0

So we have our application in nodejs ready, implemented with passport as authentication framework on top of express/nodejs. The routes had been designed as REST API.

Now, there's a request to make the routes available as REST API to non-browser clients.

How would I go about implementing this when our app already works well with passport for authentication? Can passport be used for that? Or another framework, like Oauth? Would they be compatible or would I need to dismantle the passport code to implement with Oauth?

Coulnd't find relevant information yet.

laggingreflex
  • 32,948
  • 35
  • 141
  • 196
transient_loop
  • 5,984
  • 15
  • 58
  • 117
  • I have seen this one, http://stackoverflow.com/questions/15496915/how-to-implement-a-secure-rest-api-with-node-js but what I don't understand in the accepted solution is if the api token and session tokens are for browser requests too or only for API consumers. If the latter, how does this coexist with a passport implementation? – transient_loop Jan 26 '14 at 04:01

1 Answers1

1

I am not familiar with passport.js but most of the browser based server applications use sessions for user authentication. This is usually not the case for non browser based REST clients which use tokens to authenticate requests.

An Oauth server is implemented to issue tokens to different clients and these tokens are sent with each request. SSL is used to protect these tokens. In your case, you can add an Oauth middleware for REST clients while having the same end points as for your browser based application.

umair
  • 957
  • 1
  • 9
  • 21