OAuth (Passport.js) Tutorial #15 - Serializing Users

sessions have a lock
and the 'key' to a session is a cookie
this cookie is initially sent by server then on every subsequent request, its sent by the client

serialiseuser and deserialiseuser are functions of passport

when serialiseuser is called
a cookie is created and gets the mongodb _id embedded in it

when deserialiseuser is called
using the the cookie the user object is obtained
then this user object gets attached to the req

shameekagarwal

Looking forward where the 'done' function is gonna bring me.... Not 100% clear to me, though I'm rather sure it will become clear the upcoming days.
Thanks again for all your time and effort.
You're a Master Ninja !

johnnydriesen

Sos un maestro!! 5 años después el video sigue vigente!!

FacundoCastellano

Amazing! This helped me get the local and passport-slack strategy to work together. I was missing the part to add the user to my mongoDB when a user tried to sign in with slack and it was causing my isLoggedIn function to deny access but would work with the local login. I have been looking for a complete solution and your easy to follow videos filled in the code gap I needed! You da real MVP lol!!!!

markwhite

Dude, I f...ing love your tutorials, esp. this one about passport! Thank you very much for all the great content you upload, it's been very helpful for a beginner like me! But, why don't you upload all the videos at once?

leopoldblau

Looking forward to the next video. Im assuming that you are going to 'express-session' and 'cookie-parser' and I am really interested in your explanation of their purpose.

Gjacolby

"stuff" ..."jam" ..."cram" that poor cookie its going to be all crumbled by time your "done" with it ;) thanks ninja !! awesome stuff

codedynamics

A bit confused as to how the serialize/deserialize functions know when to run.

zdent

How does the GoogleStrategy response 'done()' function know where to go? You didn't specify that it should be "passport.serializeUser" ?

asdfasdfuhf

Very well explained the chain of events!!!

pvamsee

the way you use to speak the words "done" and "null" was little bit very funnier haha :D i like that ;)

mohammadawais

I loved it, thank you again!
One question, is it actually a good idea sending the cookie with the id? So everyone who knows user's id and spoof the cookie and login to their accounts bypassing the authorization?
Would it be a better idea to add another randomly generated id that would expire after sometime and only work for 1 ip instead of multiple?

oinSquares

Does the sequnce of the three functions (passport.use, passport.serialize, passpost.deserialize) matter ? I mean, I write the serial/deserial below the use, and it seems no error and working well. But sometimes the sequence in the app.js does matter. I don't know when the sequence matters and when not.

yumingui

If you're already granting authorization with accessToken, is it still necessary to create a session with cookies? Doesn't the access token store a JWT on the client side in localStorage?

carlosgrijalva

Guys if you still have some doubt on serializing and deserializing , visit this page

charan

I am getting error
TypeError: req .logIn is not a function

While using done

secondsEmotions

Your text editor is not highlighting the variable which is not used in.

amazekhashaa

there is no such thing as id right the objects are _id, googleid, username. how does it work with user.id
???

jamessajan

Hello sir, I didn't understand this tutorial. All previous tutorial I understand 110% but this time I only understood 30% . Please help Why I am nt able to undertand

ashutoshdwivedi

deserializeUser is not being called. what should i do. pls help me out

himanshunegi