nodejs passport authentication token

node.jsAuthenticationExpresspassport.js

node.js Problem Overview

I am writing a nodejs application that I would like to use as both a web application, as well as an API provider. Once a user is authenticated, I want to assign that user a token to be used for subsequent requests. This works great with passport for the web application, as I just serialize and deserialize the user with the token in the session. However, when responding to API requests, there is no cookie to set to store the session information. Ideally, passport would look for the token both in session and the request body. Is there any way to configure passport to accomplish this?

node.js Solutions

Solution 1 - node.js

Simply use the access token on every request. Using a session is NOT needed. The following is the workflow:

POST /signin
  1. The username and password are posted in the client request.
  2. The server authenticates the user by using passport's Local Strategy. See passport-local.
  3. If the credentials represent a valid user, the server returns the access token generated by some generator. node-jwt-simple is a good choice.
  4. If the credentials are invalid, redirect to /signin.

When the client receives the access token from the authorization server, it can then make requests to protected resources on the server. For example:

GET /api/v1/somefunction?token='abcedf'

  1. The client calls some server api with the token argument.
  2. The server authenticates the token by using passport's Bearer Strategy. See passport-http-bearer.

References

https://stackoverflow.com/questions/13933980/make-a-secure-oauth-api-with-passport-js-and-express-js-node-js

Solution 2 - node.js

As bnuhero mentions you don't need sessions (although that approach has its merits too). Here's a boiler-plate project that I'm starting for this: https://github.com/roblevintennis/passport-api-tokens

Here's an alternative and easy to follow tut (but it DOES use sessions). Might be a nice cross-reference: http://scotch.io/tutorials/javascript/easy-node-authentication-setup-and-local

And one more reference related: http://mherman.org/blog/2013/11/11/user-authentication-with-passport-dot-js/

Solution 3 - node.js

You can use isAuthenticated() method in passport in nodejs. On every route you can make a check if(req.isAuthenticated()) and if it is already authenticated it will allow you to access the route or you can redirect or perform any other any other execution in else block. In Passport you can return done(null, user) for successful login and it will store the data in the cookie until the session is ended. in user you can information about the user like email, password.

app.get('/home', (req, res) =>{
    if(req.isAuthenticated()){
        //render home page
    } else {
        // go back to the login page or throw soome error
    }
})
Categories
Recommended node.js Solutions
Recommended Authentication Solutions
Recommended Express Solutions
Recommended passport.js Solutions

Previous Solution:

AngularJS - Getting Module constants from a controller

JavascriptAngularjs

Next Solution:

Elegant way to perform tuple arithmetic

PythonPython 2.7NumpyTuples

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionAustinView Question on Stackoverflow
Solution 1 - node.jsbnuheroView Answer on Stackoverflow
Solution 2 - node.jsRobView Answer on Stackoverflow
Solution 3 - node.jsAnuj KumarView Answer on Stackoverflow