Advanced Node: Authentication Strategies with Passport

Advanced Node: Authentication Strategies with Passport
0

#1

I’m trying to understand how the passport authentication strategy works and when the username and password are actually getting sent to passport.

First, in the Authentication Strategies challenge, we create a local strategy like this:

passport.use(new LocalStrategy(
  function(username, password, done) {
    db.collection('users').findOne({ username: username }, function (err, user) {
      console.log('User '+ username +' attempted to log in.');
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      if (password !== user.password) { return done(null, false); }
      return done(null, user);
    });
  }
));

Then in the How to Use Passport Strategies challenge, it’s used as follows:

       app.route('/login')
        .post(passport.authenticate('local', { failureRedirect: '/' }), (req, res) => {
        res.redirect('/profile');
        })

What I’m wondering is how is the local strategy getting the username and password? I was expecting to extract it with something like req.body.username but apparently it isn’t needed?