How should I setup auth in a nodejs app?

Question

I am currently developing a small application with a couple of endpoints in nodejs and an angularjs frontend.

At the moment I have an endpoint for users and another one for events. The thing is, I was thinking of making all the GET methods require auth, so that someone that isn't logged in can't access the system, for that I thought of using PassportJS.

Anyways, my question/s would be the following:

1. What auth strategy should I use? Basic, OAuth or another? Why would that be? I mean, I understand how their flow works, but I don't know why one or another would be appropiate for my app.
2. Should the endpoints require auth or should it check cookies/token or something else in the session? I'm completely new to this, so I don't even know if this question makes sense.

In any case, I would appreciate any overall insight in the topic since I don't have any experience in developing applications with auth and security.

Thanks!

Answer 1

You have to provide more details about your authentication needs in order for someone to give you a definitive answer to this broad question.

Based on your question, one can assume you don't have any requirements though, therefore I could suggest JWT (JSON Web Tokens - https://jwt.io/)

There are nodejs libraries that can help you create, decode, verify JWT tokens. (such as jsonwebtoken). You can find more details about it on github.

Once someone is logged in, you could pass this generated token back to the client which could store it in the browser's session. The token can be used in subsequent requests by appending it in the request header.

On the server side, you can add a custom auth middleware to the routes that require authentication, which will verify the token's validity and call the next middleware for the current route.