How do I redirect from a passport.js authorize callback on success?

Question

In my Node.JS application's server code I use passport.js (v0.2.1, the most recent release is v0.2.2 but that has no significant changes from v0.2.1 - link) for authentication and I also have a number of routes that allow users to connect their social network accounts like twitter and facebook.

Since the user is already logged in, the right passport API function to use is authorize, not authenticate:

router.get('/api/connect/facebook/callback', passport.authorize('facebook-connect', {
    successRedirect: '/profile?message_code=fb_accept',
    failureRedirect: '/profile?message_code=fb_decline',
}));

This route is called back by Facebook after the user authorises or declines permissions on the Facebook website: - If the user declines permission then the failure redirect is called - If the user grants permission then the success redirect is not called, instead the next middleware server is called instead

The passport.js documentation does not describe how to handle the success case. How do I redirect after a successful authorization?

Answer 1

Summary

A successful authorize passes control to the next middleware which should perform the redirect itself.

Detail

Digging into the passport code, in lib/authenticator.js, the authorize prototype sets assignProperty to account:

Authenticator.prototype.authorize = function(strategy, options, callback) {
  options = options || {};
  options.assignProperty = 'account';
  var fn = this._framework.authorize || this._framework.authenticate;
  return fn(this, strategy, options, callback);
};

Because authorize is not defined by Passport framework, the authorize code falls back to using authenticate, as defined in lib/middleware/authenticate.js. In this method, the success redirect occurs only inside the callback to req.logIn, which is not called when assignProperty is truthy.