How can authentication for Node.js be better? What are your pains with PassportJS?

PassportJS is the most popular library for Node.js today, but it pushes a lot of decision making on to the developer for the sake of flexibility. I find this causes me a lot of decision fatigue because 80% of the time I dont need the flexibility.

What are your typical challenges with it?

Have you come up with your own standards for implementing PassportJS?

If you could wave a magic wand and have the perfect identity system that gets you up and running, what would it look like?

I switched to write something myself. I find that passport limited me too much.

The magic wand, that´s a pretty good question. Strategies like passport has, are useful, they can stay. More the basic setup needs to change. But ad-hoc I don´t have an idea how I would do it.

That's really interesting! How was passport limiting you?

I have the same thoughts about strategies vs basic setup. What sort of basic setup would be helpful?

I find setting everything up the "passport way" is limiting me. I have a different idea how I want to setup everything. Maybe this changed or I have a different view know, didn´t use passport for very long time now.

It should be simple, not "limiting", give you the freedom to decide how you want to setup everything. But this is the hard part. I currently cannot think about a way which is not limiting.

Have you find another solution or creating your own library?

Writing my own :). I'm tired of implementing the same patterns again and again.

In my mind the ideal library has:

sensible defaults but customizable
a small enough problem scope to fit majority of data stores
account linking through a master user record and then each authenticator/provider defining a specific model (i.e. other fields like gender, height, friends)
no-nonsense SSO (just enable a flag and become a shared identity provider to a bunch of apps)

Still I think PassportJS is solid and flexible enough that the next solution should definitely be built off of it. No sense in reinventing the wheel!

I asked the question here to make sure whatever I come up can help the most people!

Link to my in-progress module: Identity Desk

Sorry, never used PassportJS. When I was looking to add authentication to my app, I landed on jsonwebtoken.

I wrote about how I use it here: decembersoft.com/posts/authenticating-a-session-c…

The article is written assuming TypeScript... but it's easy enough to convert back to JavaScript by stripping out the type information.

But it looks like Passport.js can do a lot more than just username/password logins... such as Facebook and Twitter integration. I didn't need those as I'm working on a corporate app.

Thanks for the response!

What were the requirements for the corporate app that led you to writing your own authN code? Did you have to use the existing username/passwords for the corporate users?

Sorry, "corporate" was a little misleading. It's for a client but the end users are the client's customers. The requirements were simply for a username/password login.

I tried PassportJS too but I started to check out facebook and email as much as possible. I need high performance and high-speed Auth. PassportJS includes many libs for each parpos. Finally, I made a Fantastic and hight speed Auth system in my project by using facebook tricks.

What libraries and tools did you use?

Thread

How can authentication for Node.js be better? What are your pains with PassportJS?

Responses(4)

Recent threads

Search Hashnode

How can authentication for Node.js be better? What are your pains with PassportJS?

Responses(4)

Recent threads