paseto-passport
v0.0.1
Published
Passport.js framework that uses Paseto tokens for sessions
Downloads
5
Maintainers
Readme
Passport.js framework that uses JWT for sessions
This is an alternative framework for Passport.js that is designed to use JWT tokens for sessions. So that, instead of storing user's ID and metadata in a database (e.g. Redis), it encodes that data into a JSON Web Token and writes that token to a session cookie.
How to Install
$ npm install jwt-passport
Note: It requires Node.js 6.11 or higher
How to Use
const uuid = require('uuid');
const express = require('express');
const passport = require('passport');
const jwt = require('jwt-passport');
// We're using Knex.js database client in this examle,
// but it could be any other database driver.
const db = require('./db');
passport.framework(
jwt({
name: '__session',
secret: '<secret>',
audience: '<audience>',
issuer: '<issuer>',
expiresIn: '1 hour',
// Prepare payload for an ID token
createToken: req => ({
sub: req.user.id,
jti: uuid.v4(),
}),
// Save user's token in a database
saveToken: token =>
db
.table('user_tokens')
.insert({
user_id: token.sub,
token_id: token.jti,
}),
// Revoke user's token
deleteToken: token =>
db
.table('user_tokens')
.where({ token_id: token.jti })
.del(),
// Check if the token was not revoked and find the corresponding user
findUser: token =>
db
.table('user_tokens')
.leftJoin('users', 'users.id', 'user_tokens.user_id')
.where({ 'user_tokens.token_id': token.jti })
.select('users.*')
.first(),
});
);
passport.use(new FacebookStrategy(/* config */));
passport.use(new TwitterStrategy(/* config */));
const app = express();
// Extend the HTTP request object with
// req.logIn() and req.logOut() helper methods
app.use(passport.initialize());
// Attemp to parse session cookie, validate the token
// and put the authenticated user object onto the contxt (req.user)
app.use(passport.session());
app.get('/', (req, res) => {
res.send(`Welcome, ${req.user ? req.user.displayName : 'guest'}!`);
});
app.get('/login/:provider', (req, res, next) => {
passport.authenticate(req.params.provider, /* options */)(req, res, next);
});
app.get('/login/:provider/return', (req, res, next) => {
passport.authenticate(req.params.provider, /* options */)(req, res, next);
});
Related Articles
- [Stop using JWT for sessions][http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/] (part 2) by @joepie91 + comments on HN
- Where to Store your JWTs – Cookies vs HTML5 Web Storage
Related Projects
- Passport.js — Simple, unobtrusive authentication for Node.js.
- Node.js API Starter — Boilerplate for authoring GraphQL APIs with Node.js and PostgreSQL.
- React Starter Kit — Boilerpalte for authoring isomorphic web apps with React.js and GraphQL.
- React Starter Kit for Firebase — React.js web app boilerplate for serveless architecture.
License
Copyright © 2018-present Kriasoft. This source code is licensed under the MIT license.