How to pass an additional parameter to passport.authenticate

Question

(I already do fbStrategy.passReqToCallback = true ) I am riffing off https://scotch.io/tutorials/easy-node-authentication-linking-all-accounts-together but want to use this social authentication service for multiple apps, ex: the one that controls the heating system, the one that turns on the sprinklers etc.

Basically if one of these apps checks with the server and doesn't have a correct token it get redirected to this social authentication service (social-auth). When the user presses on of the social login buttons it grabs the parameter of what app its arriving from and adds it as a parameter for /auth/facebook/:appid

    // send to facebook to do the authentication
    app.get('/auth/facebook/:appId', function(req,res,next){
        passport.authenticate(
            'facebook', { scope : 'email' }
        )(req,res,next);
    });

req of req,res,next is the serialized user record. At this point social-auth doesn't know who the user is.

fbStrategy.passReqToCallback = true;  
passport.use(new FacebookStrategy(fbStrategy,
    function(req, token, refreshToken, profile, done) {
        var email = (profile.emails[0].value || '').toLowerCase()     
        process.nextTick(function() {...

Once authorization is complete I want to redirect back to the calling app and I need the :appId param to ride along so I can go back to the right site.

Now generally it would work if I just made a variable like currentAppId accessible to the various social stategies but If you happened to have multiple people authenticating at the same time then you conceivably have a user return to the wrong app, or some other users app. That's why I need appId to travel as param to passport.authenticate . Where should I be looking to figure out how. Could I wrap passport.authenticate or otherwise modify things?

score 21 · Answer 1 · answered Apr 18 '17 at 05:11

21

You can use the request itself to transfer some additional parameters from and to the strategy function. In the following example the two parameters _toParam and _fromParam are used for this concern.

app.get('/auth/facebook/:appId', function(req,res,next){
    req._toParam = 'Hello';
    passport.authenticate(
        'facebook', { scope : 'email' }
    )(req,res,next);
})


fbStrategy.passReqToCallback = true;  
passport.use(new FacebookStrategy(fbStrategy,
    function(req, token, refreshToken, profile, done) {
        console.log(req._toParam);
        req._fromParam = 'Hello 2';
        var email = (profile.emails[0].value || '').toLowerCase()     
    process.nextTick(function() {...

If you need to store the id for further requests, you could use a map with the socket of the current request as key.

answered Apr 18 '17 at 05:11

Manfred Steiner

1,215
2
13
27

Brilliant, thanks so much. I tried to figure out your last suggestion with searches like 'express middleware socket of the current request' but didn't really find anything. Any references would be appreciated – mcktimo Apr 18 '17 at 17:21
5

Actually it didn't work passport.use(new FacebookStrategy(fbStrategy, function(req, token, refreshToken, profile, done) { console.log(req._toParam); comes back as undefined even though it is defined here.. app.get('/auth/facebook/:appId', function(req,res,next){ req._toParam=req.params.appId console.log(req._toParam) I was reading the wrong log. – mcktimo Apr 18 '17 at 17:31
1

For all the social auth strategies the req gets replaced by req.user – mcktimo Apr 18 '17 at 17:34
@Manfred Steiner I have a question about this. why do you need to pass (req,res,next) at the end of the function? Is it anonymous? When you redirect you just need passport.authenticate("facebookStrategy"), function(req, req){} ... and you don't need to pass the parameters again. What is the difference? – Pier-Olivier Marquis Apr 28 '18 at 19:21
Do you know how to get this working after the new rules of twitter https://twittercommunity.com/t/action-required-sign-in-with-twitter-users-must-whitelist-callback-urls/105342 I used to pass the query item but now I cant – Hady Rashwan Sep 08 '18 at 14:23
8

i would recommend to add state in : { scope : 'email' , state : "You stringyfied data" } and then access state from req.query.state in callback – DHIRAJ KATEKAR Feb 14 '19 at 11:05

davidrl1000 · Answer 2 · 2022-03-21T22:46:41.247

In my case, due to the authentication flow, to set up a variable in req was not working.

The second option, set passReqToCallBack: true was giving me many issues, so it was not an option either. More information can be found here.

The solution came to me following the answer that Dhiraj posted in thread above, I did set a single string in the state and I was able to use the string on the callbacks.

login: (req, res, next) => passport.authenticate('google', {
    scope: ['profile', 'email'],
    state: req.query.username
  }, () => next())(req, res, next),

  onSuccess: async(req, res) => {
    console.log(req.query.state)
  },

How to pass an additional parameter to passport.authenticate

2 Answers2