From what I understand about passport and express applications on node js, it works like this:
passport is a library which implements middleware for express routes to authenticate users. This can be implemented as sessions in a cookie, or memory, or whatnot, thus passport provides a framework for various passport adaptations depending on what your authentication strategy is.
The JWT strategy authenticates users by encoding encrypted information in the HTTP headers.
After a users has been authenticated, a JWT token is returned so that the user doesnt have to continually pass sensitive credentials back and forth. The token is created with various info, then is signed by the application when then a user can pass back to authenticate themselves to the application. The token can then be decrypted once received by the application to determine the identity of the sender.
Thank you very much! I was wondering how I could associate specific recourses to an authenticated user. For example, Let's there is a todo application and each "todo page" is associated with an authenticated user. How would I implement this?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
From what I understand about passport and express applications on node js, it works like this:
passport is a library which implements middleware for express routes to authenticate users. This can be implemented as sessions in a cookie, or memory, or whatnot, thus passport provides a framework for various passport adaptations depending on what your authentication strategy is.
The JWT strategy authenticates users by encoding encrypted information in the HTTP headers.
After a users has been authenticated, a JWT token is returned so that the user doesnt have to continually pass sensitive credentials back and forth. The token is created with various info, then is signed by the application when then a user can pass back to authenticate themselves to the application. The token can then be decrypted once received by the application to determine the identity of the sender.
This freecodecamp article was of reasonable help to me.
Great, thank you very much
Thank you very much! I was wondering how I could associate specific recourses to an authenticated user. For example, Let's there is a todo application and each "todo page" is associated with an authenticated user. How would I implement this?