Comments (3)
Passport does automatically set the WWW-Authenticate header when all strategies failed if you provide no callback
to the authenticate
method (implementation here)
nestjs/passport always provides the callback:
Line 102 in 1034455
So that functionality is not accessible when using nestjs/passport.
You get the challenges passport uses to generate the WWW-Authenticate header in callback's 3rd parameter (
info
), but nestjs/passport is not doing anything with that param:Lines 79 to 84 in 1034455
from passport.
I think this should be reopened. I've just spent an hour, and then some, debugging nestjs-passport over this specific issue.
As @lkavicky has correctly pointed out, passport does set WWW-Authenticate, but Nest.js uses the callback flow, which is passport-speak for "Hold my beer, I'll deal with it myself". Failing to then deal with it is a 100% bug.
The behaviour of Nest.js Passport is also not RFC-compliant now: WWW-Authenticate is mandatory for 401 Unauthorized (i.e. the MUST thing vs SHOULD thing).
Right now we have to maintain our own AuthGuard with patches around it (calling setHeader in handleRequest, because we're HTTP-only). I'm happy to contribute it upstream if you guys want it.
from passport.
Does passport normally do this with express? @nestjs/passport
is only a wrapper around passport with funcitonality to make it work in a nest-like fashion. If this doesn't happen automatically by passport, then @nestjs/passport
won't do it either
from passport.
Related Issues (20)
- passport-steam Guide will be appreciated HOT 1
- How about changing the constructor parameter type of PassportStrategy like this? HOT 1
- validate(payload: any) in Implementing Passport JWT doc it's not correct HOT 2
- AuthGuard on Local Strategy return undefinded HOT 1
- overwhelmed by error logs HOT 6
- Pretty magical thing: request.authInfo = undefined and behavior is very strange HOT 3
- Unable to preserve session in passport v0.6.0 HOT 2
- v10 does not allow typing on custom `getRequest` method in class with extended AuthGuard HOT 1
- AuthGuard does not work with authentication-only strategies HOT 1
- Support for [email protected] HOT 3
- using @Inject(REQUEST) req breaks passport. HOT 4
- Guard Order Scope affects order of execution HOT 2
- Can a new release be pushed? HOT 3
- Nest can't resolve dependencies of the JwtAuthenticationGuard after upgrade 8.1.0 to 8.1.1 HOT 9
- Cannot read properties of undefined (reading 'property') HOT 1
- Using custom passport from a different package causes error HOT 1
- Dependency tree discrepancy HOT 2
- PassportStrategy interface does not contain validate() HOT 2
- The defaultStrategies cannot be set during runtime in the AuthGuard HOT 1
- Typing of the result of getAuthenticateOptions is misleading/incorrect HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport.