How to use passportjs to authenticate users in a meteor database without meteor?

Hi, I’m planning to write a separate API to my meteor app which can be used to connect mobile apps and some other third party systems. I currently use the react native meteor plugin to directly connect the meteor app. But we need to de-couple the mobile app from meteor. To do this, I’m going to create a separate API connecting directly to the database. So, I will have access to the old user accounts create by Meteor. Can I use the same accounts to authenticate users through passport?

I tried in the past, but I couldn’t get past some roadblock, and then I moved on from that project so never reached a conclusion. But I’ve heard it is very much possible to achieve, you just have to use the bcrypt package that is used by Meteor. Commenting here as I want to be notified of any progress on this.

I’m also trying. This is as far as I’ve gotten: Using connect middleware in Webapp.connectedHandlers

@asad, were you able to get webapp to run any ‘passport strategies’? Even a simple token-based one?

There are no examples on the web of how to use passport without expressjs. I’ve left issues at the passportjs github repo. No answer.

I tried using Passport with Hapi.js, and didn’t have much luck. I don’t think it’ll work OOTB with Meteor either. You might need to hack around with it a bit. This is all I could find: http://stackoverflow.com/questions/17113692/integrating-passport-js-meteor

I also tried with some node packages but still, could not find a way to do it. I did try to create an encrypted hash using the bcrypt package and the password but they didn’t match with the one stored in the database. :cry:

I’m not familiar with passportjs but we ported some of the Accounts package code to npm for use in our Lambda functions. You may find it useful:

The hash function isn’t exported but here’s the relevant code: https://github.com/Share911/accounts/blob/master/src/index.js#L35

Btw, Lambda with the API Gateway is a nice way to set up an API. The serverless project is quite nice to work with and makes it easier to deploy the Lambda functions.

@lcpubs @lpgeiger Did you guys have any luck making it work with simple app?

AFAIK, passport needs Connect api to redirect the users to fb auth page (if you’re using fb authentication) for that they are using

self.redirect(location);

check here https://github.com/jaredhanson/passport-oauth2/blob/master/lib/strategy.js#L245

no router I know in meteor provides redirect option.

Please provide updates if anyone is able to make it work.

@sasikanth123 I didn’t get much further. I’m not familiar with express nor connect. But I was able to make passport run within Meteor’s connect implementation ( https://docs.meteor.com/packages/webapp.html
). But the authentication strategy was not called.

Anyone with experience in Express that can lend a hand to this?

Perhaps the strategies used here in this Koa shim for passport would be useful. https://github.com/rkusa/koa-passport

For anyone interested here is my reproduction of the PassportJS issue in meteor. Any help much appreciated.

const passport = require('passport')
const LocalStrategy = require('passport-local').Strategy

// Define a 'strategy' to use with authentication.
passport.use(new LocalStrategy(
  function (username, password, done) {
    console.log('LocalStrategy called')
    if (username) {
      // normally you would query the database here. For now, just return a string.
      return done(null, 'MY USERNAME');
    }
    return done('error', null)
  }
))

WebApp.connectHandlers.use(passport.initialize())

// use authenticate() strategy with this WebApp route.
WebApp.connectHandlers.use('/passportTest', function (req, res, next) {
// 'local' refers to LocalStrategy
  passport.authenticate('local', function (err, user) {
    console.log('user', user)
    if (err) {
      console.log('err', err)
      res.end('NOT Authenticated!')
    } else if (user) {
      console.log('user', user)
      res.end('user' + user)
    } else {
    // THIS IS THE ISSUE. 
    // LocalStrategy returns nothing.
      res.end('NO USER NOR ERROR! AUTH IS NOT RUNNING')
    }
  })(req, res)
})
1 Like

Hi wondering if you got PassportJS to work?