Skip to main content

Authentication Using Passport JS


Authentication is big and most complicated part of an application, but it is also the preponderance part of any web app/software in general.

Passport JS

Passport JS is a widely popular authentication module for Node js. The sole purpose is to authenticate requests and is based on the idea of pluggable authentication strategies ( including local strategy, there are more than 500 strategies currently available ).

When using third party application Your app never receives your password thus freeing the developer from the burden of security related to handling and storing passwords. The Passport authentication and its strategy will include protection against attacks like “man in the middle” and other vectors an attacker might exploit. We are going to use Facebook strategy, for now, to install Passport and Facebook strategy type in the following command:

Next, we are going to write the authentication code, and we’ll be creating a different module called lib/auth.js. This is going to be a large file so we are going to see step by step:

  • We’ll start by using two methods that Passport requires, serializeUser and deserializeUser:


These two methods are used to map requests to the authenticated user, allowing whatever storage strategy you want to use. In our case, we are going to store the MongoDB assigned ID (i.e _id property of User model instances). Once these two functions are implemented and there is an active session, the user has successfully authenticated.

Next, we’re going to export. To enable Passport’s functionality, we’ll need to do two distinct activities: initialize Passport and register routes that will handle authentication services. The following code defines that:

Next, we’ll add authProviders to credentials.js:

The appId and appSecret is what you will get from Facebook. Next, we’ll be implementing init() function, don’t worry this code is almost similar to the Passport boilerplate. When the user gets authenticated the FacebookStratgy function is invoked and the profile parameter contains information about the Facebook user.

Next, we’ll implement registerRoutes so as to have the path /auth/facebook visiting this path will automatically redirect the visitor to Facebook’s authentication screen which is done by passport.authenticate(‘facebook’). Then we will overwrite default callback URL here: this is because we want to include information about where we came from.

Passport is storing the user to the session and since the browser is redirecting, which is a different HTTP request, we wanted to check if the user is authenticated or not. Once the user has been successfully authenticated, req.session.passport.user will be set. Lastly, we’ll look at /account handler, to make sure the user is authenticated or not. If not, we will redirect it to the “Not Authorized” page.

This is how you implement a authentication in Express application using Passport JS. There will be multiple strategies that you can implement to provide the user multiple options for authenticating and since the code will be pretty much the same only the strategies will differ, you won’t much problem.

Labels:

Comments

Post a Comment

Popular posts from this blog

First Repeating Element | Easy | Techgig

First Repeating Element | Easy | Techgig C++ Solution First Repeating Element | Easy | Techgig C++ Solution The first repeating element is the problem that comes under the Linear Search problem under the Algorithm section. Linear Search or sequential search is a method for finding an element within a list. The algorithm works by selecting and checking each number sequentially until matched. A linear search runs in at the worst linear time and makes at most n comparisons, where n is the length of the list. If each element is equally likely to be searched, then the sequential search has an average case of (n+1)/2 comparisons, but the average case can be affected if the search probabilities for each element vary. The complexity of the linear search is as follows: The basic linear search algorithm has the following steps: Given a list L on n elements with values L0…Ln-1, and target value T, to find the index of the target T in the list L. Set i to 0. If Li = T , the search te...
Post a Comment
Read more

Data Scraping with Python 2020

Are you a regular coursera user? If yes, then you might like this python program. You can actually use the same program for similar course websites like edx, alison, udemy, etc. So, let’s start. If you have some experience with python and BeautifulSoup then you already have everything you need so make your own. The ones that don’t, follow along. Install python for your operating system. After that install requests and BeautifulSoup like this: After that, lets import the modules, and make a variable to store the url: from bs4 import BeautifulSoup import requests baseUrl = “https://www.coursera.org” Now, take an input from cli or initialize it: skillset = input().split(“ “)  Now, we’ll see the query url for the search input: example: java Fig.1. Search field in a course website Fig.2. Check the url and find a pattern So, the important part is the after the “query=” part. So, we will append the input from the user here. skillset= “%20”.join(input().split(“ “)) courseraUrl = “https://...
Post a Comment
Read more

Why State in React is more useful than you think!

If you have just begin to use React then chances are you might have come across “ State ”, this concept is easy to grasp but requires a different brain thinking when designing one. When I was transiting from one basic web technologies ( HTML, CSS, PHP, Vanilla JS ) I’d never used anything called “ State ” of an element or an object. React is different, it’s more of thinking from the perspective of a component than a perspective of a developer (At least, I think so). State  defines the behavior of an object. React does  not  allow us to modify  this.props  on our components, and sometimes a component needs to able to update it’s own state. Below will be some examples for your brain get a grasp on the concept so that eventually your brain can think of this effortlessly. Example 1 : Toggling Search bar Let us start with a very simple one, you would have used it before. It’s a search icon when clicked toggles the search input box. Fig.1. Toggling Search Bar Fig....
Post a Comment
Read more