API Authentication & Authorization using Passport.js
Want to secure your angular application? Want to ensure that the APIs are protected and only authorized persons are able to use the application? Passport.js can help you with that.
Passport.js is a flexible authentication middleware for your node.js APIs/ Application. Passport.js offers different mechanisms for authorization known as strategies. There are more than 400 strategies that support authentication using multiple ways like login with username and password, on single sign-ons using OAuth providers like Facebook, Twitter, and many more.
These strategies are packaged in different modules, which the user can choose as per application needs and install the required ones without adding multiple unnecessary dependencies.
Here are a few strategies of passport.js:
Local Strategy: When a user tries to log on to a web application, a POST request will be made resulting in passport.js local strategy execution. The authentication middleware for the login route will use our passport-local strategy to verify the username and password within the database entries. Accordingly, the errors or success messages will be given to the user. If the user login is successful, the user will be led to the appropriate home page.
Custom Strategy: You can write your own code for user verification for authentication using passport-custom strategy. It is based on the passport-local module developed by Jared Hanson.
OAuth: The OAuth 2.0 Strategy authenticates a user using a third-party account and OAuth 2.0 tokens. OAuth is standard protocol used to allow authorized access to API applications. This strategy requires a verify call-back function with access token and profile.
Facebook: This strategy helps you to authorize your application using Facebook account and OAuth 2.0 tokens. To integrate passport-Facebook strategy in your application, you need to register your application with Facebook. Once registered, the app ID and app secret is issued, and it has to be integrated into your application along with the call-back URL.
Twitter: The passport strategy to authenticate a user with a Twitter account and OAuth tokens. Your application must be registered with Twitter. Then the consumer key and consumer secrets are issued for application, which are used while integrating this strategy. Also, call-back URL for your application should be configured. This strategy also uses verify call-back function with consumer-secret, access-token, and Twitter user profile as arguments.