Chapter 5. Security

In this chapter we will authenticate users using a GitHub account and OAuth 2.0 tokens. This will allow us to secure the site and support multiple users; currently we have a single hardcoded token and user. We will also add HTTPS to our site and explore some other modules that we can use to secure other common security vulnerabilities.

Setting up Passport

Passport is an authentication middleware for node that supports; via plugin; multiple authentication strategies, including Basic Auth, OAuth, and OAuth 2. Passport works by defining a route middleware to be used to authenticate the request.

Let's install Passport:

npm install passport --save

Passport does not include a GitHub strategy; for this we need to install passport-github ...

Get Advanced Express Web Application Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced Express Web Application Development by Andrew Keig

Chapter 5. Security

Setting up Passport

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly