Passport.js Strategies
Configure Passport.js authentication middleware with 500+ strategies for Express and Node.js applications.
Overview
The library integrates seamlessly with Express.js and provides a consistent API for authenticating requests. Strategies handle the specifics of each authentication method while Passport manages session serialization, request augmentation, and authentication flow control. Popular strategies include passport-local for username/password, passport-google-oauth20 for Google, and passport-jwt for token-based auth.
Passport supports both session-based and stateless authentication. For session-based auth, it provides serialize/deserialize hooks that control how user data is stored in and retrieved from sessions. For API authentication, JWT and Bearer token strategies enable stateless request validation without server-side session storage.
Who Is This For?
- Add local username/password auth to an Express app
- Implement Google OAuth2 login with Passport
- Set up JWT-based API authentication
- Combine multiple auth strategies in one application
Installation
npm install passport passport-local express-session Configuration
// config/passport.ts
import passport from "passport"
import { Strategy as LocalStrategy } from "passport-local"
passport.use(new LocalStrategy(
async (username, password, done) => {
const user = await User.findOne({ username })
if (!user || !await user.verifyPassword(password)) {
return done(null, false, { message: "Invalid credentials" })
}
return done(null, user)
}
)) Explore AI Tools
Discover the best AI tools that complement your skills
Read AI & Design Articles
Tips and trends in the world of design and AI
Related Servers
Snyk Security Scan
Detect vulnerabilities in your dependencies and application code. Get actionable remediation advice and automatic fix pull requests.
SonarQube Code Quality
Run continuous code quality and security analysis to catch bugs, code smells, and vulnerabilities before they reach production.
OWASP ZAP Security Testing
Perform automated web application security testing to find common vulnerabilities like XSS, injection flaws, and misconfigurations.