Skip to content

New applications state feature: req.authInfo isn't available in error handler #140

Open
@plashenkov

Description

@plashenkov

Hi! I'm trying to read the application state in an error handler. It works fine inside a success handler, but inside the error handler req.authInfo is empty. But we may need the state there too to fully handle failure situations on a par with success situation.

Example code:

// Let's suppose our frontend app generates a token and passes it to OAuth flow.
// After either success or failure the app wants to get it back and compare with
// the initial value to check the final callback is legitimate and initiated by the app itself.

app.get(
  '/api/login/facebook',

  function (req, res, next) {
    const options = {
      state: {
        token: req.query.token
      }
    }
    passport.authenticate('facebook', options)(req, res, next)
  }
)

app.get(
  '/api/login/facebook/callback',

  passport.authenticate('facebook', {failWithError: true})

  function (req, res) {
    const params = {
      result: 'success',
      token: req.authInfo.state.token,
    }
    res.redirect('/login?' + (new URLSearchParams(params)).toString())
  },

  function (err, req, res, next) {
    const params = {
      result: 'error',
      message: err.message,
      token: req.authInfo.state.token, // <-- the problem
    }
    res.redirect('/login?' + (new URLSearchParams(params)).toString())
  }
)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions