by jay patel
“Build me a user-authentication system in two weeks” is a common phrase among R&D teams these days. For various reasons, this task has always been one of those things left for a single developer in the team to sort out.
On one hand, you really don’t want to waste a lot of time doing it. On the other, you’re concerned that this kind of information might be better off handled by your own internally-written service, for better scaling later on.
As new tutorials appear around the web (a good place to start), and more teams are trying to understand the cost-benefit equation for implementing their own solution vs using a library or a service.
In this article you will read the following JavaScript User Authentication Libraries:
1. Passport JS
2. Auth0
3. Permit
4. Grant
5. Feathers authentication management
6. Firebase Authentication
Learn Each Libary in Details.
Passport is not only a 15k stars user-auth library, it is probably the most common way for JS developers to use an external library for user authentication. This library basically provides relatively flexible and modularmiddleware for Node.js which can be integrated to any Express-based web application. It’s also a community platform which supports various kinds of common authentications such as username and password, Facebook, Twitter, and more. If you don’t want to implement your own solution, it’s probably your first go-to option. Note these common mistakes to be avoided though.
jaredhanson/passport
Simple, unobtrusive authentication for Node.js. Contribute to jaredhanson/passport development by creating an account…
With express: https://github.com/expressjs/session
2. Auth0
While this isn’t a library but rather a service, it’s a robust yet quick way to get the job done. Auth0 is a (quite big) start-up company which provides a wide universal authentication & authorization platform for web, mobile and legacy applications. Some say it’s the closest solution to Plataformatec’s Devise for Ruby on Rails, except you can connect any app or API in any language. There are over 100 pre-built integrations, and here’s a quick-start with Node.js.
Never Compromise on Identity. — Auth0
Auth0 is the solution you need for web, mobile, IoT, and internal applications.Loved by developers and trusted by…
Permit is a 1K stars project which aims to provide an “unopinionated” authentication library for building Node.js APIs. Permit lets you add an authentication layer to any Node.js API and can be used with frameworks like Express, Koa, Hapi and Fastify. It can be used with multiple types of API from REST to GraphQL, hence the “unopinionated” design. Permit aims to focus on APIs (stateless requests) and supporting frameworks other than Express. It’s also being active developed, which makes Permit an interesting choice to consider. definitely worth keeping an eye on this one.
ianstormtaylor/permit
An unopinionated authentication library for building Node.js APIs. — ianstormtaylor/permit
See examples. Here’s one with Express:
import { Bearer } from 'permit'
import express from 'express'
const permit = new Bearer({
basic: 'username', // Also allow a Basic Auth username as a token.
query: 'access_token', // Also allow an `?access_token=` query parameter.
})
function authenticate(req, res, next) {
// Try to find the bearer token in the request.
const token = permit.check(req)
// No token found, so ask for authentication.
if (!token) {
permit.fail(res)
return next(new Error(`Authentication required!`))
}
// Perform your authentication logic however you'd like...
db.users.findByToken(token, (err, user) => {
if (err) return next(err)
// No user found, so their token was invalid.
if (!user) {
permit.fail(res)
return next(new Error(`Authentication invalid!`))
}
// Authentication succeeded, save the context and proceed...
req.user = user
next()
})
}
const app = express()
app.get('/', (req, res) => {
res.send('Some unrestricted content.')
})
app.get('/restricted', authenticate, (req, res) => {
res.send('Restricted content!')
})
app.listen(3000)
A rather new and promising library providing OAuth Middleware for Express, Koa and Hapi- with over 180 supported providers and a live playground. In case you want to use it with your own private OAuth provider, you can specify the required key yourself. Although this library is already getting traction (+ 1K stars), resources are relatively scarce so try it out with care.
simov/grant
OAuth Middleware for Express, Koa and Hapi. Contribute to simov/grant development by creating an account on GitHub.
Feathers is an open source (11K stars) real-time, micro-service web framework for NodeJS that gives you control over your data via RESTful resources, sockets and flexible plug-ins.
Feathers also provides authentication and authentication management modules which let you add sign up verification, forgotten password reset, and other capabilities to local feathers-authentication. The idea is to combine different authentication methods under one roof, in a flexible infrastructure. Here’s a step-by-step guide to help you get started.
feathersjs/authentication
Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS. …
feathers-plus/feathers-authentication-management
feathers-plus/feathers-authentication-management Adds sign up verification, forgotten password reset, and other capabilities to local feathers-authentication…
This might not necessarily be the long-term solution to manage user auth in your scaling platform (or is it?). But, it’s a very useful way to get the job done, fast and simple, for your applications deployed with Firebase.
Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook, and Twitter. Learn more here.
Honorable mentions
Most of these are unmaintained, so try with care!
bnoguchi/everyauth
node.js auth package (password, facebook, & more) for Connect and Express apps — bnoguchi/everyauth
Okta | Always On
Looks like you have Javascript turned off! Please enable it to improve your browsing experience. The Okta Identity…
Authentication
import Amplify from 'aws-amplify' ; Amplify .
iaincollins/next-auth
An authentication library for Next.js projects. Contribute to iaincollins/next-auth development by creating an account…
sffc/easy-no-password
Passwordless and 2FA auth without a database. Contribute to sffc/easy-no-password development by creating an account on…
nmaro/ooth
User identity/authentication/accounts management microservice for node.js - nmaro/ooth
jaredhanson/oauth2orize
OAuth 2.0 authorization server toolkit for Node.js. — jaredhanson/oauth2orize
stormpath/stormpath-sdk-react
User Management and Authentication for React. Contribute to stormpath/stormpath-sdk-react development by creating an…
t1msh/node-oauth20-provider
OAuth 2.0 provider toolkit for nodeJS, standalone server and express middleware support - t1msh/node-oauth20-provider
zemirco/lockit
Authentication solution for Express. Contribute to zemirco/lockit development by creating an account on GitHub.
Your email address will not be published. Required fields are marked *