Passport.js framework that uses JWT for sessions
This is an alternative framework for Passport.js that is designed to use JWT tokens for sessions. So that, instead of storing user's ID and metadata in a database (e.g. Redis), it encodes that data into a JSON Web Token and writes that token to a session cookie.
How to Install
$ npm install jwt-passport
Note: It requires Node.js 6.11 or higher
How to Use
const uuid = ;const express = ;const passport = ;const jwt = ; // We're using Knex.js database client in this examle,// but it could be any other database driver.const db = ; passport; passport;passport; const app = ; // Extend the HTTP request object with// req.logIn() and req.logOut() helper methodsapp; // Attemp to parse session cookie, validate the token// and put the authenticated user object onto the contxt (req.user)app; app; app; app;
Related Articles
- [Stop using JWT for sessions][http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/] (part 2) by @joepie91 + comments on HN
- Where to Store your JWTs – Cookies vs HTML5 Web Storage
Related Projects
- Passport.js — Simple, unobtrusive authentication for Node.js.
- Node.js API Starter — Boilerplate for authoring GraphQL APIs with Node.js and PostgreSQL.
- React Starter Kit — Boilerpalte for authoring isomorphic web apps with React.js and GraphQL.
- React Starter Kit for Firebase — React.js web app boilerplate for serveless architecture.
License
Copyright © 2018-present Kriasoft. This source code is licensed under the MIT license.