Reputation: 850
Web application authentication strategies
I'm looking for some advice with authentication for my web app. I'm using Node, Express and Passport to build out this app
The app has a REST API using Basic Auth (no session creation), and hosts several Angular.js web pages using form Auth (with session creation).
I would like the Angular pages to connect to the REST API, which is using a different Auth strategy. It seems I have two options:
Create a custom Basic Auth middleware, (because Passport doesn't do this out of the box). This will do session Auth if request has one, otherwise standard Basic Auth
Expose two API's one with Basic Auth (for external use) and one with form Auth (for the app pages)
If also heard that using OAuth2 might be an option, but surely that only makes sense for authenticating with a third party?
Upvotes: 0
Views: 415
Answers (1)
Reputation: 850
My current solution has been to perform mixed auth (session and basic) on the rest api. If a session exist continue, otherwise perform basic auth. As follows:
api.coffee:
app.api.external.get("/agents", [auth.basic], (req, res) ->
res.json myListOfAgents
auth_middleware.coffee
basic: (req, res, next) ->
if req.isAuthenticated()
return next()
else
return passport.authenticate('basic', { session: false })(req, res, next)
Upvotes: 1
Related Questions
- Best way to handle authentication in Express?
- Is there an apple passport strategy?
- Authorisation strategy for a first-party express based node API
- How to Authenticate & Authorize a Client-Side Web App using Remote NodeJS API that uses Passport.js
- Nodejs Authentication
- Node Passport invitation strategy
- Make a secure oauth API with passport.js and express.js (node.js)
- Passport Authentication - Any?
- Login Strategy in node.js
- Need help on how to actually use Passport authentication strategy in Express