Closed LocalMagic closed 5 years ago
Hi @LocalMagic,
the strategy needs a session mechanism to work (it saves states, nonces, etc to be able to verify callbacks for you).
The rest is really a passport question (i mean, not saving a user but rather the token) and you should be able to define this by just specifying the serializeUser / deserializeUser functions of passport.
In all of this, the actual session mechanism is up to you to choose (if it's cookie-session or smth else), it doesn't matter
Im not too experienced with passportjs but we currently use openid-client with cookie-session.
However we would like to try and move away from sessions and just store either a simple cookie with a token, or attach the token to a header on each request which we then introspect to see whether the token is valid.
I can't figure it out, maybe it's not possible, I just simply don't know where or how I can retrieve the token from the library, and when and how I should save it in a cookie. Maybe it is only built to use a session.
currently we have:
then
and for the callback
We would like to continue using this library as the authentication service we call has a discovery endpoint etc. and wouldn't want to implement all of the features ourselves. If I set session to false, how do I retrieve the token and where for this strategy, can someone help me?