Passport

Usage

When using session auth

app.use(require('express-session')({ secret: 'keyboard cat', resave: true, saveUninitialized: true }));
 
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done) {
  done(null, user.id);
});
passport.deserializeUser(function(id, done) {
  User.findById(id, function (err, user) {
    done(err, user);
  });
});

When not using session auth

app.use(passport.initialize());

Terminologies

Strategies: auth strategies

• session (i.e. req.user coming from req.session.passport.uid)
• local (e.g. passport.authenticate('local', ...) credential from form or query param)
• basic (e.g. passport.authenticate('jwt', ...) credentials from request authorization header/cookie jwtFromRequest: (req) => req.headers.authorization.slice('Token '.length))
• oauth etc