When using authentication by passport-jwt, does it always appends the req object with an object named "user"? Where does this name "user" come from?
app.post('/profile',
passport.authenticate('jwt', { session: false }),
function(req, res) {
res.send(req.user.profile);
}
);
Does this code always append the req
object with an object named "user"
?
From where is this name "user"
coming?
This is the definition of passport.authenticate
from passport source code line 12. So basically, passport.authenticate
is a middleware it will do the data extraction and then bind data into req.user
.
* Applies the `name`ed strategy (or strategies) to the incoming request, in
* order to authenticate the request. If authentication is successful, the user
* will be logged in and populated at `req.user` and a session will be
* established by default. If authentication fails, an unauthorized response