Skip to main content

Authentication Using Passport JS


Authentication is big and most complicated part of an application, but it is also the preponderance part of any web app/software in general.

Passport JS

Passport JS is a widely popular authentication module for Node js. The sole purpose is to authenticate requests and is based on the idea of pluggable authentication strategies ( including local strategy, there are more than 500 strategies currently available ).

When using third party application Your app never receives your password thus freeing the developer from the burden of security related to handling and storing passwords. The Passport authentication and its strategy will include protection against attacks like “man in the middle” and other vectors an attacker might exploit. We are going to use Facebook strategy, for now, to install Passport and Facebook strategy type in the following command:

Next, we are going to write the authentication code, and we’ll be creating a different module called lib/auth.js. This is going to be a large file so we are going to see step by step:

  • We’ll start by using two methods that Passport requires, serializeUser and deserializeUser:


These two methods are used to map requests to the authenticated user, allowing whatever storage strategy you want to use. In our case, we are going to store the MongoDB assigned ID (i.e _id property of User model instances). Once these two functions are implemented and there is an active session, the user has successfully authenticated.

Next, we’re going to export. To enable Passport’s functionality, we’ll need to do two distinct activities: initialize Passport and register routes that will handle authentication services. The following code defines that:

Next, we’ll add authProviders to credentials.js:

The appId and appSecret is what you will get from Facebook. Next, we’ll be implementing init() function, don’t worry this code is almost similar to the Passport boilerplate. When the user gets authenticated the FacebookStratgy function is invoked and the profile parameter contains information about the Facebook user.

Next, we’ll implement registerRoutes so as to have the path /auth/facebook visiting this path will automatically redirect the visitor to Facebook’s authentication screen which is done by passport.authenticate(‘facebook’). Then we will overwrite default callback URL here: this is because we want to include information about where we came from.

Passport is storing the user to the session and since the browser is redirecting, which is a different HTTP request, we wanted to check if the user is authenticated or not. Once the user has been successfully authenticated, req.session.passport.user will be set. Lastly, we’ll look at /account handler, to make sure the user is authenticated or not. If not, we will redirect it to the “Not Authorized” page.

This is how you implement a authentication in Express application using Passport JS. There will be multiple strategies that you can implement to provide the user multiple options for authenticating and since the code will be pretty much the same only the strategies will differ, you won’t much problem.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to use Chess com API using Python

  How to use Chess com API using Python Chess is an amazing strategy-based game and if you have been following the recent boom of online chess then welcome to the chess club. Online chess is amazing since it allows you to play with a random stranger at your level or stockfish (computer). There are many popular online chess websites like lichess.org, chess.com, playchess.com, and newly created kasparovchess.com. Today we will be seeing how to use chess.com API for getting players' stats. You can create software and get affiliates from them (check out the link below), so share it with them if you are planning to create something. Before you start make sure you have the following things: Pre-requirements Postman Anaconda or mini conda or Python idle Any text editor of your choice Pretty good? Now let’s download the JSON file that chess com developers have already made for us from here and then you import it to the Postman. This just helps you with prewritten get methods so that ...
Post a Comment
Read more

First Repeating Element | Easy | Techgig

First Repeating Element | Easy | Techgig C++ Solution First Repeating Element | Easy | Techgig C++ Solution The first repeating element is the problem that comes under the Linear Search problem under the Algorithm section. Linear Search or sequential search is a method for finding an element within a list. The algorithm works by selecting and checking each number sequentially until matched. A linear search runs in at the worst linear time and makes at most n comparisons, where n is the length of the list. If each element is equally likely to be searched, then the sequential search has an average case of (n+1)/2 comparisons, but the average case can be affected if the search probabilities for each element vary. The complexity of the linear search is as follows: The basic linear search algorithm has the following steps: Given a list L on n elements with values L0…Ln-1, and target value T, to find the index of the target T in the list L. Set i to 0. If Li = T , the search te...
Post a Comment
Read more

Data Scraping with Python 2020

Are you a regular coursera user? If yes, then you might like this python program. You can actually use the same program for similar course websites like edx, alison, udemy, etc. So, let’s start. If you have some experience with python and BeautifulSoup then you already have everything you need so make your own. The ones that don’t, follow along. Install python for your operating system. After that install requests and BeautifulSoup like this: After that, lets import the modules, and make a variable to store the url: from bs4 import BeautifulSoup import requests baseUrl = “https://www.coursera.org” Now, take an input from cli or initialize it: skillset = input().split(“ “)  Now, we’ll see the query url for the search input: example: java Fig.1. Search field in a course website Fig.2. Check the url and find a pattern So, the important part is the after the “query=” part. So, we will append the input from the user here. skillset= “%20”.join(input().split(“ “)) courseraUrl = “https://...
Post a Comment
Read more