passport
Advanced tools
Package description
Passport is an authentication middleware for Node.js that can be used in any Express-based web application. It supports a comprehensive set of strategies to authenticate users using a username and password, Facebook, Twitter, and more.
Local Authentication
This feature allows you to set up local authentication where users can log in with a username and password. The LocalStrategy is used to authenticate users against a local database.
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!user.verifyPassword(password)) { return done(null, false); }
return done(null, user);
});
}
));OAuth Authentication
Passport can be used to authenticate users using OAuth providers like GitHub, Facebook, Twitter, etc. This code sample demonstrates how to authenticate users with GitHub using the GitHubStrategy.
passport.use(new GitHubStrategy({
clientID: GITHUB_CLIENT_ID,
clientSecret: GITHUB_CLIENT_SECRET,
callbackURL: 'http://yourdomain.com/auth/github/callback'
},
function(accessToken, refreshToken, profile, cb) {
User.findOrCreate({ githubId: profile.id }, function (err, user) {
return cb(err, user);
});
}
));JWT Authentication
Passport supports JSON Web Tokens (JWT) for securing API endpoints. The JwtStrategy is used to authenticate users based on a JWT token sent in the authorization header.
const JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
let opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = 'secret';
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
// or you could create a new account
}
});
}));This package is a middleware that validates JSON Web Tokens for authentication purposes, similar to Passport's JWT strategy. It is specifically focused on JWT and does not support other authentication methods.
The oauth package provides a generic implementation of OAuth 1.0 and 2.0 that can be used for connecting to different OAuth providers. Unlike Passport, it does not come with pre-built strategies and requires more setup.
Grant is an OAuth middleware for Express, Koa, and Hapi, supporting over 180 providers out of the box. It is similar to Passport's OAuth strategies but is more focused on OAuth and social login flows.
FAQs
Unknown package
The npm package passport receives a total of 1,966,998 weekly downloads. As such, passport popularity was classified as popular.
We found that passport demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cyber insurance rates are dropping as the market matures, according to a new report projecting global premiums to reach $43 billion by 2030, driven by international market uptake and growth in the SME sector.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.