Reputation: 855
Passport-js How to create a custom strategy
I am looking to create my own strategy.
I have client_id, client_secret and related meta data. I also know the flow of execution. So I want to create my own strategy and add my custom logic for authentication.
I looked at passport-strategy, but I am not understanding how to implement my own strategy. Can anyone explain it?
Upvotes: 28
Views: 25565
Answers (2)
Reputation: 2210
I found it pretty frustrating, using passport-custom, being in a typescript project, in fact it is very easy to create a new strategy, all you need to do is implement or extend the basic passport strategy, since the only mandatory function is authenticate, it is the entry point during a strategy check, the rest is up to your imagination.
import { Request } from 'express';
import passport from 'passport';
export class CustomStrategy extends passport.Strategy {
name?: string;
authenticate(
this: passport.StrategyCreated<this, this & passport.StrategyCreatedStatic>,
_req: Request,
_options?: any,
) {
// this.success({user: Express.User}, info?: object): void;
this.success({ id: 1 }, { info: 'userdata' });
//// *** Other available inherited methods
//// * fail(challenge?: {message?: string, [key: string]: any } | string | number, status?: number): void;
// this.fail('not your day body'); // default statusCode 401
// this.fail('not your day body', 403); // change for statusCode 403
//// * redirect(url: string, status?: number): void;
// this.redirect('https://url');
//// * pass() // ignores check
// this.pass();
//// * error(err: any)
// this.error('error of some kind');
}
}
Upvotes: 9
Reputation: 2107
You have two options here:
If you have a custom logic for authentication you don't really need to create your own strategy... you can use the passport-custom strategy which allows you to build this logic. According to the documentation:
The custom authentication strategy authenticates users by custom logic of your choosing
Unless you want to actually build a strategy that you want to distribute (eg: an implementation of OpenID or something like that), I don't see the point on implementing your own strategy.
However, implementing your own strategy consists in implementing the passport-strategy abstract class. I'd suggest to look into the Github page instead of the npm page as it has more information about how to get up and running. Basically, the steps to follow to have your own strategy is:
- Subclass Strategy
- Implement Authentication by defining the authenticate() method on the prototype (here you'll have your custom logic).
- Invoke one of the Augmented Methods (.success, .fail, .pass, .redirect or .error)
Finally you would need to pack it as an npm module and once you have everything in place you can go and require your own strategy in your Node.js project.
As I said, I think that you need to have a good reason to go for your own strategy. I'd give a try to the passport-custom.
Upvotes: 30
Related Questions
- Is there an apple passport strategy?
- Passport authenticate options for Nodejs
- Implement Oauth 2.0 authentication mechanism using passport
- Nodejs Authentication
- NodeJs passport local strategy authentication
- Passport.js optional authentication
- Web application authentication strategies
- Correct Authentication Pattern using Passport.js
- Passport for authentication in Node JS
- Using Passport module in Nodejs for OAuth