Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

how to customize http response if failed authentication?

See original GitHub issue

I have below code to use passport-jwt to verify user authentication. But it returns 500 internal error to the client if it failed authentication. How can I customize the error response with a different http status code with a different message?

router.post(
            "/user",
            passport.authenticate("admin", { session: false }),
            (req, res) => {
      ...

below is my passport setup:

const adminStrategy = new JwtStrategy(jwtOptions, (jwtPayload, next) => {
        l.info("admin payload received", jwtPayload);
        userDb.hgetall(jwtPayload.id, (err, obj) => {
            if (!err && obj) {
                if (obj.role !== "admin") {
                    next(new Error("not admin user"), false);
                } else {
                    next(null, jwtPayload);
                }
            } else {
                next(null, false);
            }
        });
    });
passport.use("admin", adminStrategy);

Issue Analytics

State:
Created 5 years ago
Comments:9 (1 by maintainers)

Top GitHub Comments

32reactions

tomislav13commented, Jun 17, 2019

Similar to kuldeepdhaka’s answer, maybe use it as a middleware function:

function authenticateJwt(req, res, next) {
  passport.authenticate('jwt', function(err, user, info) {
    if (err) return next(err);
    if (!user) throw new AuthError('401', 'User is not authenticated.');
    req.user = user;
    next();
  })(req, res, next);
}

router.get('/list', authenticateJwt, your_other_middleware_function1, your_other_function2, ... );

12reactions

kuldeepdhakacommented, Mar 25, 2019

Anyone looking for a quick and minimal way to take control over authentication failure responce:

// old way: no control over the authentication failure response 
router.get('/list', passport.authenticate('jwt', { session: false }),
	function(req, res, next) {
		res.send({"protected": "resource"})
	}
);

// new way: reduced to one function with json response for authentication failure

// print json response instead of string
// using Custom Callback
//http://www.passportjs.org/docs/authenticate/
function passport_authenticate_jwt(callback) {
	function hack(req, res, next) {
		passport.authenticate('jwt', function(err, user, info) {
			if (err) return next(err)
			if (!user) return res.status(401).send({
				"error": {
					"code": "INVALID_AUTHORIZATION_CODE",
					"message": "Invalid authorization code"
				}
			});

			req.user = user
			return callback(req, res, next);
		})(req, res, next);
	}

	return hack
}

router.get('/list', passport_authenticate_jwt(function(req, res, next) {
	req.send({"protected": "resource"})
}));