Do I implement serialize and deserialize NodesJS + Passport + RedisStore?

Question

Do I implement Serialize and Deserialize?

RedisStore is setup as my session store with Express. Does this mean that I DO NOT implement Serialize and Deserialize? Will i

Answer 1

Bit late but i have made this visual thing to understand

1. When and how is is an strategy/local/Facebook/etc called and how it gets to req.login or passport.serializeUser() and whats with done()?

passport.authenticate() invokes the respective strategy you provide as an argument, there you match req.body.password and req.body.username with the database stored or in memory stored password and username. if user found you pass it to done() as second argument else you return false

The done callback return back to passport.authenticate(). if done is called previously with user (ie done(null,user); ) than req,logIn() is called automatically or by user behind the scene

req.logIn() calls passport.serializeUser()

2. Whats passport.serializeUser and Where does user.some_key go after this function has been called?

the key of user object you provide in second argument of the done in serialize function is saved in session and is used to retrieve the whole object via deserialize function.

Serialize function determine what data from the user object should be stored in the session. The result of the serializeUser method is attached to the session as req.session.passport.user = {} here for instance it would be(as we provide id as key) req.session.passport.user = {id:'xyz'}

3. What is passport.deserializeUser and where does it fit in the workflow?

In deserialize function you provide in first argument of deserialize function that same key of user object that was given to done function in serialize call. so your whole object is retrieved with help of that key. that key here is id(key can be any key of the user object ie name,email etc) In deSerialize function that key is matched with in memory array / database or any data resource

The fetched object is attached to request object as req.user

id key can be any key of the user object ie name,email etc

Visual Flow

passport.authenticate()-----------
                                 |  
                                 |  invokes 
                                \./
       passport.use(new LocalStrategy(
            function(username, password, done) {

           // match req.body.username and req.body.password from any 
              //data base or in memory array
               if(user_is_found_and_pass_match)
                  done(null,user);--
               else                   | *1-user passed
                                      |
                  done(null,false);---| *2-user not passed
       });                            | 
                                      |return back to
passport.authenticate() <------------ |
                      |
                      |----- if user is passed in done() (*1) ,   
                            |
    req.login()   <--------- 
              |
 //authenticate() middleware  may  invoke req.login() automatically.
              |
              | calls
             \./  
 passport.serializeUser(function(user, done) {
        done(null, user.id); 
                     |
//use 'id'to serialize, you can use other or user object itself
    });              |-->saved to session req.session.passport.user = {id:'..'}
                     |
                     |__________________
                                       |          
    passport.deserializeUser(function(id, done) {
                      ________________|
                      | 
        User.findById(id, function(err, user) {
            done(err, user);
                       |______________>user object ataches to the request as req.user

     });
      });

here id key can be any key of the user object ie name,email etc