Denny Trebbin

Lead Fullstack Developer. Experimenting with bleeding-edge tech. Irregularly DJ. Hobby drone pilot. Amateur photographer.

Nov 17, 2015

passportjs.org

Denny Trebbin

Lead Fullstack Developer. Experimenting with bleeding-edge tech. Irregularly DJ. Hobby drone pilot. Amateur photographer.

Nov 17, 2015

The question is "How do you deal with authorization in your node.js apps?". That is why I'd posted Passport. I use Passport. Passport has many strategies already developed by experienced developers. If a multitier authentication strategy must be implemented, then I can't think of using anything but Passport.

Josh Marinacci

PubNub Developer Advocate

Nov 17, 2015

I'm afraid Passport is my answer too. For tiered access I just add a check at each route to see what role is required. Perhaps it would help if the original poster would explain why he doesn't want to use Passport.

Jose M. Oberle

JS Coder by day and Barista by night.

Nov 17, 2015

The OP doesn't want to use Passport/JWTs.

Conor

Dec 23, 2016

Authorization !== Authentication

The OP clearly stated this. Passport is an Authentication module, which identifies your users.

Storing user roles in the passport user object is implementing one's own ACL solution which is "building a custom solution", again something the OP asked to avoid.

Google brought me here, stayed for the bad answers

Chris Bao

Feb 1, 2018

I find a tutorial online about this issue

medium.com/netscape/authorization-with-casl-in-ex…

Search Hashnode