I’m trying to understand how the passport authentication strategy works and when the username and password are actually getting sent to passport.
First, in the Authentication Strategies challenge, we create a local strategy like this:
passport.use(new LocalStrategy(
function(username, password, done) {
db.collection('users').findOne({ username: username }, function (err, user) {
console.log('User '+ username +' attempted to log in.');
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (password !== user.password) { return done(null, false); }
return done(null, user);
});
}
));
Then in the How to Use Passport Strategies challenge, it’s used as follows:
app.route('/login')
.post(passport.authenticate('local', { failureRedirect: '/' }), (req, res) => {
res.redirect('/profile');
})
What I’m wondering is how is the local strategy getting the username and password? I was expecting to extract it with something like req.body.username
but apparently it isn’t needed?