Using PassportJS, how does one pass additional form fields to the local authentication strategy?


I'm using passportJS and I'm wanting to supply more than just req.body.username and req.body.password to my authentication strategy (passport-local).

I have 3 form fields: username, password, & foo

How do I go about accessing from my local strategy which looks like:

passport.use(new LocalStrategy(
  {usernameField: 'email'},
    function(email, password, done) {
      User.findOne({ email: email }, function(err, user) {
        if (err) { return done(err); }
        if (!user) {
          return done(null, false, { message: 'Unknown user' });
        if (password != 1212) {
          return done(null, false, { message: 'Invalid password' });
        console.log('I just wanna see foo! ' +; // this fails!
        return done(null, user, aToken);


I'm calling this inside my route (not as route middleware) like so:'/api/auth', function(req, res, next) {
    passport.authenticate('local', {session:false}, function(err, user, token_record) {
      if (err) { return next(err) }
   })(req, res, next);

1/19/2016 7:50:40 PM

Accepted Answer

There's a passReqToCallback option that you can enable, like so:

passport.use(new LocalStrategy(
  {usernameField: 'email', passReqToCallback: true},
  function(req, email, password, done) {
    // now you can check

When, set req becomes the first argument to the verify callback, and you can inspect it as you wish.

8/2/2012 7:49:21 PM

In most common cases we need to provide 2 options for login

  • with email
  • with mobile

Its simple , we can take common filed username and query $or by two options , i posted following snippets,if some one have have same question .

We can also use 'passReqToCallback' is best option too , thanks @Jared Hanson

passport.use(new LocalStrategy({
    usernameField: 'username', passReqToCallback: true
}, async (req, username, password, done) => {
    try {
        //find user with email or mobile
        const user = await Users.findOne({ $or: [{ email: username }, { mobile: username }] });

        //if not handle it
        if (!user) {
            return done(null, {
                status: false,
                message: "That e-mail address or mobile doesn't have an associated user account. Are you sure you've registered?"

        //match password
        const isMatch = await user.isValidPassword(password);
        if (!isMatch) {
            return done(null, {
                status: false,
                message: "Invalid username and password."

        //otherwise return user
        done(null, {
            status: true,
            data: user
    } catch (error) {
        done(error, {
            status: false,
            message: error

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow