Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Passport is an authentication middleware for Node.js that can be used in any Express-based web application. It supports a comprehensive set of strategies to authenticate users using a username and password, Facebook, Twitter, and more.
Local Authentication
This feature allows you to set up local authentication where users can log in with a username and password. The LocalStrategy is used to authenticate users against a local database.
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!user.verifyPassword(password)) { return done(null, false); }
return done(null, user);
});
}
));
OAuth Authentication
Passport can be used to authenticate users using OAuth providers like GitHub, Facebook, Twitter, etc. This code sample demonstrates how to authenticate users with GitHub using the GitHubStrategy.
passport.use(new GitHubStrategy({
clientID: GITHUB_CLIENT_ID,
clientSecret: GITHUB_CLIENT_SECRET,
callbackURL: 'http://yourdomain.com/auth/github/callback'
},
function(accessToken, refreshToken, profile, cb) {
User.findOrCreate({ githubId: profile.id }, function (err, user) {
return cb(err, user);
});
}
));
JWT Authentication
Passport supports JSON Web Tokens (JWT) for securing API endpoints. The JwtStrategy is used to authenticate users based on a JWT token sent in the authorization header.
const JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
let opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = 'secret';
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
// or you could create a new account
}
});
}));
This package is a middleware that validates JSON Web Tokens for authentication purposes, similar to Passport's JWT strategy. It is specifically focused on JWT and does not support other authentication methods.
The oauth package provides a generic implementation of OAuth 1.0 and 2.0 that can be used for connecting to different OAuth providers. Unlike Passport, it does not come with pre-built strategies and requires more setup.
Grant is an OAuth middleware for Express, Koa, and Hapi, supporting over 180 providers out of the box. It is similar to Passport's OAuth strategies but is more focused on OAuth and social login flows.
FAQs
Simple, unobtrusive authentication for Node.js.
We found that passport demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.