Using Passport.js is there a way for me to specify multiple authentication providers for the same route?
For example (from passport's guide) can I use local and facebook and twitter strategies on the sample route below?
app.post('/login', passport.authenticate('local'), /* how can I add other strategies here? */ function(req, res) { // If this function gets called, authentication was successful. // `req.user` contains the authenticated user. res.redirect('/users/' + req.user.username); });
Passport's middleware is built in a way that allows you to use multiple strategies in one passport.
A Passport strategy for authenticating with a JSON Web Token. This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.
Authorization is performed by calling passport. authorize() . If authorization is granted, the result provided by the strategy's verify callback will be assigned to req.account . The existing login session and req.
Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.
What isn't made completely clear is that sessions are just another authentication strategy in the PassportJS world. passport.session () is equivalent to passport.authenticate ('session'). So, when you login with a username and password, you aren't just authenticating once.
I register the user and redirect them to the login page. The form, views/login.ejs, collects the user details named email and password and sends them to the /users/login route, accessible through routes => users.js. And that is where Nodejs passport starts user authentication. I am telling passport middleware, "Hey, passport.
Passport intercepts the login form data and stores it in Fields, for example, username + Field = usernameField. In this case, passport.js attaches the incoming form name s as username, email, or password.
Authentication is knowing the users of your application. On the other hand, authorization entails controlling the information accessible to each user. Nodejs passport stands between a browser (also known as the client or user-agent) and the server, identifying logged-in users.
Passport's middleware is built in a way that allows you to use multiple strategies in one passport.authenticate(...)
call.
However, it is defined with an OR order. This is, it will only fail if none of the strategies returned success.
This is how you would use it:
app.post('/login', passport.authenticate(['local', 'basic', 'passport-google-oauth']), /* this is how */ function(req, res) { // If this function gets called, authentication was successful. // `req.user` contains the authenticated user. res.redirect('/users/' + req.user.username); });
In other words, the way to use it, is passing an array containing the name of the strategies you want the user to authenticate with.
Also, dont forget to previously set up the strategies you want to implement.
You can confirm this info in the following github files:
Authenticate using either basic or digest in multi-auth example.
Passport's authenticate.js definition
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With