Implementing Authentication with Passport.js in Node.js

Explore practical examples of implementing authentication with Passport.js in Node.js for secure applications.
By Jamie

Implementing Authentication with Passport.js in Node.js

Passport.js is a powerful middleware for Node.js that simplifies the process of implementing authentication in your applications. It supports various authentication strategies, making it versatile for different use cases. Below, we present three diverse examples of implementing authentication with Passport.js in Node.js, each tailored to a specific scenario.

Example 1: Local Strategy Authentication

Context

This example demonstrates how to implement local strategy authentication using Passport.js. This is ideal for applications that require users to log in using a username and password.

const express = require('express');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const bodyParser = require('body-parser');
const session = require('express-session');

const app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(session({ secret: 'secret-key', resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());

const users = [{ id: 1, username: 'user1', password: 'password' }];

passport.use(new LocalStrategy((username, password, done) => {
    const user = users.find(u => u.username === username);
    if (!user || user.password !== password) {
        return done(null, false, { message: 'Incorrect credentials.' });
    }
    return done(null, user);
}));

passport.serializeUser((user, done) => {
    done(null, user.id);
});

passport.deserializeUser((id, done) => {
    const user = users.find(u => u.id === id);
    done(null, user);
});

app.post('/login', passport.authenticate('local', { 
    successRedirect: '/dashboard',
    failureRedirect: '/login',
}));

app.get('/dashboard', (req, res) => {
    if (req.isAuthenticated()) {
        res.send(`Welcome to your dashboard, ${req.user.username}!`);
    } else {
        res.redirect('/login');
    }
});

app.listen(3000, () => {
    console.log('Server started on http://localhost:3000');
});

Notes

  • Ensure to store passwords securely using hashing algorithms like bcrypt.
  • This example uses an in-memory user store; for production, integrate a database.

Example 2: Google OAuth 2.0 Authentication

Context

In this example, we implement Google OAuth 2.0 authentication using Passport.js. This is suitable for applications that want to allow users to log in with their Google accounts.

const express = require('express');
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth20').Strategy;
const session = require('express-session');

const app = express();
app.use(session({ secret: 'secret-key', resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());

passport.use(new GoogleStrategy({
    clientID: 'YOUR_GOOGLE_CLIENT_ID',
    clientSecret: 'YOUR_GOOGLE_CLIENT_SECRET',
    callbackURL: '/auth/google/callback'
}, (accessToken, refreshToken, profile, done) => {
    // Here you would save the user profile to your database
    return done(null, profile);
}));

passport.serializeUser((user, done) => {
    done(null, user);
});

passport.deserializeUser((user, done) => {
    done(null, user);
});

app.get('/auth/google', passport.authenticate('google', { scope: ['profile', 'email'] }));

app.get('/auth/google/callback', passport.authenticate('google', { 
    successRedirect: '/dashboard',
    failureRedirect: '/login'
}));

app.get('/dashboard', (req, res) => {
    if (req.isAuthenticated()) {
        res.send(`Welcome, ${req.user.displayName}!`);
    } else {
        res.redirect('/login');
    }
});

app.listen(3000, () => {
    console.log('Server running on http://localhost:3000');
});

Notes

  • Replace YOUR_GOOGLE_CLIENT_ID and YOUR_GOOGLE_CLIENT_SECRET with your actual credentials from the Google Developer Console.
  • Ensure you configure your redirect URIs properly in your Google application settings.

Example 3: JWT Authentication with Passport.js

Context

This example illustrates how to implement JSON Web Token (JWT) authentication using Passport.js. This is suitable for RESTful APIs that require stateless authentication.

const express = require('express');
const passport = require('passport');
const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const bodyParser = require('body-parser');
const jwt = require('jsonwebtoken');

const app = express();
app.use(bodyParser.json());

const users = [{ id: 1, username: 'user1', password: 'password' }];

const opts = {
    jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
    secretOrKey: 'your_jwt_secret'
};

passport.use(new JwtStrategy(opts, (jwt_payload, done) => {
    const user = users.find(u => u.id === jwt_payload.id);
    return user ? done(null, user) : done(null, false);
}));

app.post('/login', (req, res) => {
    const user = users.find(u => u.username === req.body.username);
    if (user && user.password === req.body.password) {
        const token = jwt.sign({ id: user.id }, opts.secretOrKey);
        res.json({ token });
    } else {
        res.status(401).json({ message: 'Invalid credentials' });
    }
});

app.get('/protected', passport.authenticate('jwt', { session: false }), (req, res) => {
    res.json({ message: 'This is a protected route!', user: req.user });
});

app.listen(3000, () => {
    console.log('Server running on http://localhost:3000');
});

Notes

  • Use a strong secret key for JWT and consider using environment variables to manage it securely.
  • This example is simplified for clarity; consider implementing password hashing and a real database for production use.

These examples provide a solid foundation for implementing authentication in your Node.js applications using Passport.js. Each example can be customized and expanded based on your specific requirements.