HACKER Q&A
📣 prmph

Alternatives to Passport Auth


Is there another open source alternative to passport for auth in an express node API?

I am concerned that Passport plugins are not actually vetted for security

  👤 blahblah1234567 Accepted Answer ✓
OP: For such questions and discussions, I recommend getting on IRC [0]. The Libera server [1]

IRC is a collection of chatrooms on all kinds of technical topics: programming languages, frameworks, cloud providers, topics

often hundreds of people are in each chat room. You can get live Q&A sessions with veteran and highly respected programmers.

I've chatted with an engineering director of AirBNB on a channel there, and also a security expert who was tracked by the FBI for a bit, for example-- interesting, intelligent people.

Examples of chatrooms ("channels") I am in: #nodejs #python #machinelearning #economics [3]

You'll need to learn how to register and login to IRC -- it's pretty easy, just involves a command. For Mac OS I recommend the LimeChat client.

[0] https://www.online-tech-tips.com/software-reviews/the-11-bes...

[1] https://libera.chat/

[3] https://libera.chat/guides/findingchannels

👤 ianpurton
You could go with a non-framework style of authentication.

For example Barricade https://github.com/purton-tech/barricade is a small docker container that handles auth.

In terms of security, even if you integrate with a secure authentication system, your integration may be insecure.

So a PenTest is recommended anyway.

👤 adnjoo
Jsonwebtokens (jwt)
👤 mooreds
What are you trying to do? Are you storing username and password in your site, or connecting to a social or OIDC provider?

What kind of auth are you doing in a node API? (Vs in an express app that generates UX.)