Faris Dewantoro
Reputation: 1765
Passport jwt vs passport local session
I use the library Express-session and Passport.
in this case I want to create a React SPA website, but I am confused by the correct system security.
I see there are many ways to authenticate and this is what makes me confused.
in the passport there are 2 authentication: Passport-jwt and Passport-local
because I use an Express session I chose to use passport-local.
do I still need to use a passport-jwt? for each request that is inserted into the headers like this to indicate the user is logged in?
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = keys.passport.secretOrPrivateKey;
passport.use(new JwtStrategy(opts,(jwt_payload,done)=>{
let queryFindAdmin = 'select * from admin where id = ?';
db.query(queryFindAdmin,[jwt_payload.id],(err,result)=>{
if(err) return done(err,null);
if(result.length > 0){
console.log(result);
return done(null, result[0]);
}
return done(null, false);
})
}));
Upvotes: 5
Views: 1814
Answers (1)
iqbal125
Reputation: 1431
If I understand correctly, If you are using sessions you by definition do not need JWT tokens. JWT tokens are an alternative to sessions.
Upvotes: 2
Related Questions
- Use Passport Local & JWT Strategy on same app (on same route)
- express-session vs passport.js?
- PassportJS difference between authenticate() and req.login
- Does passport JWT strategy conflict with OAuth?
- Express session vs. PassportJS session
- Passport Local strategy session using express in Node.js
- passport and JWT
- ExpressJS/PassportJS: Authentication vs. Sessions
- Nodejs: Passport-local vs custom user auth
- Express Passport.js: req.user VERSUS req.session.passport.user