passport.authenticate() is a middleware function that needs to be invoked with the appropriate arguments in order to access request data, manipulate responses, etc.
The correct way to run it within a route is by passing in req, res, and next:
app.get('/login', function(req, res, next) {
passport.authenticate('local')(req, res, next);
});
If you simply invoke the function without passing these arguments:
app.get('/login', function(req, res, next) {
passport.authenticate('local')();
});
The function won't have access to req, res, and next. This is because variables in scope at the definition site of a function are not automatically available when the function is called, as demonstrated in this example:
function addOne() {
x++;
}
app.get('/', function() {
var x = 99;
addOne();
})
The defined callback passed to passport.authenticate() allows you to perform additional logic after the authentication process has completed successfully or failed:
app.get('/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) return next(err);
if (!user) return res.redirect('/login');
req.logIn(user, function(err) {
if (err) return next(err);
return res.redirect('/users/' + user.username);
});
})(req, res, next);
});
This callback can access all necessary variables since they were captured at the definition site. It's important to pass req, res, and next when invoking passport.authenticate() to ensure proper functionality within the route.
The scoping behavior difference between defining and invoking functions is crucial in understanding why certain variables may or may not be accessible within a given context.