[shekhei]

Perhaps this request.js could be rewritten to "extend" any object, instead of requiring req directly? so at least we will always have latest implementation when any one bumps passport versions.

[marcbachmann]

I also wanted to have a framework- & server-independent solution. So I've extracted the code required for the authentication into a separate library. https://www.npmjs.com/package/passport-light