Authentication is a primary source of security for all web and mobile applications. In order to identify the user is genuine and user has the privilege to access the web applications, authentication is very helpful.
Passport vs Passport JWT
The difference between Passport and Passport-JWT is that Passport does not have any particular method for authentication instead many methods are implemented using passport as strategies for authentication whereas Passport-JWT is a strategy which uses web token method using passport for authentication.
Comparison Table Between Passport and Passport JWT (in Tabular Form)
|Parameter of Comparison||Passport||Passport-JWT|
|Purpose||It is a middleware used in node for authentication. It is flexible and modular.||It is a specific strategy implemented with the help of passport to provide authentication.|
|Methods||Does not have any particular method for implementation and use oAuth method.||Use JSON Web Token method to implement authentication.|
|Strategy||Passport uses ‘local’ for local strategy to authenticate the requests.||Passport-JWT uses JWT strategy using the following syntax,|
new JwtStrategy(options, verify)
|Script||Passport-local strategy has both return and done script. It expects return data from the method.||Passport-JWT does not need any return type and it has only done script.|
|Callback||Passport-local strategy uses closures and custom callbacks. Before handling the user data, req.login() method should be called.||Passport-JWT strategy also uses closures and custom callbacks but here JWT token will get generated after the verification of the user. Jwt.sign()|
What is Passport?
Passport is a middleware used for providing authentication using username and password. This is just a module in node.js application which is involved in providing authentication and it is modular and extremely flexible.
Passport can be unobtrusively integrated into any express based web application that can support ‘Connect’ style middleware. Passport is a middleware with a set of strategies that supports authentication.
It has its own features and that provides more benefits. The features are,
- Single sign-on with OpenID and OAuth
- More number of authentication strategies around 300+
- Choose the required strategies and pick based on the requirement
- Success and failure are easily handled
- Can also implement custom strategies
- Provides dynamic scope
- Code base is lightweight
Local authentication strategy provides authentication with the help of credentials such as username and password. It performs a verify call back accepting the credentials and finally provides the user calling done.
Passport.authenticate uses ‘local’ for local strategy to authenticate the requests.
What is Passport JWT?
It is also one of the passport strategy in order to provide authentication using JSON Web Token. This passport strategy is also one among the many modules providing authentication service.
Using JSON web token, this module authenticates the end points. Moreover, this module without sessions secure the RESTful endpoints.
Syntax to install passport-jwt,
npm install passport-jwt
Authentication strategy as follows,
new JwtStrategy(options, verify)
‘options’ is nothing but an object literal to manage the web token pulled from request. In order to verify the incoming token passport-jwt uses jsonwebtoken.
There are numerous ways to pass the JWT token request. It is also modular and flexible, adding to that using the jwtFromRequest parameter which is user-supplied callback JWT is passed as a request.
The above mentioned callback is referred as extractor. Passport-jwt.ExtractJwt provides many extractor factory functions.
- fromHeader(header_name) – Extractor will be created looking for JWT in header
- fromBodyField(field_name) – Extractor will be created looking for JWT in body
Main Differences Between Passport and Passport JWT
- Both Passport and Passport-JWT are modules to provide authentication using their own strategies. They are easy and convenient to use for various reasons. The main difference between Passport and Passport-JWT is Passport does not have any particular method for implementation whereas Passport-JWT is already a strategy uses JSON Web Token JWT method to implement authentication.
- Passport uses ‘local’ for one of its strategies named Passport-local to authenticate the requests whereas Passport-JWT uses JWT strategy using the following syntax,: new JwtStrategy(options, verify)
- Passport is modular and flexible, it has return script which expects to throw return data from the method whereas Passport-JWT strategy does not has return script and it does not need to return any data mandatorily.
- In the aspects of closures and callback, Passport calls req.login() method before handling the user data whereas Passport-JWT calls Jwt.sign() method after the verification of the user.
Authentication is must for all the applications as it provides security in order to access the both web and mobile applications. Many tools and frameworks offers many authentication techniques to provide security. Passport js and Passport-JWT are also one among the many authentication techniques or strategies provide authentication to the applications.
This module authenticates the end points using JSON web token. Both Passport and Passport-JWT has its own strategies to provide authentication and any of the above two strategies can be implemented in an application based on user requirements.