Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does passport.js do and why we need it?

I am not familiar with user authentication in Node.js, now I am trying to create a website with a login system. I have managed to make it work using the code snippets from the website, but I don't really understand why we need the passport.js as a middleware to do the authentication.

Registration:

Let's take passport-local as an example, when we are using the passport middleware, we basically is trying to create a new document in the database, then can we do it without passport, such as using the MongoClient directly, with checkings of duplicates, and store the password after encryption.

Login:

We can simply check the user's email or username against our database, and then check the password after email or username is matched. This, as well, can be done without passport. After user identity has been confirmed we can use the express-session to store the session in the cookie for login persistence.

A video about the process that I described above can be found here.

I understand that there must be some very important functionality that I neglect, but after browsing many web resources, including stackoverflow, youtube, passport.js's docs and many others, I still didn't understand what does passport.js do and why we need it.

Apologies in advance if the question seems silly.

like image 721
Leonard Ge Avatar asked Aug 01 '17 02:08

Leonard Ge


People also ask

Why do we use Passport js?

Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.

What do passports do?

Passport is authentication middleware for Node. js. As it's extremely flexible and modular, Passport can be unobtrusively dropped into any Express-based web application. A comprehensive set of strategies supports authentication using a username and password, Facebook, Twitter, and more.

How does Passport js work?

Passport JS has over 500 authentication "Strategies" that can be used within a Node/Express app. Many of these strategies are highly specific (i.e. passport-amazon allows you to authenticate into your app via Amazon credentials), but they all work similar within your Express app.

What is the purpose of the Passport NPM package?

Passport is Express-compatible authentication middleware for Node. js. Passport's sole purpose is to authenticate requests, which it does through an extensible set of plugins known as strategies.

What is passport JS used for?

, Software Engineer. Just like Aykut Can had earlier mentioned. passport.js is a middleware used to authenticate requests in your node applications.

What is passport and how do I use it?

With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication. Using Passport makes it easy to integrate more than one type of authentication into the application, too.

What is passport authentication in Node JS?

passport.authenticate Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express -based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.

What is the use of express passport?

Passport is authentication middleware for Node.js . Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express -based web application. A comprehensive set of strategies support authentication using a username and password , Facebook, Twitter, and more. 500+ Strategies Now!


1 Answers

To me it's unnecessary.

It's not saving me any work. I have to write the configuration, the callback, and the user schema. To me, it's just easier for me to just write a middleware for that.

And I don't see there is any security enforcement I am getting cuz I am writing my own verify callback anyway.

So, I don't see any reason that I should use it.

like image 99
Jason Ching Avatar answered Sep 19 '22 22:09

Jason Ching