Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow setting the additionalParams in .authenticate

See original GitHub issue

I need to send in the RelayState when asking to login. This relay state is different for each user so I need it to be set when the user requests /login (and then .authenticate()) as opposed to when I start my server and setup passport.use(.

Basically I would like to:

  app.get('/login',
    passport.authenticate(config.passport.strategy,
      {
        additionalParams: {'RelayState': req.url},
        failureRedirect: '/loginFail'
      })
  );

Obviously even the above wouldn’t work since I don’t have access to the req variable. Perhaps there’s a better way to simply have the user return to the page they were asking for.

Issue Analytics

State:
Created 7 years ago
Reactions:4
Comments:9

Top GitHub Comments

9reactions

jylaurilcommented, May 5, 2017

Pro tip: You can wrap the passport.auhenticate call inside your own middleware function so you can access the request and response if needed:

  app.get('/login', function(req, res, next) {
    passport.authenticate(config.passport.strategy,
      {
        additionalParams: {'RelayState': req.url},
        failureRedirect: '/loginFail'
      })(req, res, next); // <- just remember to add these
  });

2reactions

blackpuppycommented, Jul 2, 2021

I got the same problem, that is, not able to pass additionalParams in the second argument to passport.authenticate(). And eventually found the following solution. Note that I am using TypeScript.

// need to use AuthenticateOptions from passport-saml
import { AuthenticateOptions } from "passport-saml/lib/passport-saml/types";

// then for GET /login route
const relayState = "your-state";  // like a key of the intended URL in a cache
const options: AuthenticateOptions = {
    failureRedirect: "/",
    additionalParams: {
        RelayState: relayState,
    },
};
passport.authenticate("saml", options)(req, res);

// later in POST /login/callback
const relayState = req.body.RelayState;
const redirectUrl = MyCache.get(relayState);
res.redirect(redirectUrl);

TypeScript checks the 2nd argument against the AuthenticateOptions defined in passport, and it does not have additionalParams, so there is a type error. Using the AuthenticateOptions defined in passport-saml solves it. But for JavaScript, it does not have this type checking. So I think it should just work.

Top Results From Across the Web

Allow setting the additionalParams in .authenticate · Issue #157

Basically I would like to: app.get('/login', passport.authenticate(config.passport.strategy, { additionalParams: {'RelayState': req.url} ...

How to pass an additional parameter to passport.authenticate

In my case, due to the authentication flow, to set up a variable in req was not working. The second option, set passReqToCallBack:...

Pass Parameters to Identity Providers - Auth0

You can pass provider-specific parameters to an Identity Provider (IdP) during authentication. The values can either be static per connection or dynamic per ......

Pass an additional parameter with spring security login page

The simple and easiest option to pass an additional parameter with Spring Security login page is to create a custom filter by extending...

passport-saml

SAML 2.0 authentication strategy for Passport. ... Additional SAML behaviors; additionalParams : dictionary of additional query params to add to all ...