我必须在这里忽视一些事情。我正在使用visajs的Facebook策略来验证用户。这是通过2个请求/ [路由处理程序]完成的:
//one to initiate the the auth:
init: function (req, res, next) {
passport.authenticate('facebook', {
callbackURL: URL + '/facebook/callback',
state: req.body //attempting to put some state
})(req, res, next)
}
//one callback
callback: function (req, res, next) {
passport.authenticate('facebook', {
callbackURL: URL + '/facebook/callback'
},
function (err, profile, accessToken, refreshToken) {
if (err) return next(err)
res.send(passedReqBody)
})(req, res, next)
}
//the verify callback doesn't do much.
//Application logic is done in route callback handlers
passport.use(new FacebookStrategy({
clientID: config.facebook.id,
clientSecret: config.facebook.secret
},
//When setting passReqToCallback to true, it is set as the first argument
//to the verify callback. As in:
//function (req, accessToken, refreshToken, params, profile, done) {
//But this is the 'callback' request object. I want the 'init' request object.
function (accessToken, refreshToken, params, profile, done) {
//params.state is undefined
return done(null, profile, accessToken, refreshToken);
}));
我的问题是我希望第一个函数的POST请求体在回调路由处理程序中公开。
OAuth2Strategy构造函数'passReqToCallback'有一个选项可以将最新的请求发送回验证回调,这对我没用(我想要第一个请求.body)
接下来看起来似乎是合理的道路,就是使用'州'选项,如https://github.com/jaredhanson/passport-oauth/blob/master/lib/passport-oauth/strategies/oauth2.js#L169
但是这些值在getOAuthAccessToken回调https://github.com/jaredhanson/passport-oauth/blob/master/lib/passport-oauth/strategies/oauth2.js#L124
上不可用我目前的选择是在OAuth2Strategy.prototype.authenticate()函数中添加一个额外的变量,它在第一个函数上设置,并且传回,不变,回调函数,但我无法想象这是要走的路。
答案 0 :(得分:5)
根据您的描述,最佳方法可能取决于您的应用程序,但这里是对init
和callback
中间件的快速修改:
init: function (req, res, next) {
// SAVE BODY IN SESSION
req.session.initBody = req.body;
passport.authenticate('facebook', {
callbackURL: URL + '/facebook/callback',
state: req.body //attempting to put some state
})(req, res, next)
}
//one callback
callback: function (req, res, next) {
passport.authenticate('facebook', {
callbackURL: URL + '/facebook/callback'
},
function (err, profile, accessToken, refreshToken) {
if (err) return next(err)
// RESTORE BODY FROM SESSION
res.send(req.session.initBody);
delete req.session.initBody;
})(req, res, next)
}
请注意,原始请求正文将持久保存到会话中,然后在回调时恢复。如果您希望数据在请求/响应周期中存活,这是一种技术。但是,我要注意,GET
回调中的变异状态可能并不可取,因此如果根据原始主体修改任何内容,请务必小心。