Replies: 2 comments
-
|
At least in Express 4, you can also access the response object though the request — |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thanks, apparently that's a deliberately undocumented feature, but it does make this easier. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I would like to write a custom strategy that validates requests based on a cookie. The cookie can expire, but contains sufficient information that I can refresh the auth, but this changes the cookie value. I would like this refresh process to be transparent to the client, so my strategy should be able to set a new cookie when necessary but only the request to strategies, not the response.
Strategies can optionally specify that they would like to receive the request; if the same was implemented for the response then it would be backward compatible for existing clients, as no additional arguments would be provided by default.
The inelegant workaround is to provide the refreshed data in the user and then use additional middleware to extract that data and set cookies as necessary. The decoupling is a bit of a mess here though, as it makes it more complex to understand, and easier to mess up (e.g. by not resetting the cookie in the middleware).
Related to discussion issue passport/discuss#38, but it seems like the best implementation would be a new feature, so added here as a "please do this" rather than "how do I do that".
Expected behavior
Strategies should have access to responses.
Actual behavior
Strategies do not have access to responses.
Steps to reproduce
N/A
Environment
N/A
Beta Was this translation helpful? Give feedback.
All reactions