Simplify your stack and build anything. Or everything.
Build tomorrow’s web with a modern solution you truly own.
Code-based nature means you can build on top of it to power anything.
It’s time to take back your content infrastructure.

Passport strategy called, passed a Payload user - still null on /users/me?

default discord avatar
sawariz0r2 years ago
1

So I'm diving into passport strategies in Payload at the moment, and I decided to start somewhat small with a passport-custom strategy.


The end plan is to create one that verifies the firebase JWTs from my React Native apps.



I've added it as a strategy in the users collection:


 auth: {
    strategies: [
      {
        name: "custom",
        strategy: () => customStrategy(),
      },
    ],
  },


And here's the customStrategy:


export default (): Strategy => {
  const strategy = new Strategy(async (req, done) => {
    // Extracts the JWT
    const token = extractJWT(req);
    if (!token) {
      done(null, false);
      return;
    }

    // Verifies and decodes the JWT
    const verifiedToken = await verifyToken(token);

    // Finds the user
    if (verifiedToken) {
      const userDoc = await payload.find({
        collection: "users",
        where: {
          oauthId: {
            equals: verifiedToken.user_id,
          },
        },
        showHiddenFields: true,
      });

      // The user exists, so it should work
      const user = userDoc.docs[0];
      if (user && userDoc.docs.length > 0) {
        // Yes, user exists. Passing the user document to done
        done(null, user);
        return;
      }
    } else {
      done(null, false);
    }
  });

  return strategy;
};


It's green down until the done() callback.


The user exists and is passed to the callback.


But

/users/me

still returns null.



The strategy names seems to be (simplified version:)

${collection}-${name / index}

, when set up in Payload where the passport.use() is called with the strategy.



Ideas? Am I missing anything obvious in the implementation?



Overriding the /users/me endpoint to return req.user solves the issue. The strategy looks like it's been working all along 😅

    Star on GitHub

    Star

    Chat on Discord

    Discord

    online

    Can't find what you're looking for?

    Get dedicated engineering support directly from the Payload team.