Express request does not inlcude user after passport (local strategy) authentication
Question: I try to authenticate http requests via username and password. The authentication seems to work. But for some reason the user data is not available inside the express routes. Related Stackoverflow questions are pointing to problems in the session setup. But I followed this tutorial (https://www.passportjs.org/tutorials/password/) and can not see what I am doing wrong.
Related Stack Question that did not help me:
- Unable to access req.user in Passport.js on Express.js
- NodeJS Express Passport - req.user is undefined
Git-Repo (with back and frontend for testing): https://github.com/quentinkrammer/stack-express-local-passport.git
Broken Backend Code:
import express from "express";
import session from "express-session";
import memoryStore from "memorystore";
import passport from "passport";
import { Strategy as LocalStrategy } from "passport-local";
const MemoryStore = memoryStore(session);
const store = new MemoryStore({
checkPeriod: 3600000,
});
passport.use(
new LocalStrategy(function verify(username, password, cb) {
if (username === "Jim" && password === "123") {
console.log("Local Strategy - SUCCESS");
const user = { user: "Jim", role: "Admin", id: "42" };
return cb(null, user);
}
console.log("Local Strategy - FAILED");
return cb(null, false, { message: "Incorrect username or password." });
}),
);
passport.serializeUser(function (user, cb) {
console.log("Serializer: ", user);
cb(null, user);
});
passport.deserializeUser(function (user, cb) {
console.log("DeserializeUser: ", user);
cb(null, user as Record<string, string>);
});
const authRouter = express.Router();
authRouter.post(
"/login",
passport.authenticate("local", {
failureMessage: true,
failureRedirect: "/notAuthed",
}),
function (req, res) {
console.log(
"Successfull authentication - User: ",
JSON.stringify(req.user),
);
res.redirect("/authed");
},
);
authRouter.get("/authed", function (req, res, next) {
// Question: Why is the user undefined? I need the user to do authorization :(
console.log("authRouter - User: ", JSON.stringify(req.user)); // req.user = undefined
res.json("Login successfull");
});
authRouter.get("/notAuthed", function (req, res, next) {
res.json("Login failed");
});
const app = express();
app.use(cors({ origin: "*" }));
app.use(express.urlencoded({ extended: false }));
app.use(
session({
secret: "keyboard cat",
resave: false,
cookie: { maxAge: 3600000 },
store,
// not sure if this is needed
saveUninitialized: false,
}),
);
app.use(passport.authenticate("session"));
app.use("/", authRouter);
app.listen(3000);
Backend Console.log:
EDIT: Afaik the express-session (https://www.npmjs.com/package/express-session) package stores the session client-side in a cookie. But in my code the cookie apparently never gets to the client. No idea why.
The issue had nothing to do with express, but with CORS, since my frontend is hosted on a different origin as explained here: express-session isn't setting session cookie while using with socket.io
To fix this I changed backend like this:
app.use(cors({ origin: "http://localhost:5173", credentials: true }));
And also set credentials to 'include' in the fetch request on the frontend:
const res = await fetch(url, {...oldOptions, credentials: 'include'})
- What does "npm:" prefix in dependency section in package.json mean?
- NextJS NodeJS multi processes
- How to decode Image with multiple QR images in Javascript
- AWS elastic Beanstalk / nginx : connect() failed (111: Connection refused
- Getting ReferenceError: readFile is not defined
- Problem with permissions during deployment firebase cloud function v2
- Mock Multer for multiple tests (vitest and Typescript)
- AWS ECS exec /usr/local/bin/docker-entrypoint.sh: exec format error
- How can I delete folder on S3 with Node.js?
- Error: Could not find matching close tag for "<%="
- Lib working in netlify dev, in netlify preview PR but not in production (Nuxt)
- Internal Error: EACCES: permission denied, symlink '../lib/node_modules/corepack/dist/pnpm.js' -> '/usr/local/bin/pnpm'
- How to loop through result in sequelize
- Programmatic Webpack & Jest (ESM): can't resolve module without '.js' file extension
- Get current URL of browser
- Error building nextjs app on docker but not locally
- name can only contain URL-friendly characters
- Node cannot find module "fs" when using webpack
- Running rs.status() throws BSONError: Invalid UTF-8 string in BSON document in mongosh
- Cannot POST / error using express
- Using multer and express with typescript
- Neo4J always defaults NodeJS numbers as float when using parametrized queries
- I'm getting this error during connecting mongoose to nodejs
- Fs.readFile on FTP server
- How do I uninstall a package installed using npm link?
- How To Fix "Lexical declaration cannot appear in a single-statement context"
- Angular 18 error after update:An unhandled exception occurred: (0 , os_1.availableParallelism) is not a function
- Create a modular npm package
- React + Material-UI - Warning: Prop className did not match
- What could cause an error related to npm not being able to find a file? No contents in my node_modules subfolder. Why is that?