Using passport.js local-strategy (using username/password) without express.js

Question

I'm trying to understand how passport.js works using just a username as password. The documentation examples use express.js. Has anyone used passport.js without using any other library for their app/website?

I have been trying to look for a very "bare-boned" tutorial. Everything I have managed to find are examples using express.js.

Any examples or links to examples would be very helpful.

I am trying to limit the use of my node.js server to one admin username/password. Any suggestions in how to do this without passport would be helpful as well!

Answer 1

passport is built to integrate with express. Using it without express is going to require duplicating a portion of express's logic and it's just kind of a silly deal, so no I highly doubt anyone has gotten passport working with just node core http without express.

If you want to limit your server to one admin user/password, start by learning how to use the bcrypt npm package to verify a plaintext password from an HTTP POST request body against a stored bcrypt hash. The actual authentication logic will not be difficult to code "bare bones".

However, session management via cookies (which virtually every site that supports signing in does) is nontrivial to code without connect/express. If you feel so inclined, go look at the connect cookie code and the connect express code, but I think you'll find doing this in a way that is anywhere near correct or secure is a major undertaking. Thus open source FTW, but have fun!

You might consider going old school with HTTP digest authentication if you can tolerate the ugly native browser credentials prompt. There are npm modules to make this pretty trivial.