Skip to content

This is a fork of https://github.com/juanelas/express-passport-jwt-cookies and an attempt to add more authentication Strategies, such as passport-google-oauth, passport-facebook, passport-github and passport-twitter for an academic Assignment in "Network Security - Authentication and Authorization" (NETAUTH) subject in Universitat Politecnica de…

Notifications You must be signed in to change notification settings

filimikr/passportjs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

express-passport with local and JWT authentication

A simple fortune-teller server authenticated with JWTs. It has been created merely with an academic purpose.

It provides an authenticated fortune-teller server. The fortune-teller server requires that the users have a valid JWT (JwtStrategy) and expects to find it in a cookie. In order to get a valid JWT, a user should login with a valid username and password (LocalStrategy).

The fortune-teller server operated over https and therefore you need a certificate and a private key. Where to find those files is configured in config/index.js. By default, it is expecting to find the private key in keys/privkey.pem and the certificate in keys/cert.pem; both in PEM format.

All the session information is stored in the JWT client side (sessionless server).

As already stated, we will use cookies for token storage (on the client) and exchange (between client and server). Cookies are handled by default by any web browser and thus remove the need to also create a client.

JWT and cookies configuration options are stored in config/index.js. You MUST revisit that file.

Please note that the server's secret for 'signing' (HMACing) the token is one of the options, so be careful if you are syncing that file with an online repository. Just in case you are interested, this problem is often faced by using a gitignored .env file with an environment variable for the secret.

User login is performed with a local strategy using username and passwords. The server stores bcrypt-ed passwords that are checked against the user-provided one. For the sake of simplicity, no DB is used and two example users are hardcoded in config/users.js. You can create new bcrypt-ed passwords using the provided script tools/bcrypt.js. The salt value is randomly chosen and the number of rounds defaults to 13 but can be set to any value as a second argument; e.g. for password hello123:

$ node bcrypt.js hello123
$2b$13$x2B9adECo7EkKuDbujJe1unW3icISCctreasFOJFiLyyWUdDOO9zu
$ node bcrypt.js hello123 16
$2b$16$ZiY1yscail4V72CYP1IK3uaC3owprKpLftbHCutDvCVxKSlYVe6qW

About

This is a fork of https://github.com/juanelas/express-passport-jwt-cookies and an attempt to add more authentication Strategies, such as passport-google-oauth, passport-facebook, passport-github and passport-twitter for an academic Assignment in "Network Security - Authentication and Authorization" (NETAUTH) subject in Universitat Politecnica de…

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published