Menu
I am kind of new to Node.js development and currently working on a pet project on my free time.
So far I have created JWT authentication using passport and passport-jwt for the strategy and I am using it in all of my RESTful APIs.
Now I am thinking of mixing this with some sort of Facebook authentication still want to stick with token authentication.
Currently this is how I am generating and obtaining the token:
exports.authenticate = function(req, res) {
User.findOne({
email: req.body.email
}, function(err, user) {
if (err)
return res.status(400).send(getErrorMessage(err));
if (!user) {
res.status(400).send({
success: false,
message: 'Authentication failed. User not found.'
});
} else {
if (user.checkPassword(req.body.password)) {
let token = jwt.encode(user, config.secretPhrase);
res.json({
success: true,
token: 'JWT ' + token
});
} else {
res.status(401).send({
success: false,
message: 'Authentication failed. Wrong password.'
});
}
}
});
};
app.route('/api/users/authenticate')
.post(user.authenticate);
And to validate I do the following:
let user = require('../../app/controllers/user-controller');
app.route('/api/todos')
.get(user.validateLogin, todos.list)
.post(user.validateLogin, todos.create);
user-controller:
exports.validateLogin = passport.authenticate('jwt', {
session: false
});
Anyone can suggest a neat way to mix the two strategies ? should I use express-jwt ? What's the difference between express-jwt and passport-jwt ?
452
JSON Web Token and Passport can be primarily classified as "User Management and Authentication" tools. JSON Web Token and Passport are both open source tools. It seems that Passport with 15.9K GitHub stars and 936 forks on GitHub has more adoption than JSON Web Token with 2.59K GitHub stars and 259 GitHub forks.
fromHeader('authorization'), secretOrKey: config. secret }; //Create JWT Strategy passport. use(new JwtStrategy(jwtOptions, function(payload, done){ //See if the user ID in the payload exists in our database //If it does, call 'done' with that user //otherwise, call done without a user object User. findById(payload.
passport-local is the strategy you would use if you are authenticating against a username and password stored 'locally' i.e. in the database of your app - 'local' means local to your application server, not local to the end user. passport-jwt is the strategy for using JSON Web Tokens.
you can use passport-facebook like what you did with passport-jwt with new strategy so you can save Facebook user token in your database and return your token
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
