Difference Between Passport and Passport JWT (With Table)

Authentication is a primary source of security for all web and mobile applications. In order to identify the user is genuine and user has the privilege to access the web applications, authentication is very helpful.

Passport vs Passport JWT

The difference between Passport and Passport-JWT is that Passport does not have any particular method for authentication instead many methods are implemented using passport as strategies for authentication whereas Passport-JWT is a strategy which uses web token method using passport for authentication.

Passport is a javascript which helps the developers by providing many authentication strategies and on integrating will provide secure authentication. There are many express js frameworks and passport acts as a middleware for these by providing authentication.

Passport is a middleware for authentication in Node and Passport-JWT is a JWT strategy to provide authentication for the applications. Passport-JWT is the subset of passport javascript. JWT is a JSON web token and it is implemented using passport javascript.


Comparison Table Between Passport and Passport JWT (in Tabular Form)

Parameter of ComparisonPassportPassport-JWT
PurposeIt is a middleware used in node for authentication. It is flexible and modular.It is a specific strategy implemented with the help of passport to provide authentication.
MethodsDoes not have any particular method for implementation and use oAuth method.Use JSON Web Token method to implement authentication.
StrategyPassport uses ‘local’ for local strategy to authenticate the requests.Passport-JWT uses JWT strategy using the following syntax,
new JwtStrategy(options, verify)
ScriptPassport-local strategy has both return and done script. It expects return data from the method.Passport-JWT does not need any return type and it has only done script.
CallbackPassport-local strategy uses closures and custom callbacks. Before handling the user data, req.login() method should be called.Passport-JWT strategy also uses closures and custom callbacks but here JWT token will get generated after the verification of the user. Jwt.sign()


What is Passport?

Passport is a middleware used for providing authentication using username and password. This is just a module in node.js application which is involved in providing authentication and it is modular and extremely flexible.

Passport can be unobtrusively integrated into any express based web application that can support ‘Connect’ style middleware. Passport is a middleware with a set of strategies that supports authentication.

It has its own features and that provides more benefits. The features are,

  1. Single sign-on with OpenID and OAuth
  2. More number of authentication strategies around 300+
  3. Choose the required strategies and pick based on the requirement
  4. Success and failure are easily handled
  5. Can also implement custom strategies
  6. Provides dynamic scope
  7. Code base is lightweight

Local authentication strategy provides authentication with the help of credentials such as username and password. It performs a verify call back accepting the credentials and finally provides the user calling done.

Passport.authenticate uses ‘local’ for local strategy to authenticate the requests.


What is Passport JWT?

It is also one of the passport strategy in order to provide authentication using JSON Web Token. This passport strategy is also one among the many modules providing authentication service.

Using JSON web token, this module authenticates the end points. Moreover, this module without sessions secure the RESTful endpoints.

Syntax to install passport-jwt,

npm install passport-jwt

Authentication strategy as follows,

new JwtStrategy(options, verify)

‘options’ is nothing but an object literal to manage the web token pulled from request. In order to verify the incoming token passport-jwt uses jsonwebtoken.

There are numerous ways to pass the JWT token request. It is also modular and flexible, adding to that using the jwtFromRequest parameter which is user-supplied callback JWT is passed as a request.

The above mentioned callback is referred as extractor. Passport-jwt.ExtractJwt provides many extractor factory functions.

  1. fromHeader(header_name) – Extractor will be created looking for JWT in header
  2. fromBodyField(field_name) – Extractor will be created looking for JWT in body

Main Differences Between Passport and Passport JWT

  1. Both Passport and Passport-JWT are modules to provide authentication using their own strategies. They are easy and convenient to use for various reasons. The main difference between Passport and Passport-JWT is Passport does not have any particular method for implementation whereas Passport-JWT is already a strategy uses JSON Web Token JWT method to implement authentication.
  2. Passport uses ‘local’ for one of its strategies named Passport-local to authenticate the requests whereas Passport-JWT uses JWT strategy using the following syntax,: new JwtStrategy(options, verify)
  3.  Passport is modular and flexible, it has return script which expects to throw return data from the method whereas Passport-JWT strategy does not has return script and it does not need to return any data mandatorily.
  4. In the aspects of closures and callback, Passport calls req.login() method before handling the user data whereas Passport-JWT calls Jwt.sign() method after the verification of the user.
  5. Passport is a javascript and it is a middleware and can be integrated into any express based web application whereas Passport-JWT is a subset of Passport and it uses token in order to authenticate the endpoints.



Authentication is must for all the applications as it provides security in order to access the both web and mobile applications. Many tools and frameworks offers many authentication techniques to provide security. Passport js and Passport-JWT are also one among the many authentication techniques or strategies provide authentication to the applications.

Passport is a javascript does not have any specific method for authentication instead supports oAuth and can be integrated with any express based web application. It is a middleware and it is modular and flexible. It has more than 300+ authentication strategies and one among them is Passport-JWT. Passport-JWT is a subset of passport and this strategy has its own method of authentication using JSON Web Token.

This module authenticates the end points using JSON web token. Both Passport and Passport-JWT has its own strategies to provide authentication and any of the above two strategies can be implemented in an application based on user requirements.


  1. http://www.passportjs.org/packages/passport-jwt/
  2. https://itnext.io/implementing-json-web-tokens-passport-js-in-a-javascript-application-with-react-b86b1f313436
2D vs 3D