Understanding passport serialize deserialize

by
  1. Where does user.id go after passport.serializeUser has been called?

The user id (you provide as the second argument of the done function) is saved in the session and is later used to retrieve the whole object via the deserializeUser function.

serializeUser determines which data of the user object should be stored in the session. The result of the serializeUser method is attached to the session as req.session.passport.user = {}. Here for instance, it would be (as we provide the user id as the key) req.session.passport.user = {id: 'xyz'}

  1. We are calling passport.deserializeUser right after it where does it fit in the workflow?

The first argument of deserializeUser corresponds to the key of the user object that was given to the done function (see 1.). So your whole object is retrieved with help of that key. That key here is the user id (key can be any key of the user object i.e. name,email etc).
In deserializeUser that key is matched with the in memory array / database or any data resource.

The fetched object is attached to the request object as req.user

Visual Flow

passport.serializeUser(function(user, done) {
    done(null, user.id);
});              │
                 │ 
                 │
                 └─────────────────┬──→ saved to session
                                   │    req.session.passport.user = {id: '..'}
                                   │
                                   ↓           
passport.deserializeUser(function(id, done) {
                   ┌───────────────┘
                   │
                   ↓ 
    User.findById(id, function(err, user) {
        done(err, user);
    });            └──────────────→ user object attaches to the request as req.user   
});

More Related Contents:

  1. Redirecting to previous page after authentication in node.js using passport.js
  2. Using PassportJS, how does one pass additional form fields to the local authentication strategy?
  3. ERR_HTTP_HEADERS_SENT: Cannot set headers after they are sent to the client
  4. How to implement a secure REST API with node.js
  5. passport’s req.isAuthenticated always returning false, even when I hardcode done(null, true)
  6. passport.js passport.initialize() middleware not in use
  7. passport.js RESTful auth
  8. How to setup an authentication middleware in Express.js
  9. Node + Express + Passport: req.user Undefined
  10. How to know if user is logged in with passport.js?
  11. req.body empty on posts
  12. Node.js – get raw request body using Express
  13. ExpressJS How to structure an application?
  14. How to handle FormData from express 4
  15. Remove route mappings in NodeJS Express
  16. Global Variable in app.js accessible in routes?
  17. Express.js routing: optional splat param?
  18. Stream from a mongodb cursor to Express response in node.js
  19. How to protect the password field in Mongoose/MongoDB so it won’t return in a query when I populate collections?
  20. How to get a callback on MongoDB collection.find()
  21. NodeJS/express: Cache and 304 status code
  22. Use multiple local strategies in PassportJS
  23. socket.io and express 4 sessions
  24. Is it possible to set a base URL for NodeJS app?
  25. Any way to serve static html files from express without the extension?
  26. How to organise file structure of backend and frontend in MERN
  27. What is the proper way to check for existence of variable in an EJS template (using ExpressJS)?
  28. Express.js Routing error: Can’t set headers after they are sent
  29. body-parser – extended option (qs vs querystring)
  30. How to limit upload file size in express.js

Leave a Comment