passport-github verify callback never called? about fastify-passport HOT 9 CLOSED

Hello.

@julie-ng can you try with this piece of code :

const PORT = process.env.port || 3000

const fastify = require('fastify')({ logger: true })
const fastifyPassport = require('fastify-passport')
const fastifySecureSession = require('fastify-secure-session')

const { Strategy: GitHubStrategy } = require('passport-github')
const strategyOpts = {
  clientID: process.env.GITHUB_CLIENT_ID,
  clientSecret: process.env.GITHUB_CLIENT_SECRET,
  callbackURL: 'http://127.0.0.1:3000/auth/github/callback'
}

const notForProductionKey = 'no-encryption-key-for-local-dev-min-32-bytes'
fastify.register(fastifySecureSession, { key: notForProductionKey })
fastify.register(fastifyPassport.initialize())
fastify.register(fastifyPassport.secureSession())

fastifyPassport.use('github', new GitHubStrategy(strategyOpts, function (accessToken, refreshToken, profile, cb) {
  console.log('**** Is this ever called??? *******') // <-- NEVER called in Fastify ⁉️
  console.log(profile) // <-- for testing only
  return cb(null, profile)
}
))


/**
 * Routes
 */

fastify.get('/', function (request, reply) {
  reply.send({
    hello: 'world',
    protected: false
  })
})

fastify.get('/protected', { onRequest: fastifyPassport.authenticate('github', { authInfo: false })}, (request, reply) => {
  reply.send({
    hello: 'protected',
    protected: true
  })
})

fastify.get('/auth/github/callback', { onRequest: fastifyPassport.authenticate('github', { authInfo: false })}, (request, reply) => {
  // reply.redirect('/')
  reply.send('called back')
})


/**
 * Run the Server
 */
fastify.listen(PORT, function (err, address) {
  if (err) {
    fastify.log.error(err)
    process.exit(1)
  }
})

It seems that the GitHub auth callback url must call fastifyPassport.authenticate() method too.

NB: I changed the hook from preValidation to onRequest in order to fail fast in the request lifecycle, but it should work as intended even with the preValidation hook. ^^

from fastify-passport.

Ah shoot right -- the only way that the passport handler is going to be able to get the user information is if it participates in the request where the user information comes back which is that callback URL! I missed that reading the example code. I feel like that must also be the case for express as well, no? Gonna close presuming yes but if not we can take a deeper look. Thanks @darkgl0w !

from fastify-passport.

Thanks for the reproduction! Offhand I am not sure why exactly this is happening, but, in my project we're using passport-github2 which is a maintained fork of passport-github, and it seems to work ok with fastify-passport! Want to try that one out?

from fastify-passport.

@airhorns I will try that and let you know.

I also just noticed I chose the original because according to passportjs, it was last updated 3 months ago…

but npm says actually 6 years ago

🤦‍♀️

from fastify-passport.

@airhorns I have the same problem, when swapping passport-github for passport-github2 🤷‍♀️

from fastify-passport.

Thanks @darkgl0w! That seems to work. Is there a reason why the callback needs it too? Is there something I missed in the documentation?

from fastify-passport.

No you didn't miss anything. It is the plugin documentation that needs some love. I have spotted some issues that are worth a PR when looking at this issue. 😝

In this particular case the plugin code itself is well commented. 😸

from fastify-passport.

@airhorns yes it is the case for express as well. I will submit a PR to add a note about this.

from fastify-passport.

No you didn't miss anything. It is the plugin documentation that needs some love. I have spotted some issues that are worth a PR when looking at this issue. 😝

In this particular case the plugin code itself is well commented. 😸

Yeah, documentation can really use from love. I find it detailed - but not in a good way that's easy to sort out, esp. since

• { authInfo@ false } is never explained
• And lines like this are just 😵‍💫 - so many params… and if I wanted to skip authInfo, could I? Or do I need an empty object? 🤔

  fastify.get(
    '/',
    { preValidation: fastifyPassport.authenticate('test', { authInfo: false }) },
    async (request, reply, err, user, info, status) => {

I'll try to figure out some of this, but it's a struggle right now.

If it's well documented in the code, you should consider using JSDoc to publish a docs site. And I'll shamelessly plug my own template here ;-) https://www.npmjs.com/package/tidy-jsdoc

Closing issue for now since original problem described is now solved.

from fastify-passport.