Study note and activity record

         I'm going to demonstrate how to use Bearer Strategy and jsonwebtoken in this post. The workflow is shown as below picture. The client need to login first and get the token from the server. Then the client request another API service while embedded the token in the http request header. The server verify the token and respond the result to the client. The jsonwebtoken can encode a little information into the token, like user id and username (those isn't sensitive data). The jsonwebtoken can decode back the information on server side. We do not use Session to store in this example because the token also acts as authentication check.           Starting with the code using passport with LocalStrategy and custom callback(v1.2) , we first install the Bearer Strategy and token generator module.                     npm install passport-http-bearer      ...

Establish a session with custom callback of passport.authenticate()             In post part 2 , we have provide custom callback function into passport.authenticate() function. As the description of authenticate() function stated, we have to establish a session by ourself. This post demonstrate to establish a session.            We modify the code(v1.2) in part 2. First, import and setup session. import express from "express" ; import bodyParser from "body-parser" ; import passport from "passport" ; import { Strategy } from "passport-local" ; import session from "express-session" ; const app = express (); const PORT = 6000 ; app . use ( bodyParser . urlencoded ({ extends : false })); app . use ( bodyParser . json ());   app . use ( session ({ secret : 'you should keep this in secret' , resave : false , saveUninitialized : false , })); app . use ( passport . authenticate ( 'session'...

 Display failure message              From the previous post, we redirect to GET /login route when the authentication fails without telling any reason. However, we usually need to explain to the client about what's wrong.            That's means we need to return the addition message we stated in Strategy verify function. Beside we use custom callback to return those message in part 2 . We can also get the message by Passport default manner. passport . use ( "local" , new Strategy ( { usernameField : "username" , passwordField : "password" }, function verify ( username , password , cb ){ try { const userCredentials = getUserInfo ( username ); if ( ! userCredentials ) return cb ( null , false , { message : "User does not exist" }); if ( password === userCredentials . password ){ ...

Add Session                 In this post, we will use passport Local Strategy combined with Session to store user status. We will start from the result in part 1 (use passport default manner) . We can remind the usage of session in the post cookie and session .          As far as I learn, the workflow of Passport and Session will be like below picture. Passport has serialized the userInfo that you passed into the callback( cb ) in Strategy verify function. The information is saved into server session storage. When the user access the server later, the server retrieve user content in session storage according to the session ID in the cookie of user request. Passport automatically deserialize the content and load it to req.user (1st argument of handler of route). Then we can access user information in the body of the handler function.           To implement, f irst we install the se...