As the title implies all of my Post / Get requests get the pending status after I have run req.login, it seems like there is something blocking them.

I have also tried to use req.logIn which does not change anything.
req.login(user, loginErr => { if (loginErr) { return next(loginErr); } return res.send({ success : true, message : 'authentication succeeded' }); })

Full code
`

router.post('/login', function(req, res, next) {
    passport.authenticate('local', function(err, user, info) {
      if (err) {
        return next(err);
      }

  if (! user) {
    return res.send({ success : false, message : info.message });
  }
  
  req.login(user, loginErr => {
    if (loginErr) {
      return next(loginErr);
    }
    return res.send({ success : true, message : 'authentication succeeded' });
  })

})(req, res, next);

});
`
Am I missing something or is req.login actually bugged?

I have also submitted a stackoverflow question which can be viewed here:
Stackoverflow

@jaredhanson What do you think about versioning the documentation along the lines of the way the express.js website does it:
http://expressjs.com/4x/api.html
http://expressjs.com/3x/api.html

I think the benefit is that the old documentation is still there for people who have not updated and are therefore dependent on it.

I wanted to find out what people thought before starting any work because it did not seem like a question that could be well-packed into a single pull-request.

Hi,
I am not sure whether this is an issue, details as follows, the following code always fails the authentication (i.e., 'Verification function is called' is never shown in console):

const express = require('express')
const path = require('path')
const passport = require('passport')
const Strategy = require('passport-local').Strategy
const port = 30000

passport.use(new Strategy(
  function(username, password, cb) {
        console.log('Verification function is called');
        return cb(null, {username, id: '1'});
  }
));

var app = express();
app.use(passport.initialize());
app.use(passport.session());
app.get('/', (req, res) => res.send('Hello world!'));
app.get('/login.html', (req, res) => res.sendFile(path.join(__dirname, '/login.html')));
app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login.html' }));

app.listen(port, () => console.log(`Example app listening on port ${port}`));

here is the static file 'login.html':

<html>
        <head>
                <title>login</title>
        </head>
        <body>
                <form action="/login" method="post">
                            <div>
                                            <label>Username:</label>
                                            <input type="text" name="username"/>
                            </div>
                            <div>
                                            <label>Password:</label>
                                            <input type="password" name="password"/>
                            </div>
                            <div>
                                            <input type="submit" value="Log In"/>
                            </div>
                </form>
        </body>
</html>

After debug, I found the problem is in Strategy.prototype.authenticate, passport-local/lib/strategy.js, specially, this line:

return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);

And I add a log before this return such as:

console.log('here!!! body:' + req.body + ' query: ' + req.query + ' usernameField: ' + this._usernameField + ' passwordField:' + this._passwordField);

and here is the result:

here!!! body:undefined query: [object Object] usernameField: username passwordField:password

But actually, from fiddler, the request body is not null:

POST http://xxx:30000/login HTTP/1.1
Host: xxx:30000
Connection: keep-alive
Content-Length: 25
Cache-Control: max-age=0
Origin: http://xxx:30000
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://xxx:30000/login.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,ar;q=0.8,zh-CN;q=0.7,zh;q=0.6
Cookie: connect.sid=s%3AU9HkxMCRQJutHorlDOveMi91T8CngKVs.MNuCBvMhY7KAb%2Fmvn0oMbga8GFfYWrMeUeL8Bu1RMiw

username=adf&password=adf

Looks the request body is never populated to the passport library. Could you please take a look? Thanks!

If I understand correctly, www.passportjs.org is running on paid plan of Heroku. If that’s the case, then HTTPS is free.

Re-filing this as there is apparently a separate repository for the website (original at jaredhanson/passport#353).

Browser: Chrome 42.0.2311.152, openSUSE 13.1 x86_64.

Upon finding that the site for Passport had changed significantly, and that it used a lot of fancy JS "enhancements", I decided to have a look at how well it functioned without JS. As it turns out, it doesn't, at all.

The "view strategies" button is completely broken. "Section jumping" in the documentation is completely broken. Neither of these are functionality that absolutely requires JS. Whatever happened to the practice of progressive enhancement?

Documentation should really be available to anybody with a web browser (and, ideally, even to people without a web browser). There are many people who either cannot enable JS in their browser, do not want to enable JS in their browser (eg. for security reasons), or who recursively download a site because their internet connection is unreliable/limited.

The current site breaks all of these usecases, and that should really be fixed.

I'd like to help updating the documentation for express 4.0 but it's a whammy and I'd also like to know if there are already any plans in place for this.

Refer to passport-oauth/21

How we can update strategies list?

For example, I have a lot of strategies that allows authenticate user in social networks by access token received from mobile application (it's clean REST API, so that's why I'd created strategies for this).

How can I create PR or something to add those one to strategies list ?

Steps to repro

1. Visit http://www.passportjs.org/packages/

Expected

300+ strategies in list, before typing anything.

Actual

Text says "5 strategies". Only 5 boxes visible.

Can this project be added:

https://github.com/oauth-everything/passport-discord

I am not a developer on the project, but do feel it should be part of the list

I am unable to install passport package, When I try to install this I got this error.
Refusing to install package with name "passport" .

The /packages page gets a 404, but only on refresh or direct link. If you link from elsewhere on the site, with the "Packages" link on the left-hand side, the page loads fine.

I was looking into this a little, but the repo is a little complex, especially for a beginner. I had never even heard of kerouac before looking at this repository, though it looks pleasant to work with. I did notice a suspicious comment in app/site.js referencing the /packages link, which is the sometimes-broken link.

I'm opening an issue before looking more at the repo because I am hoping someone else can find the bug before I can. If you want me to keep looking, a nudge in the right direction would be most welcome.

The http://passportjs.org/docs/google page has example code for the passport-google module, which uses OpenID. Since Google no longer supports OpenID, following the tutorial results in an error: Failed to discover OP endpoint

A solution is to rewrite the tutorial using the passport-google-oauth2 module.

I think you need a different font using white on black ... I would recommend keeping the black for the menu, but using black on white for the actual body / docs. Or at least choose a heavier font.

Every other documentation page I use is white, and it's always jarring / hard to adjust to read http://passportjs.org/docs when switching between different doc pages. Any chance we can get a light theme?

Sorry for the minor question - and thanks!

(Copied from jaredhanson/passport#472)

I found the distinction between passport.serialize() and login() functions unclear. Can the language be improved to further clarify the distinction?

Broken link in http://www.passportjs.org/docs/basic-digest/ to OAuth2.0
Is poiting to http://www.passportjs.org/guide/oauth2-api/.

Maybe it be replace by http://www.passportjs.org/docs/oauth2-api/?

I could take this.

The "Example" link on http://www.passportjs.org/packages/passport-local/ points to a non existing github page.
<a href="https://github.com/jaredhanson/passport-local/tree/master/examples">examples</a>

This should probably be https://github.com/jaredhanson/passport-local/wiki/Examples as in the README of passport-local repo

@jaredhanson Is the master branch what's live on the site or the redesign branch? Which branches are for what?

When I click on the repository link in the sidebar of a package page (e.g. the GitHub link on http://www.passportjs.org/packages/passport-facebook/), it tries to open a git:// URL, not the HTTPS URL that is displayed. When I'm browsing packages, I don't really care about the Git URL; I want to look at the source code online before downloading. Can this be changed to link to the HTTPS URL instead?

Where: http://www.passportjs.org/docs
URL: https://hueniverse.com/2009/04/introducing-sign-in-with-twitter-oauth-style-connect/