By Konny Guo
Hi there, fellow developers! If you are looking to up your security game for your website then you came to the right place. In this blog, we'll go through the process of authenticating websites with Passport.js. Before we get started, make sure you've got an intermediate understanding of Node.js, Express, and a some basic understanding of sessions and authentication.
In today’s digital world, a ton of data is stored and we want to protect that data from any threats that can cost companies millions in damages. With the risk of data exposure, implementing robust security measures becomes paramount to a company’s success. Amplify provides users with a platform to bring attention to their social causes. This necessitated the implementation of secure authentication for admin users that are using the site.
Among the expansive number of authentication frameworks available, we chose to use Passport.js. With support for third-party providers like Meta, Google, Twitter, and more, Passport.js has enough flexibility to be used by many developers. Due to its simplicity, modularity, and flexible authentication strategies. Strategies are ways that a user can be logged in. Passport.js was ideal for what we do because we can choose to implement one strategy then change into another strategy or even use multiple strategies at once. For example, we can start off with a Passport Google strategy which makes user able to log into the site with their Google accounts and even add other strategies along the way.
For Amplify, our mentor suggested that myself and a fellow developer used the Passport's LocalStrategy which focuses on local authentication of username and password. We are able to create accounts right there on the spot without the use of any party providers like Meta, Google, Twitter, and more which can be added later on. We also implemented sessions and middleware which worked together in aiding Passport’s authentication. The middleware helps protect users from being able to go into a specific route. The middleware ensures that a user is ready for a certain action. For instance, if a user was logged in, they should never be able to go to the login page as they are already logged in so they should automatically be routed to the dashboard should they be logged in. If a user is not logged in then they should not be able to access any of the pages that a login user should access. Then we have sessions which allows the user to stay logged in and can time them out if they are gone for too long.
During my time working on ProgramEquity's open source project Amplify, I delved into the intricacies of Passport.js by reading documentations and connecting the code with common implementations used beside it like middleware and sessions. This experience proved invaluable as I worked through a large application and implemented my code alongside it.
In conclusion, contributing to Amplify’s codebase allowed me to challenge myself to learning and understanding real world development issues. The experience with understanding code security will prove very useful in the present and near future. I appreciate the help from my peers and mentor that I received along the way to overcome some of the challenges in the beginning. I hope that this blog helped improve your understanding as well.
Top comments (0)