API Authentication & Authorization using Passport.js

Want to secure your angular application? Want to ensure that the APIs are protected and only authorized persons are able to use the application? Passport.js can help you with that.

Passport.js is a flexible authentication middleware for your node.js APIs/ Application. Passport.js offers different mechanisms for authorization known as strategies. There are more than 400 strategies that support authentication using multiple ways like login with username and password, on single sign-ons using OAuth providers like Facebook, Twitter, and many more.

These strategies are packaged in different modules, which the user can choose as per application needs and install the required ones without adding multiple unnecessary dependencies.

Here are a few strategies of passport.js:

Local Strategy: When a user tries to log on to a web application, a POST request will be made resulting in passport.js local strategy execution. The authentication middleware for the login route will use our passport-local strategy to verify the username and password within the database entries. Accordingly, the errors or success messages will be given to the user. If the user login is successful, the user will be led to the appropriate home page.

Custom Strategy: You can write your own code for user verification for authentication using passport-custom strategy. It is based on the passport-local module developed by Jared Hanson.

OAuth: The OAuth 2.0 Strategy authenticates a user using a third-party account and OAuth 2.0 tokens. OAuth is standard protocol used to allow authorized access to API applications. This strategy requires a verify call-back function with access token and profile.

Facebook: This strategy helps you to authorize your application using Facebook account and OAuth 2.0 tokens. To integrate passport-Facebook strategy in your application, you need to register your application with Facebook. Once registered, the app ID and app secret is issued, and it has to be integrated into your application along with the call-back URL.

Twitter: The passport strategy to authenticate a user  with a Twitter account and OAuth tokens. Your application must be registered with Twitter. Then the consumer key and consumer secrets are issued for application, which are used while integrating this strategy. Also, call-back URL for your application should be configured. This strategy also uses verify call-back function with consumer-secret, access-token, and Twitter user profile as arguments.

Looking for API services? 

 
Share:

Related Posts

Web Accessibility Closing the Digital Divide through Technology-Driven Design

Web Accessibility: Closing the Digital Divide through Technology-Driven Design

Explore how technology-driven design in web accessibility bridges the digital divide, creating inclusive online experiences for all.

Share:
Understanding the Differences Between Public, Private, and Hybrid Cloud Solutions

Understanding the Differences Between Public, Private, and Hybrid Cloud Solutions

Discover the key distinctions between public, private, and hybrid cloud solutions to help choose the right model for your business needs.

Share:
How Server Virtualization Works

How Server Virtualization Works

Discover how server virtualization optimizes hardware utilisation by creating multiple virtual servers on a single physical machine, enhancing efficiency and flexibility in IT environments.

Share:
Understanding Cloud Infrastructure Services

Understanding Cloud Infrastructure Services

Discover how Cloud Infrastructure Services can transform your business with scalable, cost-effective, and agile IT solutions.

Share:
Proven Strategies for Cloud Cost Optimization for Maximum Savings

Proven Strategies for Cloud Cost Optimization for Maximum Savings

Discover proven strategies for cloud cost optimization, reduce waste, and maximize savings with our in-depth guide. Enhance your cloud efficiency today.

Share:
Cloud Application Development

Challenges of Cloud Application Development

Explore the challenges and solutions of cloud application development, including benefits, performance issues, and overcoming vendor lock-in for seamless cloud integration.

Share: