I am kind of new to Node.js development and currently working on a pet project on my free time.
So far I have created JWT authentication using passport and passport-jwt for the strategy and I am using it in all of my RESTful APIs.
Now I am thinking of mixing this with some sort of Facebook authentication still want to stick with token authentication.
Currently this is how I am generating and obtaining the token:
exports.authenticate = function(req, res) {
User.findOne({
email: req.body.email
}, function(err, user) {
if (err)
return res.status(400).send(getErrorMessage(err));
if (!user) {
res.status(400).send({
success: false,
message: 'Authentication failed. User not found.'
});
} else {
if (user.checkPassword(req.body.password)) {
let token = jwt.encode(user, config.secretPhrase);
res.json({
success: true,
token: 'JWT ' + token
});
} else {
res.status(401).send({
success: false,
message: 'Authentication failed. Wrong password.'
});
}
}
});
};
app.route('/api/users/authenticate')
.post(user.authenticate);
And to validate I do the following:
let user = require('../../app/controllers/user-controller');
app.route('/api/todos')
.get(user.validateLogin, todos.list)
.post(user.validateLogin, todos.create);
user-controller:
exports.validateLogin = passport.authenticate('jwt', {
session: false
});
Anyone can suggest a neat way to mix the two strategies ? should I use express-jwt ? What's the difference between express-jwt and passport-jwt ?
