Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. When writing modules, encapsulation is a virtue, so Passport delegates all other functionality to the application. This separation of concerns keeps code clean and maintainable, and makes Passport extremely easy to integrate into an application.

OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.

Passport Documentation

Authenticating

redirecting

General OAuth flow - Signup

General OAuth flow - Login

Sources

When creating a new website (or dealing with an existing one), it is very important to get authentication correct if you need to implement it. Unfortunately, getting authentication correct is difficult task believe it or not.Before getting into using Node and Passport for authentication, I suggest watching this quick video about how NOT to store passwords. Its a good "history" of how some people have (and some still do) store password. It also goes over hashing and salting as a good recommendation as to how you should deal with storing passwords if you do it on your own.One thing mentioned in the video is the idea that, if possible, do not handle authentication on your own. This means, use a 3rd party like Google, Facebook, Github, or any other company that allows you to sign in using their authentication services.This is where Passport comes in. From the Passport website:If you have used the internet in the past few years you may have seen some buttons or icons that look something like thisIf you create an account or sign in with a service such as Facebook, you are essentially using a single sign-on technique using OAuth. Each one of those buttons pictured above (and many more not pictured) is an OAuth provider.source : OAuth Definition At this point we now know1: Authentication is something that should not be taken lightly2: Its great if you can leave it up to someone else3: OAuth is a solution that these companies leverage to have a single sign-on solutionWith this in mind, we can move forward with with a deeper discussion about using Passport and Node.As stated above, Passport is a tool for setting up authentication when using Node. It is a middleware ( what is middleware Its important when working with Passport to check out theThere are a few key things to note here about the main site.When going to the documentation section, you will see there is some general setup information. Below that, there are some links for Providers. These providers are some of the ones mentioned above (Facebook, Google, Twitter, etc ...). Each one of these will have corresponding configuration details. These configuration details are referred to asStrategies are the implementation details that you can search for and implement. For example, if you click on Strategies it will bring up a search dialog that looks like this (searching for Google).Clicking on OAuth for Google (the first one - passport-google-oauth) takes you to the git repo for the strategy you are looking to implement ().While these each have their own specific implementation details, they all follow the same basic pattern.1: Signup for a development account to gain access to their development API2: Add code to handle the authentication (follow docs examples)3: Add code the handle routing (follow docs examples)Once this is setup, Passport is essentially doing two things ...andOnce you signup with an OAuth service, you are granting permission for them to handle your login credentials (you need to be logged in to that service in your browser). Agreeing to this, you are granted permission via cookie/token and you are logged in.Click Signup with Google/Facebook/Twitter/etcAsk the user if they grant permissionTake the code from the URL (example.com/auth/google/callback?code=123)Send the request to google with code includedGoogle sees the code and then responds with user detailsCreate a new record in DB with these user detailsClick loginForward the request to Google/Facebook/Twitter/etcVerify permission grantedSet user ID in cookie/token for the userSuccessfully logged inExample code using Node(express) and Passport using Google strategy for OAuth 2. Look to comments for further explanation.