Thanks a lot for the comment. Passport doesn't encrypt the password, it only provides a standardized way of getting a user according to a given set of credentials. If you only want to support password-based login for your users with GraphQL you could achieve the same functionality inside the resolvers without Passport. In your case you could do the following:
Send the email and password to the GraphQL API via a mutation (same as here)
Encrypt and hash the password inside the resolver (not implemented in this post but definitely necessary)
Use the email and password hash to fetch the user from a database inside the resolver (this is done in the Passport graphql-local strategy here)
Create a JWT and save it in a cookie (we use express-session instead)
Use the JWT on subsequent request to authenticate the user (again express-session in combination with Passport)
In general, I would advise against using JWT for session management. This is why we use express-session in this tutorial which saves a session ID to the cookie instead. We didn't really cover it in this post but you can find more details here. Passport integrates really well with express-session.
Another big advantage of Passport is that it supports a lot of other ways to authenticate. You can plug in more "Strategies" and easily implement login via Facebook, Twitter, GitHub, Auth0 and many more.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks a lot for the comment. Passport doesn't encrypt the password, it only provides a standardized way of getting a user according to a given set of credentials. If you only want to support password-based login for your users with GraphQL you could achieve the same functionality inside the resolvers without Passport. In your case you could do the following:
In general, I would advise against using JWT for session management. This is why we use express-session in this tutorial which saves a session ID to the cookie instead. We didn't really cover it in this post but you can find more details here. Passport integrates really well with express-session.
Another big advantage of Passport is that it supports a lot of other ways to authenticate. You can plug in more "Strategies" and easily implement login via Facebook, Twitter, GitHub, Auth0 and many more.