Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Both strategy function and passport.authenticate are called on protected end point #70

Open
philipbrack opened this issue Mar 11, 2017 · 2 comments

Comments

@philipbrack
Copy link

Hi I wrote an example server and client for your library.

One thing I am trying to figure out is, I noticed that both the

passport.use(new FacebookTokenStrategy({
    clientID: 'TBD',
    clientSecret: 'TBD'
  }, function (accessToken, refreshToken, profile, done) {
    <function 1>
    ...

and

app.get(
    "/protected",
    (req, res) => {

      // calling this so as to catch error and respond without 500 and pass all the details to the user.
      passport.authenticate('facebook-token', {session: false}, function (err, user, info) {
        <function 2>
        ...

are executed every time I do an HTTP GET for the "/protected" end point.

Is it the case that passport.authenticate() is what calls the strategy function?

Also under what conditions does the library ping facebook to validate the token?
I should think that if it is a known user and the time to live isn't expired we
shouldn't have to do a lookup.

@philipbrack
Copy link
Author

OK I think I may have cracked the case. passport.authenticate('facebook-token') does call the strategy registered before.

Also if I want to optimize the facebook API hit out I referred to I would need to do that logic myself and not call passport.authenticate.

Does that sound correct?

@amank22
Copy link

amank22 commented Sep 2, 2017

Yeah... I was also thinking about that.
This strategy is called everytime we try to access a protected data. So if a user is not registered and he calls this endpoint, it will create a new user. But I dont think I want to create a new user from all the calls. Also I want multiple providers in my server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants