Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between Passport and JWT?

I'm pretty new to Express/Node - I'm trying to figure out what the difference between Passport and JWT is but can't find a definitive answer? I know you can use one or the other for auth purposes in an application, or together with an npm package like passport-jwt.

So what I want to know is:

  1. What does JWT do that Passport doesn't (and vice versa)?

  2. What is the preferred method for authentication/authorization and why?

like image 343
AloeVeraForty Avatar asked Apr 07 '17 23:04

AloeVeraForty


People also ask

Does Passport use JWT?

A Passport strategy for authenticating with a JSON Web Token. This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.

What is difference between JWT and Passport laravel?

The "tymondesigns/jwt-auth" is a PHP Laravel implementation of the JWT protocol. On the other hand, Passport also uses JWT by default plus a huge extra, a complete Oauth2 implementation. Regarding the functionality, as I said they both use JWT thus you can use whichever you like to authentication via tokens.

What is the difference between JWT and OAuth?

JWT is a JSON based security token forAPI Authentication JWT is just serialised, not encrypted. OAuth is not an API or a service: it's an open standard for authorization . OAuth is a standard set of steps for obtaining a token. There are 5 different flow patterns.

What are the 3 parts of JWT?

Figure 1 shows that a JWT consists of three parts: a header, payload, and signature. The header typically consists of two parts: the type of the token, which is JWT, and the algorithm that is used, such as HMAC SHA256 or RSA SHA256. It is Base64Url encoded to form the first part of the JWT.


2 Answers

Passport is Authentication Middleware for Node.JS, it is not for any specific method of authentication, the method for authentication like OAuth, JWT is implemented in Passport by Strategy pattern, so it means that you can swap the authentication mechanism without affecting other parts of your application.

Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.

http://passportjs.org/

A Passport strategy for authenticating with a JSON Web Token.

This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.

https://www.npmjs.com/package/passport-jwt

like image 65
vun Avatar answered Sep 16 '22 14:09

vun


Passport is just middleware for Node.JS.

JSON Web Token can be used "inside" of passport. Passport offers other features too.

like image 20
Evan Erickson Avatar answered Sep 19 '22 14:09

Evan Erickson