passport-compose

Utilities for chaining multiple Passport authentication middlewares

Usage no npm install needed!

<script type="module">
  import passportCompose from 'https://cdn.skypack.dev/passport-compose';
</script>

README

passport-compose

Dependency Status Download Status Sponsor on GitHub

Utilities for chaining multiple Passport authentication middlewares

Use case

You have multiple Passport authentication strategies, and you need all of them to run before considering the user to be authenticated.

For instance, you may wish to authenticate with username and password (via passport-local), then also pass an OTP or CAPTCHA check in a separate strategy.

Requirements

  • Node.js 8+
  • Passport strategies of your choice

Installation

$ npm install --save passport-compose

Usage

const passportCompose = require("passport-compose");
const { compose, loginRedirect, isAuthenticated } = passportCompose({
  // optional configuration
  sessionStageField: "passport.stage",
  sessionLoginRedirectField: "redirectTo",
  successRedirect: "/",
  successReturnToOrRedirect: "/",
  failureRedirect: "/login"
});

// This example assumes you have set up an express application called "app",
// and have required and configured "local" and "otp" strategies for passport

// Do not set "successRedirect" or "successReturnToOrRedirect" here, or a
// passing strategy will redirect before the next one runs
const localSettings = { failureRedirect: "/login" };
const otpSettings = { failureRedirect: "/login" };

// Require successful username+password and OTP authentication, then redirect
const strategies = [
  passport.authenticate("local", localSettings)),
  passport.authenticate("otp", otpSettings))
];
app.post("/login", compose(strategies), loginRedirect());

// To require all strategies to pass before accessing a resource:
app.get("/protected", isAuthenticated(), (req, res) => {
  res.sendStatus(204);
});

License

MIT license