DEVHIDE
Login Or Sign up

What is the difference between 'passport', 'passport-local' and 'passport-jwt'?

12.8k Views Asked by At

I am trying to learn NodeJS and saw these three functions/classes in a tutorial but couldn't understand what they are and when should we use which one?

Do I need to use both passport-local and passport-jwt at the same time or only one of them?

node.js express passport.js passport-local passport-jwt
Original Q&A
3

There are 3 best solutions below

4
On

passport Passport is authentication middleware for Node.js.Passport uses the concept of strategies to authenticate requests. Strategies can range from verifying username and password credentials, delegated authentication using OAuth (for example, via Facebook or Twitter), or federated authentication using OpenID.

passport-local The local authentication strategy authenticates users using a username and password. The strategy requires a verify callback, which accepts these credentials and calls done providing a user.

passport-jwt This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.

2
On

Passport is nodejs 'Connect style middleware' for user authentication. You're most likely to see it as Express middleware. To use passport you need to use passport and a 'strategy' defining what you are using to authenticate against. This could for example be Facebook or Google via oauth, SAML, or simply cookies. So to use Passport you need to require both the passport module itself and the relevant 'strategy' module.

To use a 'strategy' you use the strategy constructor to configure passport. The 'local' example given in the docs is slightly obtuse when you first come across passport, so using the Google example may make it a little easier to understand:

var passport = require('passport'); // passport
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy; // Youa also need to import the Google 'strategy'

// configure passport to use the Google strategy by passing the GoogleStrategy constructor to passport.use()
passport.use(new GoogleStrategy({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://www.example.com/auth/google/callback"
  },
  function(accessToken, refreshToken, profile, done) {
       User.findOrCreate({ googleId: profile.id }, function (err, user) {
         return done(err, user);
       });
  }
));

// now you can use passport.authenticate() with the google strategy
app.get('/auth/google',
  passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/plus.login'] }));

// GET /auth/google/callback which Google send your user to after they authenticate using Oauth
app.get('/auth/google/callback', 
  passport.authenticate('google', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  });

passport-local is the strategy you would use if you are authenticating against a username and password stored 'locally' i.e. in the database of your app - 'local' means local to your application server, not local to the end user.

passport-jwt is the strategy for using JSON Web Tokens.

0
On

It can be understood that passport is a basic package

  • passport local uses local storage authentication. After successful login, use session and cookie to maintain login status
  • passport jwt usesjwtauthentication, which is applicable to theapiinterface, and uses token Authorization and other request headers to maintain login status

Related Questions in NODE.JS

Related Questions in EXPRESS

Related Questions in PASSPORT.JS

Related Questions in PASSPORT-LOCAL

Related Questions in PASSPORT-JWT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.