Reputation: 223
Why would I need to use passport package with jsonwebtoken for applying token based authentication on a NodeJs web API?
passport , passport-jwt , jsonwebtoken , express-jwt ..etc
I’m confused, when to use which and which to use with which?
Upvotes: 2
Views: 1364
Answers (2)
Reputation: 330
passport-jwt:
In this strategy, server validates user credentials and returns encrypted user object i.e token. Client can save token using cookie, local-storage, or other mechanism. Then on every user request it validates token and proceed request.
express-jwt:
You can use it as multi-tenancy purpose like,
- Validate user credentials and encrypt data like passport-jwt. https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens
- OAuth: you can create jwt token and validate using secret key. https://auth0.com/learn/json-web-tokens/
Upvotes: 2
Reputation: 2001
I was building my own MEAN app not too long ago and ran into the same questions. This cleared it up very well.
https://jonathanmh.com/express-passport-json-web-token-jwt-authentication-beginners/
Basically, you use jsonwebtoken to generate the token. This is returned to the client who in turn sends it every time he makes a request. This is typically passed in the auth header. Passwort-jwt check this auth header and verifies it's validity. If it is invalid, it returns a 401, otherwise it populate your req.user.
Upvotes: 6
Related Questions
- Why to use Passport.js along with jwt to authenticate user when we can do this jwt alone
- How to correctly use the authentication for nodeJs API using JWT and Passport?
- Nodejs API - Authentication with Passport JWT strategy vs jsonwebtoken
- Authenticating node API with passport-jwt
- Node JS Authentications with passport-jwt unauthorized
- is passport required when using JWT
- How Jsonwebtoken save token in header in node.js express
- JSON Web Token in Node.js
- express-jwt vs. jsonwebtoken
- JSONWebTokens with express-jwt VS passport-jwt