Skip to content

Instantly share code, notes, and snippets.

@joshbirk
Created February 3, 2012 19:57
Show Gist options
  • Save joshbirk/1732068 to your computer and use it in GitHub Desktop.
Save joshbirk/1732068 to your computer and use it in GitHub Desktop.
Sample of using passport w/ mult strategies
var fs = require("fs")
var ssl_options = {
key: fs.readFileSync('privatekey.pem'),
cert: fs.readFileSync('certificate.pem')
};
var port = process.env.PORT || 3000;
var express = require('express');
var ejs = require('ejs');
var passport = require('passport')
, ForceDotComStrategy = require('./lib/passport-forcedotcom').Strategy
, TwitterStrategy = require('passport-twitter').Strategy
, FacebookStrategy = require('passport-facebook').Strategy;
var restProxy = require('./lib/rest-proxy');
//define passport usage
passport.use(new ForceDotComStrategy({
clientID: '[FDCID]',
clientSecret: '[FDCSECRET]',
callbackURL: 'https://127.0.0.1:'+port+'/token'
},
function(token, tokenSecret, profile, done) {
console.log(profile);
return done(null, profile);
}
));
passport.use(new TwitterStrategy({
consumerKey: '[TWITTERID]',
consumerSecret: '[TWITTERSECRET]',
callbackURL: 'https://127.0.0.1:'+port+'/twitter-token' //this will need to be dealt with
}, function(token, tokenSecret, profile, done) {
process.nextTick(function () {
return done(null, profile);
});
}));
passport.use(new FacebookStrategy({
clientID: '[FBID]',
clientSecret: '[FBSECRET]',
callbackURL: 'https://127.0.0.1:'+port+'/facebook-token'
},
function(accessToken, refreshToken, profile, done) {
// asynchronous verification, for effect...
process.nextTick(function () {
// To keep the example simple, the user's Facebook profile is returned to
// represent the logged-in user. In a typical application, you would want
// to associate the Facebook account with a user record in your database,
// and return that user instead.
return done(null, profile);
});
}
));
//define REST proxy options based on logged in user
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(null); }
res.redirect('/error')
}
//configure, route and start express
var app = express.createServer(ssl_options);
app.configure(function() {
app.use(express.logger());
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session({ secret: 'thissecretrocks' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
});
app.set('view engine', 'ejs');
app.set('view options', {
layout: false
});
app.get('/',
function(req, res) {
res.send('Hello World.');
});
app.get('/login', passport.authenticate('forcedotcom'));
app.get('/token', passport.authenticate('forcedotcom', { failureRedirect: '/error' }),
function(req, res){
res.send('Logged In.');
});
app.get('/twitter-login', passport.authenticate('twitter'));
app.get('/twitter-token', passport.authenticate('twitter', { failureRedirect: '/error' }),
function(req, res){
res.send('Logged In.');
});
app.get('/facebook-login', passport.authenticate('facebook'));
app.get('/facebook-token', passport.authenticate('facebook', { failureRedirect: '/error' }),
function(req, res){
res.send('Logged In.');
});
app.get('/error', function(req, res){
res.send('An error has occured.');
});
app.all('/:label/:mode/*',
ensureAuthenticated,
function(req, res) {
console.log(req.session);
if(req.session["passport"]["user"] && req.params.label == "fdc") {
var restOptions = {
useHTTPS : true,
host : req.session["passport"]["user"].instance_url,
headers: {
'Authorization': 'OAuth '+req.session["passport"]["user"].access_token,
'Accept':'application/jsonrequest',
'Cache-Control':'no-cache,no-store,must-revalidate'
}
}
restProxy.proxy(req,res);
}
});
app.get('/*',function(req, res) {
res.render(req.url.substring(1,req.url.length)); //really?
})
app.listen(port, function() {
console.log("Listening on " + port);
});
@jaredhanson
Copy link

Cool. The session definitely works as a way to store all this state too. It's just a personal preference of mine to not store much in the session, but there's nothing wrong with the approach.

Let me know when the strategy has a repo, and I'll update the site with links to it. Looking forward to it!

Copy link

ghost commented Jun 7, 2013

How do you bake identity? email or?

@sonoman
Copy link

sonoman commented Dec 24, 2013

Hey guys:

I'm starting with passport, and I'm migrating an Auth module I have written in Ruby/Sinatra, where i already support account connection (i'm using omniauth for that).
In omniauth, everything falls in one only route (:provider/callback), and on that route I have the logic to see if the user is already logged in (in which case i connect the accounts), or is a new user.

Now I'm tryinh to underestand your example, and I see like two different providers "twitter" and "twitter-authz", and a different logic for use authenticate and authorize...the question is: Why do I have to use different providers ?

@kevinSuttle
Copy link

Is it possible to append multiple accounts to passport.user when using multiple strategies? For example: passport.user.github, or passport.user.facebook? The goal is to avoid overriding the overlapping values. e.g. When 2 strategies each have an email property, the most recent authenticated Strategy would populate passport.user.email, correct?

I've read http://passportjs.org/guide/authorize/, and dug through the source to find { userProperty: '' }, but that only changes the user property name of passport.user.

Someone on StackOverflow had the same question. All I could do was point him to the docs. https://stackoverflow.com/questions/26453527/using-passport-js-with-multiple-strategies-without-overwriting-user-request-obje/30224234#30224234

@zccmg
Copy link

zccmg commented May 11, 2016

I have App that authenticate with Saml 2.0 strategy, only authentication so I need to do authorization strategy, using OAuth strategy.
and I have multiple authorization requests depending on the resource requesting, like when the user request /products send authorization request (if not authenticated before) only for this resource, and another request to another resource, ... ...
so I thing is a very help fully if Passport js supports a multiple strategies by separating their information in the session, like saying req.resources.products.access_token and req.user.[email|name]

@hiteshsethiya
Copy link

I'm new to passportjs, Is there a strategy which keeps only one active session per user per device?
Say user A logs into device D1 and then logs into device D2, then the session in device D1 should be invalidated. How can i do that?
Thank you

@alexkaralanian
Copy link

Hi all been using passport for a while - is there a way to implement JWT token authentication while connecting with all these providers - ie sending ONE master token to the client that protects the API routes, and grants further access to the google, facebook, etc... tokens in the DB which can be queries and used to make further downstream requests to API data.

Im looking to build an app that connects several API providers and allows me to query their data but doesn not use session -- and I want to use one JWT token on the client side. Is this doable?

@fogunfile
Copy link

fogunfile commented Mar 25, 2020

Great! However, is it possible to use a local strategy along with google oauth2 strategy? If so, how do I go about this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment