I want to create an authentication system whereby the user can "sign up with Twitter", but all this effectively does is authenticate their Twitter account and prefills a registration form with their Twitter username. The user will then be asked to enter an email and password (or an alternative username).
Thus, upon registration, the user has authenticated access to their Twitter account, and the access token can be stored in a database. Later down the line I will use this to access the Twitter API.
Node modules such as everyauth
and passport
do a lot of the heavy lifting with OAuth, but they only appear to provide a findOrCreateUser
method, which doesn't offer a lot of breathing space to do something like what I need to do – that is, redirect to a registration form before registering the user, or if a user is found, just logging them in as per usual.
Here's a quick sketch of a possible approach for this:
Note that Passport does not provide a
findOrCreateUser
method. All database management and record creation is defined by your application (as it should be), Passport simply provides facilities for authentication.The key to this approach is to simply create an "incomplete" user record in your database, from the profile data given by twitter. Then, in your application's routes, you can check if the conditions you need are met. If not, redirect the user to a form where they are prompted to fill out missing details.
Slight clarification. The test "if (req.user.isCompleteProfile())" could be:
ie, you create a field 'isCompleteProfile' when you are making the user record in the twitter step, and mark it true or false, depending on what you know of the user
or: it is a call to a function, thus
in this case, you have a separate function which tests the state of the user you have just created/modified, thus:
And, I'd echo the praise for Jared and this marvellous tutorial on authentication in passportjs.