When using authentication by passport-jwt, does it always appends the req object with an object named "user"? Where does this name "user" come from?
app.post('/profile',
passport.authenticate('jwt', { session: false }),
function(req, res) {
res.send(req.user.profile);
}
);
Does this code always append the req object with an object named "user"?
From where is this name "user" coming?
This is the definition of passport.authenticate from passport source code line 12. So basically, passport.authenticate is a middleware it will do the data extraction and then bind data into req.user.
* Applies the `name`ed strategy (or strategies) to the incoming request, in
* order to authenticate the request. If authentication is successful, the user
* will be logged in and populated at `req.user` and a session will be
* established by default. If authentication fails, an unauthorized response