Authorization solution for node.js?

I need to have users log in and create accounts. I would also like admin users to log in to a backend and make changes to the site. I know express middleware can handle protecting routes but don't feel like building a custom solution with jwt or passport.

How do you deal with authorization in your node.js apps?

(Please note that authorization is about having leveled or tiered access, where authentication is making sure people are who they say they are -- not the same thing)

I've used NPM's 'acl' package before, and it's feature-ful while keeping a very simple API. It also provides a simple Middleware for Express, if that's what you're using, but it's easy enough to slip it into most other frameworks. I set the role on the user model, and then do acl.addUserRoles(user.id, user.role). If you have more complicated requirements for multiple roles, it would be easy enough to loop over a roles array. If using Express, you will need a session for every user, and it must contain a userId parameter.

The OP doesn't want to use Passport/JWTs.

Authorization !== Authentication

The OP clearly stated this. Passport is an Authentication module, which identifies your users.

Storing user roles in the passport user object is implementing one's own ACL solution which is "building a custom solution", again something the OP asked to avoid.

Google brought me here, stayed for the bad answers

I find a tutorial online about this issue

medium.com/netscape/authorization-with-casl-in-ex…

The NPM module I created could be useful: npmjs.com/package/visa-js

Thread

Authorization solution for node.js?

Responses(4)

Recent threads

Search Hashnode

Authorization solution for node.js?

Responses(4)

Recent threads