Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passport JS Authentication Strategy #7

Open
PaulFidika opened this issue Mar 22, 2022 · 1 comment
Open

Passport JS Authentication Strategy #7

PaulFidika opened this issue Mar 22, 2022 · 1 comment

Comments

@PaulFidika
Copy link
Contributor

How authentication works with passport JS:

  • import a passport strategy library, such as import passportLocal from 'passport-local'
  • create a verifyCallback function; this function accepts some parameters and then calls a callback function passed to it. For example, it might accept a username and password as parameters, and then a callback function named done. This function will use the username to find the user in a database, then hash the password and compare it to the user's stored hashed-password. Finally it calls done(err, user), where err is an error (if any) and user is the authenticated user-object.
  • instantiate your strategy using your verifyCallback function, something like const strategy = new passportLocal.Strategy(verifyCallback)
  • pass this strategy to passport, like passport.use(strategy)
  • define passport.serializeUser and passport.deserializeUser (if using passport sessions)
  • use passport with your express app, like app.use(passport.initialize()) and app.use(passport.session())

What this does:

  • You can now use passport.authenticate('strategyName', { successRedirect: '/welcome', failureRedirect: '/login'} as middleware inside of your app.post('/login') route. This allows you to create an authentication endpoint.
  • Passport adds methods to your request object, such as req.isAuthenticated(). This can be used to create authorized routes.

What we should build for our passport-strategy library:

  • add a POST route that returns a challenge, like app.post('/challenge') that requires req.pubkey in the body. This route returns a challenge.
  • a verifyCallback function for our passport strategy that accepts a signed challenge and verifies the legitimacy of the signed challenge. The developers can then either fetch this user from their database or they can generate a user for this pubkey--this implementation will be up to them, but we should add an example of how it can be done.
  • devs using our library can then implement our strategy like passport.use(new ourStrategy.Strategy({ config}, verifyCallback))
  • user will be able hit an authentication route, like app.post('/login', passport.authenticate('our-strategy', { config... }), (req, res) => { res.redirect('/welcome')})
@PaulFidika
Copy link
Contributor Author

How do you feel about building for Passport JS? We could also just build directly for Express. I think Passport JS can be added to NestJS easily, which means our strategy could be added easily as well I believe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PaulFidika