Menu
Passport seems like a great option for simple authentication, unobtrusive and not hard to setup. I'm building a MEAN stack that authenticates using JWT so I looked to Passport JWT. However there's a few things I'm confused about.
1) Am I correct in assuming that Passport JWT is only used for authenticating requests, not for generating a valid jwt? That is, should it only be used for validating the presence of a token?
2) What's the difference between passport.authorize and passport.authenticate? And when should I use one over the other?
3) I have 3 routes I'm using for authentication related matters, login, signup, and authenticate.
login will check if the user email/password combo exists and matches and then generate a token for the client.
signup will check to make sure the email doesn't already exist and then generate a token for the client.
Now for authenticate this is where I get a little mixed up. Would I even need an authenticate route if I already have login and signup? If anything, it seems like authenticate would be the function that I pass into passport.use for the JWT strategy and then login and signup with the possible addition of a verify_token route would be my only unprotected routes, where everything else would have a call to passport.authenticate or passport.authorize.
943
A Passport strategy for authenticating with a JSON Web Token. This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.
This module lets you authenticate using a token in your Node. js applications. It is based on passport-local module by Jared Hanson. By plugging into Passport, token authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Passport's local strategy is a Node. js module that allows you to implement a username/password authentication mechanism. You'll need to install it like any other module and configure it to use your User Mongoose model.
JWT stands for JSON Web Tokens. Using JWT effectively can make our applications stateless from an authentication point of view. We will be using the NestJS JWT Authentication using Local Strategy as the base for this application.
passport.authorize, so I believe passport.authenticate is what you're looking for. passport.authenticate is what you'll use in your routes to verify that an incoming request has the JWT token and is allowed.login and signup, authenticate is redundant and unnecessary. Just make sure you use passport.authenticate in your routes to verify access during requests.The general setup steps to keep in mind here are:
"Authorization: JWT eyJ0eXAiO...") on subsequent requestspassport.authenticate to verify access via the JWT token in the header for incoming requests, like:router.post('/users', passport.authenticate('jwt', {session: false}), function(req, res) {
// do something...
});If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
