Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passport.js + Bearer Token authentication #33

Open
MontoyaAndres opened this issue Dec 13, 2019 · 9 comments · Fixed by #39
Open

Passport.js + Bearer Token authentication #33

MontoyaAndres opened this issue Dec 13, 2019 · 9 comments · Fixed by #39
Labels

Comments

@MontoyaAndres
Copy link

MontoyaAndres commented Dec 13, 2019

Hey!

I'm curious if you can help making an example with Passport, maybe this can help you. It's an example from the Hasura community that uses passport for authentication, I don't know if is possible to pass it to serverless functions with Now.

What do you think?

Also, here's another person implementing Passport with Now. https://todayilearned.io/til/nextjs-with-passport-oauth-cookie-sessions

What I want is to include local authentication, and Google, Facebook, and Twitter authentication as well

@JurajJakubov
Copy link

I think it will be nice to upgrade this project to something like this https://github.com/sahat/hackathon-starter
A lot of new developers like me need guidance like this.

@hoangvvo
Copy link
Owner

hoangvvo commented Jan 5, 2020

So sorry, I have been busy. This should be possible (even in serverless by the way we set the middleware up). Willget a PR in asap

@hoangvvo
Copy link
Owner

hoangvvo commented Jan 8, 2020

@MontoyaAndres @JurajJakubov #39 should do.

@JurajJakubov
Copy link

@hoangvvo Wow. Dreams come true. Thank you very much for this you have no idea how this can help people like me.

@MontoyaAndres
Copy link
Author

MontoyaAndres commented Jan 8, 2020

Wow, thank you! I'm not in favor about sessions, I prefer to send the jwt token to the client, and the client will save it in a cookie, this is because I work with react native and the cookies do not exist here... Maybe create another branch or repository where you remove the sessions and use something like this: https://github.com/zeit/next.js/tree/canary/examples/with-cookie-auth next.js will care about saving the jwt to a cookie

@hoangvvo
Copy link
Owner

@MontoyaAndres I would not recommended letting the client save it in a cookie. Doing so will force us to turn off the cookie's HttpOnly flag, which will then make it vulnerable to XSS.

Still, if you want to proceed, I'm looking at passport-http-bearer or passport-jwt.

Keep in mind the limitation of JWT (cannot invalidate, size, "database-is-hit-anyway").

@hoangvvo hoangvvo reopened this Jan 11, 2020
@hoangvvo hoangvvo changed the title Example with Passport.js Passport.js + Bearer Token authentication Jan 11, 2020
@hoangvvo hoangvvo mentioned this issue Jan 11, 2020
@MontoyaAndres
Copy link
Author

Great, I think passport-http-bearer is a nice option for this, I hope you can integrate, and if I'm now wrong, in the first comment, I passed an example using it

@IRediTOTO
Copy link

I want this too, no time to think about this, but I think it can be done with middleware of hoangvvo

@wortkotze
Copy link

is there any update ? I'm adding to our PWA an react-native option and it would be really great if we could use everything also there but the actual version can not be used for react native

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants