Skip to main content

Authentication Using Passport JS


Authentication is big and most complicated part of an application, but it is also the preponderance part of any web app/software in general.

Passport JS

Passport JS is a widely popular authentication module for Node js. The sole purpose is to authenticate requests and is based on the idea of pluggable authentication strategies ( including local strategy, there are more than 500 strategies currently available ).

When using third party application Your app never receives your password thus freeing the developer from the burden of security related to handling and storing passwords. The Passport authentication and its strategy will include protection against attacks like “man in the middle” and other vectors an attacker might exploit. We are going to use Facebook strategy, for now, to install Passport and Facebook strategy type in the following command:

Next, we are going to write the authentication code, and we’ll be creating a different module called lib/auth.js. This is going to be a large file so we are going to see step by step:

  • We’ll start by using two methods that Passport requires, serializeUser and deserializeUser:


These two methods are used to map requests to the authenticated user, allowing whatever storage strategy you want to use. In our case, we are going to store the MongoDB assigned ID (i.e _id property of User model instances). Once these two functions are implemented and there is an active session, the user has successfully authenticated.

Next, we’re going to export. To enable Passport’s functionality, we’ll need to do two distinct activities: initialize Passport and register routes that will handle authentication services. The following code defines that:

Next, we’ll add authProviders to credentials.js:

The appId and appSecret is what you will get from Facebook. Next, we’ll be implementing init() function, don’t worry this code is almost similar to the Passport boilerplate. When the user gets authenticated the FacebookStratgy function is invoked and the profile parameter contains information about the Facebook user.

Next, we’ll implement registerRoutes so as to have the path /auth/facebook visiting this path will automatically redirect the visitor to Facebook’s authentication screen which is done by passport.authenticate(‘facebook’). Then we will overwrite default callback URL here: this is because we want to include information about where we came from.

Passport is storing the user to the session and since the browser is redirecting, which is a different HTTP request, we wanted to check if the user is authenticated or not. Once the user has been successfully authenticated, req.session.passport.user will be set. Lastly, we’ll look at /account handler, to make sure the user is authenticated or not. If not, we will redirect it to the “Not Authorized” page.

This is how you implement a authentication in Express application using Passport JS. There will be multiple strategies that you can implement to provide the user multiple options for authenticating and since the code will be pretty much the same only the strategies will differ, you won’t much problem.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to use Chess com API using Python

  How to use Chess com API using Python Chess is an amazing strategy-based game and if you have been following the recent boom of online chess then welcome to the chess club. Online chess is amazing since it allows you to play with a random stranger at your level or stockfish (computer). There are many popular online chess websites like lichess.org, chess.com, playchess.com, and newly created kasparovchess.com. Today we will be seeing how to use chess.com API for getting players' stats. You can create software and get affiliates from them (check out the link below), so share it with them if you are planning to create something. Before you start make sure you have the following things: Pre-requirements Postman Anaconda or mini conda or Python idle Any text editor of your choice Pretty good? Now let’s download the JSON file that chess com developers have already made for us from here and then you import it to the Postman. This just helps you with prewritten get methods so that ...
Post a Comment
Read more

Create your own YouTube video and playlist downloader using QT designer in Python

Create your own YouTube video and playlist downloader using QT designer in Python The code for this software is available on my GitHub, the link is given below. Create your own YouTube video and playlist downloader using QT designer in Python This is the thing we are trying to make today for this article The code for this software is available on my GitHub, the link is given below. If you haven’t checked out my previous article on the same topic but not the GUI version, please check it out. 3 ways to download YouTube playlists at once using Python Have you guys ever wanted to download your entire youtube playlist? rahulbhatt1899.medium.com So before starting to code let's check if you have all the requirements beforehand: Pre-requirements : Qt designer Anaconda or mini conda or python 3.7 compiler Any text editor of your choice Libraries to download: Pytube Ffmpy PyQt5 This would be sectioned into the following structure: Creating the UI in Qt designer Converting UI file int...
Post a Comment
Read more