nextjs-mongodb-app icon indicating copy to clipboard operation
nextjs-mongodb-app copied to clipboard

Published 20 hours ago verified publisher icon hoangvvo

Passport.js + Bearer Token authentication

Open MontoyaAndres opened this issue 4 years ago • 9 comments

Hey!

I'm curious if you can help making an example with Passport, maybe this can help you. It's an example from the Hasura community that uses passport for authentication, I don't know if is possible to pass it to serverless functions with Now.

What do you think?

Also, here's another person implementing Passport with Now. https://todayilearned.io/til/nextjs-with-passport-oauth-cookie-sessions

What I want is to include local authentication, and Google, Facebook, and Twitter authentication as well

MontoyaAndres avatar Dec 13 '19 13:12 MontoyaAndres

I think it will be nice to upgrade this project to something like this https://github.com/sahat/hackathon-starter A lot of new developers like me need guidance like this.

JurajJakubov avatar Jan 04 '20 13:01 JurajJakubov

So sorry, I have been busy. This should be possible (even in serverless by the way we set the middleware up). Willget a PR in asap

hoangvvo avatar Jan 05 '20 21:01 hoangvvo

@MontoyaAndres @JurajJakubov #39 should do.

hoangvvo avatar Jan 08 '20 04:01 hoangvvo

@hoangvvo Wow. Dreams come true. Thank you very much for this you have no idea how this can help people like me.

JurajJakubov avatar Jan 08 '20 10:01 JurajJakubov

Wow, thank you! I'm not in favor about sessions, I prefer to send the jwt token to the client, and the client will save it in a cookie, this is because I work with react native and the cookies do not exist here... Maybe create another branch or repository where you remove the sessions and use something like this: https://github.com/zeit/next.js/tree/canary/examples/with-cookie-auth next.js will care about saving the jwt to a cookie

MontoyaAndres avatar Jan 08 '20 12:01 MontoyaAndres

@MontoyaAndres I would not recommended letting the client save it in a cookie. Doing so will force us to turn off the cookie's HttpOnly flag, which will then make it vulnerable to XSS.

Still, if you want to proceed, I'm looking at passport-http-bearer or passport-jwt.

Keep in mind the limitation of JWT (cannot invalidate, size, "database-is-hit-anyway").

hoangvvo avatar Jan 11 '20 20:01 hoangvvo

Great, I think passport-http-bearer is a nice option for this, I hope you can integrate, and if I'm now wrong, in the first comment, I passed an example using it

MontoyaAndres avatar Jan 11 '20 21:01 MontoyaAndres

I want this too, no time to think about this, but I think it can be done with middleware of hoangvvo

IRediTOTO avatar May 31 '20 07:05 IRediTOTO

is there any update ? I'm adding to our PWA an react-native option and it would be really great if we could use everything also there but the actual version can not be used for react native

wortkotze avatar Jul 19 '20 16:07 wortkotze