Open
Conversation
Implement promise based authenticateRequest() API that enables programmatic execution of Passport strategies Key additions: - Returns an explicit `AuthResult` object containing the resolution of the auth attempt - Adds an AuthContext to capture and provide data for logging and metrics - Maintains backwards compatibility with hook logic - Includes demo-auth-server.ts to test the code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement promise based authenticateRequest() API that enables programmatic execution of Passport strategies
Key additions:
AuthResultobject containing the resolution of the auth attemptTesting
Demo server created
Calling the route with the invalid Api Key before logging in to get a session cookie results in both strategies failing
Calling the route with the valid API Key before logging in to get a session cookie results in the session key failing, then the API key authentication succeeding
If we then hit the login route
We now have a cookie with a valid session so if we attempt authentication with the valid or invalid key, authentication will pass since it attempts to use session before even using the API keys
If we then logout, our session will be cleared and we can see that we will fall back to the API key auth again and we get the original results above
