Invitation system using Passport JS

Question

I'm rewriting an authentication system to be OAuth only with Passport JS. I've designed a user flow as described below, but I can't see where the best point to get Passport to interact with information from the original request is.

The flow will be:

1. Authenticated user sends invitation to a new user's email address
2. New user clicks on link and lands on invitation page (/invitation/SOMECODE)
3. Invitation code is verified and, if still valid, allows user to auth via Google/Slack
4. New profile is created in the Strategy, but associated with the existing company (instead of creating a new one)

I'm looking to get access to the req.params inside of the Google Strategy, because this is the point I would typically create a new profile, and company for first time users. But if there's an invitation code, I want to do lookups on that info at this point.

I can't see any documentation that supports this approach, other than Node Passport invitation strategy which uses a password after initial sign up.

Can you get access to req object inside the strategy or is there a better way to approach this with another middleware?

Answer 1

I think what you're looking for is passReqToCallback

Example from docs:

passport.use(new TwitterStrategy({
    consumerKey: TWITTER_CONSUMER_KEY,
    consumerSecret: TWITTER_CONSUMER_SECRET,
    callbackURL: "http://www.example.com/auth/twitter/callback",
    passReqToCallback: true
  },
  function(req, token, tokenSecret, profile, done) {
    if (!req.user) {
      // Not logged-in. Authenticate based on Twitter account.
    } else {
      // Logged in. Associate Twitter account with user.  Preserve the login
      // state by supplying the existing user after association.
      // return done(null, req.user);
    }
  }
));

See passReqToCallback in the docs: http://passportjs.org/docs/authorize