0

Very basic question but probably I miss something very big in the big picture. I cannot figure out whether passport.js is needed or not when using JWT auth. Most examples have it but I fail to see the need.

In my app, there is a /login route and once the user authenticates successfully ( local auth, I check user, a hash pair in the database) I create a token with user id in it, set an expiry, sign it and send it back as the cookie in the response. Then I check the req cookies, decrypt and if they contain user id and not expired, I consider the request authenticated. (also traffic is https only if it changes anything)

Am I doing something wrong here as I don't have passport etc. in the process?

Sunil Garg
  • 14,608
  • 25
  • 132
  • 189
Taata
  • 107
  • 2
  • 11
  • 1
    No, [JWT (RFC 7519)](https://tools.ietf.org/html/rfc7519) is a standard. `passport.js` is an implementation that uses JWT. It isn't required. – zero298 Nov 08 '17 at 21:18
  • @zero298, you should put your comment as answer. It deserves to be the right answer – javierfdezg Nov 16 '17 at 23:11

1 Answers1

2

No, JWT (RFC 7519) is a standard. passport.js is an implementation that uses JWT. It is not required.

Community
  • 1
  • 1
zero298
  • 25,467
  • 10
  • 75
  • 100