I find myself in need of a Oauth2 library for node.js. Could someone share their opinion on which library is best and most simple to use or can I perform the request without a library? I need it to perform a single request.
passport.js has good documentation and supports most common providers.
Related
Question:
We have a project in University where we have to implement a server-sided application and use a RESTful API in Node.js. We want to call the functions provided by the API to get information like direction , route, facilities within a radius. So, we have two first options: Google APIs and Here APIs.
How can I tell which one suits the needs of our project more and which is overall "better" (f.e. how fast you get a response)? Or what other parameters should be included when making such a decision in this situation?
Thank you for your answers and advices!
Is there a simple way to generate API documentation from express-gateway services?
For example using swagger?
In the traditional way documentation is generated based on function's annotations, in express-gateway
APIS are defined in gateway.config.yml file and swagger don't know how to handle that.
This is not currently possible. Documentation requires much richer information than exists in Express Gateway yaml files, and the schemas describing the EG files don’t allow for additional information.
Ideally, there would be a tool that could process Swagger/OpenAPI specs and create Express Gateway configuration files, but I have not found any yet.
I'm developing a web app using Angular2 and Scala. And instead of using any big frameworks like Spring security that does everything for you, I'm thinking using just some libraries and write the system myself.
I plan to use JWT libraries to authenticate requests. Use hashing libraries to encrypt password storage in db.
What other things do I need to consider to make my system secure? I think I also need to think about CSRF and XSS? What else?
Thanks a lot!!!
Is there any point using Passport for Node when there are no plans to integrate external API's like Facebook and Twitter?
I'm looking at arguments for implementing any of the so-called 'strategies' for a generic authentication system in my own application. Or is the only point of Passport to utilise specific authentication strategies from other API's?
Is there even a strategy that acts as a placeholder for future API integration if one was later required?
Is there even a strategy that acts as a placeholder for future API integration if one was later required?
Yes, there is passport-local.
Is there any point using Passport for Node when there are no plans to integrate external API's?
IMHO if you don't need it, leave it out. YAGNI. Fewer dependencies is a good thing. When you need it, it is simple enough to add. I also think social login is/was largely a fad that was pseudo-required at one point but these days many people are over it.
I need to implement everyauth with node.js Connect (not Express), very securely.
Despite the site provides some code samples for Connect, I'm not familiar with how node-Connect-session-middleware handles session.
Can someone please introduce some good simple examples to get start with?
PS. I found the official sample of Connect, but need a full working example.
http://www.senchalabs.org/connect/session.html
I suggest you check out Passport (which I developed). everyauth tends to make assumptions that Express is present, making integration into Connect-only apps difficult.
I developed Passport after wanting something more modular and easier to integrate. It makes no assumptions, and is just simple middleware, so it drops in easily into Connect-based apps.
Express.js is actually a thin layer on top of Connect. So you could just use that as a reference and see how they do it.