Reputation: 3869
What is the difference between 'passport', 'passport-local' and 'passport-jwt'?
I am trying to learn NodeJS and saw these three functions/classes in a tutorial but couldn't understand what they are and when should we use which one?
Do I need to use both passport-local and passport-jwt at the same time or only one of them?
Upvotes: 8
Views: 14786
Answers (3)
Reputation: 597
It can be understood that passport is a basic package
passport localuses local storage authentication. After successful login, usesessionandcookieto maintain login statuspassport jwtusesjwtauthentication, which is applicable to theapiinterface, and usestokenAuthorizationand other request headers to maintain login status
Upvotes: 1
Reputation: 380
Passport is nodejs 'Connect style middleware' for user authentication. You're most likely to see it as Express middleware. To use passport you need to use passport and a 'strategy' defining what you are using to authenticate against. This could for example be Facebook or Google via oauth, SAML, or simply cookies. So to use Passport you need to require both the passport module itself and the relevant 'strategy' module.
To use a 'strategy' you use the strategy constructor to configure passport. The 'local' example given in the docs is slightly obtuse when you first come across passport, so using the Google example may make it a little easier to understand:
var passport = require('passport'); // passport
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy; // Youa also need to import the Google 'strategy'
// configure passport to use the Google strategy by passing the GoogleStrategy constructor to passport.use()
passport.use(new GoogleStrategy({
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET,
callbackURL: "http://www.example.com/auth/google/callback"
},
function(accessToken, refreshToken, profile, done) {
User.findOrCreate({ googleId: profile.id }, function (err, user) {
return done(err, user);
});
}
));
// now you can use passport.authenticate() with the google strategy
app.get('/auth/google',
passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/plus.login'] }));
// GET /auth/google/callback which Google send your user to after they authenticate using Oauth
app.get('/auth/google/callback',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
passport-local is the strategy you would use if you are authenticating against a username and password stored 'locally' i.e. in the database of your app - 'local' means local to your application server, not local to the end user.
passport-jwt is the strategy for using JSON Web Tokens.
Upvotes: 15
Reputation: 531
passport Passport is authentication middleware for Node.js.Passport uses the concept of strategies to authenticate requests. Strategies can range from verifying username and password credentials, delegated authentication using OAuth (for example, via Facebook or Twitter), or federated authentication using OpenID.
passport-local The local authentication strategy authenticates users using a username and password. The strategy requires a verify callback, which accepts these credentials and calls done providing a user.
passport-jwt This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.
Upvotes: 10
Related Questions
- Passport authenticate, need basic explanation
- What's the difference between req.isAuthenticated() and passport.authenticate() in passport?
- Understanding passport.authenticate('local') syntax bit
- Passport jwt vs passport local session
- PassportJS and local strategy
- NodeJS, Passport & Passport-Local
- What's the difference between passport and oauth?
- Nodejs: Passport-local vs custom user auth
- Locals/ Helpers Provided By Passport
- passport difference between LocalStrategy and ClientPasswordStrategy