mikenicholson/passport-jwt

Correct use of passport-jwt & deserializeUser

dn-l opened this issue · 1 comments

dn-l commented

Hi, here's my code:

async function jwtStrategy (jwtPayload, done) {
  const user = await User.findById(jwtPayload.sub)
    .deepPopulate('one.two.three')
    .exec()
    .catch(errorHandler(done))
  if (!user) {
    return done(createHttpError(401))
  }
  done(null, user)
}

passport.use(new JwtStrategy(jwtStrategyOptions, jwtStrategy))

passport.deserializeUser(async (id, done) => {
  const user = await User.findById(id)
    .deepPopulate('one.two.three')
    .exec()
    .catch(errorHandler(done))
  done(null, user)
})

It works great however i noticed that i make too make requests (populate). On every api request i get passport.deserializeUser executed and jwtStrategy straight after. What's the correct usage here?

dn-l commented

I ended up removing session support => deserialize became redundant