[BUG] Error: req#logout requires a callback function with passport@^0.6.0

Question

[BUG] Error: req#logout requires a callback function with passport@^0.6.0

sebsauer90 opened this issue 2 years ago · comments

Hello, first thanks for this package :)
So, now the problem:

We've updated passport to 0.6.0 and now we get the following error:
Error: req#logout requires a callback function

This is because passport now requires a logout callback function, as you can see here:
https://www.passportjs.org/concepts/authentication/logout/

In the validateCallback function in the authenticate method of the AbstractStrategy class you are using req.logout() without a callback function.

Is it possible to make an update for this? :)

Thanks a lot!
Seb

srd90 · Answer 1 · Wed Sep 07 2022 10:41:02 GMT+0800 (China Standard Time)

About passport 0.6.0 support see #698

At the moment it seems to be available only at 4.0.0-beta.1 version of passport-saml (final 4.0.0 is not yet released).

Note: starting from 4.x.x new passport-saml versions (incl. 4.0.0-beta.1) are available from npmjs'es @node-saml/passport-saml. Be aware that at the moment readme at the npmjs side contains incorrect (unscoped) passport-saml package reference because there has not been new (beta) releases with correct content.

Old (<= 3.x.x) versions of npmjs' passport-saml package shall/might be deprecated once 4.0.0 is released (see e.g. #729).

Sebastian Sauer · Answer 2 · Mon Sep 12 2022 15:25:40 GMT+0800 (China Standard Time)

Is here a maintainer, who can tell if we can expect an update (prod ready) soon? :)

Chris Barth · Answer 3 · Mon Sep 12 2022 20:31:51 GMT+0800 (China Standard Time)

A beta update was released over the weekend and we are waiting on a little more work over at node-saml before we can release the final 4.0.0 packages. We're trying to get all the breaking changes in that we see coming.

FWIW, the beta packages are functionally stable, and several are using them in production right now. The reason the packages are labeled as beta has nothing to do with the quality of the code, but rather to do with the fact that the public API is changing slightly with every beta release. Even then, the biggest changes are with how you configure node-saml, not with how you call the functions. Rest assured, between 3.x and 4.x there have been significant improvements to code quality with better testing, more rigorous linting, and stronger types. I would have no hesitation about using a propertly-configured 4.x series release, even if it does carry the beta label.

In any case, I would recommend against anything older than the 3.x series, and certainly not the 0.x series that you're on.

Sebastian Sauer · Answer 4 · Mon Sep 12 2022 20:51:16 GMT+0800 (China Standard Time)

Hey @cjbarth,
we are using passport-saml@3.2.1 and want to update passport@0.5.2 to 0.6.0.
So we are not using an 0.x version of passport-saml :P
Thanks a lot for your answer, then we will try the beta version I think :)

Chris Barth · Answer 5 · Thu Jan 12 2023 05:39:03 GMT+0800 (China Standard Time)

The final release of 4.0.0 was released.