I want to create a backend API where I should be able to allow users to log in through Google/Linkedin/Email. I need to create this as an API and not a server-rendered app. I can make email using jsonwebtoken package in NodeJs or use passportJS. But how can I enable Google login/LinkedIn login and protected routes in ExpressJS with all three authentication methods?
How can I do it? I am not able to find a good resource with a Node REST API.
Related
I have some experience with React but I'm new to Next. Im building out an application and using Next as the frontend with Node backend. I have 2 options to authenticate:
via Credentials
via Google
After some research, next auth seems to be a good option to handle authentication for the web app but for my backend apis, I'm protecting them through JWT. If I use credentials providers, everything works well but by using Google providers its generating its own JWT.
How do I use Google provider's JWT with my node backend or is it a better idea to login through google using my node backend?
I am trying to validate my node app using google. But I found these two modules being used in different tutorials. Could you please tell what the difference is between these two.
passport-google-token
On the npmjs.com page of both, i found the desc as Passport strategy
for authenticating with Google access tokens using the OAuth 2.0 API.
This module lets you authenticate using Google in your Node.js
applications. By plugging into Passport, Google authentication can be
easily and unobtrusively integrated into any application or framework
that supports Connect-style middleware, including Express.
passport-google-oauth
Passport strategies for authenticating with Google using OAuth 2.0.
Lead Maintainer: David Pate
This module lets you authenticate using Google in your Node.js
applications. By plugging into Passport, Google authentication can be
easily and unobtrusively integrated into any application or framework
that supports Connect-style middleware, including Express.
passport-google-oauth was made for express apps, so you can configure permissions, callback uri and request user data, all in the same place.
passport-google-token is made for REST APIs, so you handle authentication logic in front-end and then, you send google token to the back-end (node server) and there you can request user data using google token and grant access to your app using your own authentication mechanism (JWT, Bearer Token, etc.).
I am currently developing an API project using ClaudiaJS API Builder to build and deploy it on AWS Lambda with it's endpoints exposed on AWS API Gateway. I am planning to have at least a webapp and a mobile app for this platform, so I'm focusing mostly everything on API's, including the authentication methods(signup, signin, logout, verify account, ect.).
Unfortunately, as I am not using Express in this project, I can't find a good way to build these auth methods since every library I find has some dependency on Express (e.g PassportJS).
My initial thoughts for the login workflow are:
User submits login form containing user/pass stored in PostgreSQL
DB.
Front app calls auth API.
API method compared credentials against the user DB (Using BCrypt).
In case of success, API method generates JWT containing a few user details on it's payload and returns to the consumer app.
Is there any good approach for achieving this goal without using Passport and/or Express? Are there any other libs for this purpose or should I just use a regular db query and generate a JWT in case the evaluation succeeds?
Thanks for everyone in advance.
Best regards,
Enrico Bergamo
How do you authentication multiple websites through a single NodeJS API using passport's google authentication strategy?
The API is hosted separately to the webpages. From playing with the guides on the passport website and tutorials I can find, they all rely on the Node application doing the page rendering (i.e. using Jade etc) and not passing a token back to a separate web application
What is the best approach for creating a single API that can authenticate against Google and return a token to the client without having the API and the website(s) hosted on the same box and all served by NodeJS?
I can get the strategy to work when accessing the API endpoints directly, but I cannot figure out how an application would interact with those, and get a token back when they are on different domains.
I have an application that uses passport with passport-google-oauth to allow Google Authentication with RESTful API endpoints.
I'm looking to create other applications (for example, a Chrome extension) that need to communicate with these API endpoints. How do I secure a REST API with Google authentication in passport? I read a lot of things on securing a REST API in general (i.e. if I had my own login), but how would I do it if my application relies on a third-party login? (ie. Google, Facebook, Twitter, etc.)
Thanks
Passport.js ONLY handles authentication -- it doesn't handle authorization at all.
What you'll want to do, if you want to authenticate a user to your webapp is use something like Google Oauth to let a user create an account on your webapp.
You'll then need to use a separate Passport.js strategy for handling developer authentication against your API service.
For instance, if you want a developer to authenticate against your API using Basic Auth, you could use this Passport strategy to allow this: https://github.com/jaredhanson/passport-http
Hopefully that makes sense!