Why is pass.authenticate being called twice?
I am studying passport documents. I am looking here for an example passport-google https://github.com/jaredhanson/passport-google/blob/master/examples/signon/app.js
It contains the following lines of code
app.get('/auth/google',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
And subsequently these lines:
app.get('/auth/google/return',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
Can someone help me understand why a duplicate call for passport is needed. authenticate?
source to share
The two calls actually perform different functions depending on what type of request is received and what stage of authentication the thread is at.
The first challenge passport.authenticate
is to initiate OpenID authentication (which is used passport-google
under the hood) and the second challenge (for the URL return
) is used by the OpenID provider to respond to the previous authentication request. The passport strategy reads the corresponding claim from the second request and processes it accordingly - ultimately resulting in a redirect to /login
if the assertion fails, or a redirect to /
if that assertion was fulfilled.
The source code https://github.com/jaredhanson/passport-openid/blob/master/lib/passport-openid/strategy.js#L164 contains some well-written comments explaining what's going on.
As a final aside, other Passport strategies can behave differently, so not every callback strategy necessarily requires the same "repeat" calls passport.authenticate(...)
.
source to share