Passport.js framework that uses Paseto tokens for sessions
npm install paseto-passport> This is an alternative framework for Passport.js that is designed to use JWT
> tokens for sessions. So that, instead of storing user's ID and metadata in a
> database (e.g. Redis), it encodes that data into a JSON Web Token and writes
> that token to a session cookie.
``bash`
$ npm install jwt-passport
_Note: It requires Node.js 6.11 or higher_
`js
const uuid = require('uuid');
const express = require('express');
const passport = require('passport');
const jwt = require('jwt-passport');
// We're using Knex.js database client in this examle,
// but it could be any other database driver.
const db = require('./db');
passport.framework(
jwt({
name: '__session',
secret: '
audience: '
issuer: '
expiresIn: '1 hour',
// Prepare payload for an ID token
createToken: req => ({
sub: req.user.id,
jti: uuid.v4(),
}),
// Save user's token in a database
saveToken: token =>
db
.table('user_tokens')
.insert({
user_id: token.sub,
token_id: token.jti,
}),
// Revoke user's token
deleteToken: token =>
db
.table('user_tokens')
.where({ token_id: token.jti })
.del(),
// Check if the token was not revoked and find the corresponding user
findUser: token =>
db
.table('user_tokens')
.leftJoin('users', 'users.id', 'user_tokens.user_id')
.where({ 'user_tokens.token_id': token.jti })
.select('users.*')
.first(),
});
);
passport.use(new FacebookStrategy(/ config /));
passport.use(new TwitterStrategy(/ config /));
const app = express();
// Extend the HTTP request object with
// req.logIn() and req.logOut() helper methods
app.use(passport.initialize());
// Attemp to parse session cookie, validate the token
// and put the authenticated user object onto the contxt (req.user)
app.use(passport.session());
app.get('/', (req, res) => {
res.send(Welcome, ${req.user ? req.user.displayName : 'guest'}!);
});
app.get('/login/:provider', (req, res, next) => {
passport.authenticate(req.params.provider, / options /)(req, res, next);
});
app.get('/login/:provider/return', (req, res, next) => {
passport.authenticate(req.params.provider, / options /)(req, res, next);
});
``
* [Stop using JWT for sessions][http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/]
(part 2)
by @joepie91 + comments on HN
* Where to Store your JWTs – Cookies vs HTML5 Web Storage
* [Passport.js][passport] — Simple, unobtrusive authentication for Node.js.
* [Node.js API Starter][nsk] — Boilerplate for authoring GraphQL APIs with Node.js and PostgreSQL.
* [React Starter Kit][rsk] — Boilerpalte for authoring isomorphic web apps with React.js and GraphQL.
* [React Starter Kit for Firebase][rskfb] — React.js web app boilerplate for serveless architecture.
Copyright © 2018-present Kriasoft. This source code is licensed under the MIT
[license][lic].
[passport]: https://github.com/jaredhanson/passport
[nsk]: https://github.com/kriasoft/nodejs-api-starter
[rsk]: https://github.com/kriasoft/react-starter-kit
[rskfb]: https://github.com/kriasoft/react-firebase-starter
[lic]: https://github.com/kriasoft/jwt-passport/blob/master/LICENSE