how to customize http response if failed authentication?
See original GitHub issueI have below code to use passport-jwt
to verify user authentication. But it returns 500 internal error to the client if it failed authentication. How can I customize the error response with a different http status code with a different message?
router.post(
"/user",
passport.authenticate("admin", { session: false }),
(req, res) => {
...
below is my passport setup:
const adminStrategy = new JwtStrategy(jwtOptions, (jwtPayload, next) => {
l.info("admin payload received", jwtPayload);
userDb.hgetall(jwtPayload.id, (err, obj) => {
if (!err && obj) {
if (obj.role !== "admin") {
next(new Error("not admin user"), false);
} else {
next(null, jwtPayload);
}
} else {
next(null, false);
}
});
});
passport.use("admin", adminStrategy);
Issue Analytics
- State:
- Created 5 years ago
- Comments:9 (1 by maintainers)
Top Results From Across the Web
How To Implement Custom Error Responses in Express - Auth0
Here, you will learn how to customize the 401 Unauthorized or 403 Forbidden HTTP errors by extending the Auth0 Hello World API. This...
Read more >http - RESTful Login Failure: Return 401 or Custom Response
First off. 401 is the proper response code to send when a failed login has happened. 401 Unauthorized Similar to 403 Forbidden, ...
Read more >Custom Unauthorized response body - Ignas Sakalauskas
A quick example to illustrate an implementation of a custom Unauthorized response body in ASP.NET Core 2.1. The implementation is based on ...
Read more >401 Unauthorized - HTTP - MDN Web Docs
The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed ...
Read more >4 Developing Custom Pages - Oracle Help Center
The custom error page is packaged as part of the custom login application. Under authentication policy, set the failure redirect URL to be...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Similar to kuldeepdhaka’s answer, maybe use it as a middleware function:
Anyone looking for a quick and minimal way to take control over authentication failure responce: