passport
1
总安装量
1
周安装量
#53855
全站排名
安装命令
npx skills add https://github.com/g1joshi/agent-skills --skill passport
Agent 安装分布
mcpjam
1
claude-code
1
replit
1
junie
1
zencoder
1
Skill 文档
Passport.js
Passport is authentication middleware for Node.js. It is designed to serve a unique purpose: authenticate requests. It delegates all other details (user handling, sessions) to the application.
When to Use
- Node.js/Express Apps: The de-facto standard for Express auth.
- Multiple Strategies: Supporting Local (Username/Password), Google, Facebook, and Twitter login all in one app.
- Legacy/Established Codebases: widely used in existing Mean/Mern stacks.
Quick Start
import passport from "passport";
import LocalStrategy from "passport-local";
// Configure Strategy
passport.use(
new LocalStrategy(async (username, password, done) => {
const user = await User.findOne({ username });
if (!user) return done(null, false);
if (!user.verifyPassword(password)) return done(null, false);
return done(null, user);
}),
);
// Middleware in Route
app.post(
"/login",
passport.authenticate("local", {
successRedirect: "/",
failureRedirect: "/login",
}),
);
Core Concepts
Strategies
Modules that allow you to authenticate with a specific provider (passport-local, passport-google-oauth20, passport-jwt).
Serialize/Deserialize
How Passport maintains the user session.
serializeUser: Saves User ID to the session.deserializeUser: Uses User ID to fetch the full User object on subsequent requests.
Best Practices (2025)
Do:
- Use
passport-jwtfor stateless APIs (Microservices). - Limit Session size: Only serialize the User ID, not availability entire object.
- Maintenance Check: Some strategies are unmaintained. Check the GitHub repo activity before picking a strategy.
Don’t:
- Don’t mix Logic: Keep the Strategy config separate from your Route logic.
- Don’t rely solely on it: Passport handles Authentication. You still need to handle Authorization (Roles/Permissions) separately.