passport's req.isAuthenticated always returning false, even when I hardcode done(null, true)

Question

I\'m trying to get my Passport local strategy working.

I\'ve got this middleware set up:

passport.use(new LocalStrategy(function(username, password,         


        

Answer 1

This could also be an issue with your client's POST/GET calls. I had this exact same issue but it turned out that I had to give fetch (which is what I was using) the option credentials:'include' like so:

fetch('/...', {
  method: 'POST',
  headers: myHeaders,
  credentials: 'include',
  body: ...
  ...})

The reason is because fetch doesn't support passing down cookies, which is necessary in this case.

Answer 2

I fixed this issue by fixing my passport.deserializeUser. I'm using mongo native and since most of the examples use Mongoose i fell in to the _id trap once again.

So remember to make the _id a mongo ObjectID when reading the user in deserializeUser

passport.deserializeUser(function(user, done) {
    const collection = db.get().collection('users')
    const userId = new mongo.ObjectID(user);
    collection.findOne({_id : userId}, function(err, user) {
        if (err) done(err, null);
        done(null, user);
    });
});

My query was not finding the user since I did not make the id an ObjectID, and there was no errors indicated anywhere.