Build Coverage Quality Greenkeeper badge Dependencies

Passport strategy for authenticating with 42 using the OAuth 2.0 API.

This module lets you authenticate using 42 in your Node.js applications. By plugging into Passport, 42 authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.


$ npm install passport-42


Create an Application

Before using passport-42, you must register an application with

  1. If you have not already done so, a new application can be created at 42 Applications. Your application will be issued an app UID and app SECRET, which need to be provided to the strategy. You will also need to configure a redirect URI which matches the route in your application.

Configure Strategy

The 42 authentication strategy authenticates users using a 42 account and OAuth 2.0 tokens. The app UID and SECRET obtained when creating an application are supplied as options when creating the strategy. The strategy also requires a verify callback, which receives the access token and optional refresh token, as well as profile which contains the authenticated user's 42 profile. The verify callback must call cb providing a user to complete authentication.

var FortyTwoStrategy = require('passport-42').Strategy;

passport.use(new FortyTwoStrategy({
    clientID: FORTYTWO_APP_ID,
    clientSecret: FORTYTWO_APP_SECRET,
    callbackURL: ""
  function(accessToken, refreshToken, profile, cb) {
    User.findOrCreate({ fortytwoId: }, function (err, user) {
      return cb(err, user);

Authenticate Requests

Use passport.authenticate(), specifying the '42' strategy, to authenticate requests.

For example, as route middleware in an Express application:


  passport.authenticate('42', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.


Developers using the popular Express web framework can refer to an example as a starting point for their own web applications.


Specify profile fields

The 42 profile contains a lot of information about a user. The fields needed by an application can be indicated by setting the profileFields option.

new FortyTwoStrategy({
  clientSecret: FORTYTWO_APP_SECRET,
  callbackURL: "",
  profileFields: {
    'id': function (obj) { return String(; },
    'username': 'login',
    'displayName': 'displayname',
    'name.familyName': 'last_name',
    'name.givenName': 'first_name',
    'profileUrl': 'url',
    'emails.0.value': 'email',
    'phoneNumbers.0.value': 'phone',
    'photos.0.value': 'image_url'
}), ...)

Refer to the User 42 API Reference for the complete set of available fields.

User agent

Although 42 API doesn't require a user agent in the requests header, passport-42 sets one, by default "passport-42". You can set a different one using the userAgent option.



The test suite is located in the test/ directory. All new features are expected to have corresponding test cases. Ensure that the complete test suite passes by executing:

$ make test


The test suite covers 100% of the code base. All new feature development is expected to maintain that level. Coverage reports can be viewed by executing:

$ make test-cov
$ make view-cov


The MIT License

Copyright (c) 2016 Adrien "Pandark" Pachkoff [](

Supported by