passport google strategy with jwt

Question

I did jwt authentication in my previous projects but never worked with oauth/passport auth before.. it's been 3 days i have been learning about passport strategies and i have implemented google+ strategy. I got new project and this project requires to let users signup/signin themselves with google or facebook or with signup-form using firstName, lastName, phone number and password..

1. Very briefly in jwt server sends a token to the client and then client sends that particular token in the request header back to server to have access to protected routes.
2. In passport google strategy a cookie is saved in the browser and is send to server on each request.

What i think is

i cant use two different approaches in one project.. like if i use jwt for signup form and cookie for google strategy how am i gonna protect my routes then? with token in headers or with cookie in browser

Now my question is

how can i use both in the same project?

• In google strategy should i generate jwt (token) for client in serializeUser() or somewhere else or what else is possible?
• Or should i save jwt token in a browser cookie like passport?

I presented things very briefly, i hope you get it what i'm trying to do here

---

Answer 1

i cant use two different approaches in one project.. like if i use jwt for signup form and cookie for google strategy how am i gonna protect my routes then? with token in headers or with cookie in browser

You can. Cookie is just a transport mechanism for data between your browser and the server. You can store anything in it (up to allowed size limit) meaning that you can store JWT in a cookie (rather common practice especially for server side rendered single page apps).

You don't even have to develop a custom solution because this is already provided by passport in passport-jwt.

Answer 2

In the scenario where you require to signup the user using predefined fields you could use something known as Local Strategy which is present in passport.passport-local