Passport Local Configuration (Node + Passport + Express)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this video is part of the passport j/s user authentication series if you're just now coming to this video you haven't seen the previous ones i've linked in the description the playlist to that series so be sure to check it out and watch it from the beginning now if you have been following along hopefully you have gotten through some of the prerequisite videos that lead up to this video which is going to be the start of actually implementing a passport specifically passport local strategy for user authentication my goal in this video is to get the passport j/s library imported into our Express j/s application and can start to configure it to help us with this I've set up a repository on my github that will basically give you a starter template to work from and what this is going to do is kind of eliminate all of that stuff that we don't want to focus on such as setting up a basic Express application setting up a very basic database with MongoDB and even setting up something like a express session which we talked about in one of the prerequisite videos for this tutorial series in this repository I've got three branches but the master branch is going to have your starter template so if you don't know how to use branches and git that's totally fine if you do want to learn more about that I actually have a full tutorial series on using git but anyways you can see if we come into github you don't have to actually know any commands to do this you just drop down and you can see that the different branches will have the final branch is kind of the final implementation no promises that will get you know line by line character by character to the same implementation here during the video but we'll come very close the overall structure will be exactly the same and then we have the final all-in-one which is basically just one J s file or JavaScript file that has everything that you need to run this with tons of comments so that you can really figure out what is going on so that's what the repository is you can go ahead and fork it or clone it whatever you want to do and then download it to your computer and once you've done that you should land to a screen like the one I've got right here and I've got open the readme which kind of gives you basic instructions on how to use it we went through most of this already so let's go ahead and close that out and take a quick tour of what's going on in this repository and then we will go into the configuration of the passport local strategy let's take a quick look at what I've got for you already set up in the template application it's pretty similar to what you probably have seen before I tried to make it a similar structure to what you might find in a lot of online Express nodejs tutorials so hopefully this looks a little bit familiar but anyways we start with our app KS which is going to set up our basic Express app so the imports at the top let's just go through them real quick if you haven't installed them after cloning the repo just type NPM install to get those installed we have Express pretty straightforward Mongoose which is the odium for MongoDB I will mention while we're on this line I've already got my D service running in the background so you'll have to do that when you're running this app and I I don't even know if I have this in the readme so maybe I will put that in here right now we'll just say make sure to run the mangodi service before running the app locally all right so now that we got that covered just make sure that you have that running and then you should be able to run this app just fine all right so moving on we have Express session which I've covered in a separate video how this works and how to set it up so I've already implemented it here for you if you want to learn more about that go to that video again that is in the description just click on the playlist and you'll you'll find it so next up is passport this is what most of this video in the next couple videos is gonna be about will require in the built-in node.js crypto library which is gonna allow us to create and verify passwords we require in the routes which is the routes folder we'll get there in just a second and also we have a database configuration in the config directory now coming down we have store directly related to the Express session middleware again that's another video we have this little line right here most people probably have seen it but if you haven't all this is doing is giving us access to the env file that we have defined over here that by default is not going to be imported when you clone this repository because it's got secret keys in it so you will need to create the dot env file and in the dot env file I think you only need two things you need to DB string and the secret and for my case I'm just using a very simple DB string I don't even have a user or a password just to keep things simple for now but in production you'd obviously want to have a user and password in the actual database that you would - so and then the secret is gonna be I think for the Express session module so let's close that and then you can see you can actually get access to those variables anywhere within this app dot J's file with this syntax the process a and V dot variable name alright so moving on we have the Express application pretty simple this is some middleware for parsing HTTP responses most of you would probably have seen app dot use body parser dot JSON but I've just used the built-in Express parsers because I think these actually came in a little bit recently in like a recent release I could be wrong on that but you no longer need to use body parser all right session set up again this was covered in a different video but let's just take a very very quick look at what is going on here we have our session store which is going to say hey Express session middleware I want you to use the MongoDB database for the session storage and in that I want you to use the sessions table or not table but collection in that MongoDB database so that's the session store down here in the configuration options for the session middleware we are telling it to use that store then we have some other options here so the secret we just talked about that that's going to help the Express session middleware validate the session that it has looked up its gonna check to see if it matches that secret these two options have to do with you know how does the session treat or how does the session react when there's actually no changes in the browser you can read up about that on your own and then finally the cookie this is the this is also another separate video in this series but basically what we're doing is restoring the session ID in a cookie in the browser and this right here is just going to kind of tell the Express session middleware hey I want you to it basically set an expires header not header but an expires property of one day so this cookie will expire in one day in a new session will have to be re-established when it does expire all right that was just a quick overview if you want more you have to check out the other video next up we have passport authentication I've just put in this basic required statement to show you where it is so it's in the config directory we'll get to that in just a moment we are using our routes so this is pretty standard and expressed you put your routes after the other middleware but before your air handler in this case we don't have an air handler you might want to do that for a production application finally we are listening on port 3,000 localhost pretty straightforward so that is the basic app let's go ahead and look at some of the other pieces so let me save that we'll first start in the config so we have passport j/s all I've done here is imported the relevant modules that will we'll need to set it up and then I've imported some database configurations we'll the connection and then the user model that we'll be using so going straight over to the database configuration this is a pretty standard MongoDB database setup we're requiring in Mongoose again we got this access to the env file we're going to grab the DB string from that file and we're going to create a connection with it so we pass in the string to the create connection method on the Mongoose object and then we pass in these options which will just suppress any warning messages finally we have a user schema it's very simple we just have a user name hash in salt you will see what the hash and salt mean a little bit later so we create a model for that user based on the schema and we export the connection so that we can use it in other files so pretty straightforward with that let's see what else we've got we have the password utils which should just have the validate password and create password functions so let's check that out and you can see that I've already kind of template it out what the functions will look like all we have to do is jump in there and actually implement them let's see if I'm missing anything else okay I've got the routes just one route file and I know there's a lot of stuff in here but really there's not much of anything we pass in the Express router passport because we're gonna actually use passport in our routes we have some passed password details we just looked at database connection and user model and really what we're going to be doing the only thing we're gonna be doing in this file is these two routes so the login and register route we're gonna have to implement the logic behind these in the get routes below all I've done is create a super simple flow that will go through as we implement this Passport authentication so you'll see the home page is just gonna tell you to please register you'll click the link goes to the register page which is right here that has just a really ugly looking form that we will type a username and password into to register that will submit to our custom implemented post request up here then it will if you're successful it will redirect you I think to the login page then you will login with your username and password which will create a post request to the log in post route which we have to implement and if you successfully log in I think it will redirect you we're gonna have to write this logic but it will redirect you to I believe in the I believe the login success route so it'll say you've successfully logged in then we'll try to visit a protected route and that will be right here and we're gonna check if we're authenticated and let you in if you are so basically you can look at this but it's just a flow of pages that we're loading the reason I did this without using something like ejs or another tempo templating language is just to keep it as simple as possible all we're doing is passing basic HTML and HTML forms and using the built-in express methods like res dot send and res dot redirect so hopefully that makes sense if it doesn't take a look at this for a few minutes and I know it will before we get into the actual implementation and configuration and passport I wanted to show you again I know we already touched on this in the first video just for a few minutes but I want to show you how to find the documentation for this I personally had a very difficult time finding kind of an end-to-end tutorial and documentation for passport and I think since all the strategies are developed by different developers there's not really you know a one-size-fits-all documentation for it now if you go to the passport GIS website you'll first find that you can click strategies and browse through all the different strategies you'll be able to go to those pages but in our case we're using the passport local strategy so if we click this we should be redirected to the passport local strategy it's going to give us some basic usage instructions so we install it we configure it with a verify function and then we can use it in the route here but that's pretty much all that it gives us there's actually a couple more steps that you need to do to use the local strategy which is kind of weird why it's not in this on this page and if you click on the examples it goes to a 404 page I think maybe that was recent I don't know whatever the case this is actually not where you're going to want to go for documentation on the passport local strategy the passport local strategy is actually better documented in the general documentation of the passport j/s Middleware so if you go to documentation right here and you click username and password this is where you're going to get a little bit more verbose documentation on the passport local module so here we have the same thing install passport local but here we're getting a little bit more detailed implementation of this verify call back and how you would use the form how you would use it on the route what kind of parameters you can pass to the verify callback so this is a little bit better documentation but it still kind of misses some of the configuration that you have to do for this module so I'm going to show you exactly how to use it but you can kind of peruse the passport j/s documentation you'll find a few things for example if we click on configure it's going to tell us how to configure a strategy because being a framework for the middleware passport has kind of a standardized way to integrate different strategies so on every single strategy that we use we're going to need a verified callback so in this section kind of talks about that verify callback and what the different responses are required based on how the user you know whether the user entered the correct or incorrect credentials whether we got an error message whatever the case it tells you that and then we also have documentation on the authenticate method so passport actually provides you with a built in authenticate method on the passport object and all you need to do is provide it with the name of the strategy that you've defined and then passport figures out how to go find the verify callback that you've configured for that specific strategy I know this sounds like a lot and I know this documentation is a little bit sporadic it's not necessarily you know ABCD one two three four it's it's a little bit confusing so let's just get into the implementation and I'll do my best to kind of document the passport local strategy for you like we saw in the documentation the first thing we need to do is define the verify callback for the passport local strategy so we'll do this in the passport config file and all we need to do is comment this out the passport use method and pass in the strategy and the verify callback so I'm just gonna paste in the full thing real quick and you'll see that this looks pretty similar to what we saw in the documentation it's also going to be pretty similar to what you'll see in a lot of tutorials but I personally find this a bit confusing when we're looking at it all at once so let's go ahead and deconstruct what's going on in this configuration put it in some variables so that we know exactly what's going on all right so the first thing that we need to do is define the strategy itself so let's say strategy equals and then in this case it's going to be the new local strategy alright so that is the most basic way to create a strategy and then this strategy is going to require that verify call back so let's define that above here and the verify call back is going to take a couple parameters it's going to take a username password and done function in this case down here I'd just called it callback but you it doesn't really matter what you call this all you need to know is that this represents a function that you will eventually pass the results of your authentication to so those are the parameters and they will actually be populated by the passport framework based on how you implement this so we expect the username to be the value that we received from the request body of some sort of login form so if we were to create a login form type in our username and password and then make a post request to the Express API that post request is going to have a username and password field and passport is going to automatically look for those two fields and grab the values of them and populate them in the verify callback now there's a little bit tricky part to this because if you don't name your username and password fields exactly this username and password the passport framework is not going to or not the passport framework but the passport local strategy is not going to know what variable to look for so in order to prevent this we can actually define custom fields that we want passport to looking I'll show you how to this in a few seconds but first let's just get it in a variable so we'll say custom fields is equal to an object and we'll say the username field is going to be you name we're just making this up making it customs that we can see exactly how this works so our username field is you name and then our password field is just going to be something like PW so obviously these are some non-conventional ways to name the password and user name fields but if we define them in our custom fields object then the passport local will know where to look alright so we'll use that object in just a second but first let's come back to the verify callback so in the verify callback what we're doing is a basically our own implementation of a password verification now this is where I think people get tripped up a little bit I know I did thinking that the verify callback has to be a very specific structure and we have to use a certain database because of course the documentation online shows that we're using the MongoDB database but in reality it doesn't matter what database you use and it really doesn't matter how you choose to verify the credentials all that matters is that the return values that you pass to this done callback are what passport expects so we can come in here and do whatever we want but for simplicity as we know I'm using the MongoDB database so it's going to look pretty similar to what you saw in some of the examples so let's go ahead and copy this so I think we're done here with this copy-paste and then we can put it right here and all we're doing is going to the MongoDB database and we're looking for a user that has the username provided in this parameter so again what's gonna happen we make a post request and we provide a JSON body with you name and password then passport as a middleware is gonna look for these two fields finds them takes the value and populates these two parameters with those two values so at this time when we're executing this callback these represent the username and password so we can look up the user name in the database and then just in a basic promise we are returning the user so we check if there's a user in the database you know if someone has actually registered already then or actually it's the opposite if there's not a user in the database then we are just going to return this should be updated to done to represent this done call back up here and what we're telling passport here is that no there was not an error in this operation but there was also not a user so go ahead and reject this and so passport will return I believe it's a 401 on unauthorized HTTP status so that's the first check we need to do then we need to check whether this is valid sorry for all these comments I had them in here before when I was writing this out so we have a variable here that says is valid and for right now we don't know how this works and this is not even a function that we've defined yet but basically what we're doing we can comment this out for well let's not comment it out yet what we're doing is we're putting the password through some sort of verification function which is going to or we're also putting the hash in the salt stored in the user record in the database and we're verifying those two things against the password you'll see how that works in a minute but basically let's just assume that this returns true or false which it does and we say if the password if the login credentials are valid then we're going to return the call back and you update this real quick again these are just corresponding to this parameter that passport provides we're gonna say nope there was no air and yep there was a user and this user was successfully authenticated based on my verification function so when we pass this to passport it's going to let us into the route and then finally if it's not valid we say nope there was no air but we did not verify this user correctly don't let them in the route and then finally we using the promised syntax we're just going to catch any of the errors that happen within the Express application maybe on the database side of things and if we get an air we're just going to pass that to passport and it knows how to handle that so that is the basic verify callback and I'll show you really quickly what is actually going to happen here when we use it in a route so let me save that and come back to one of our routes so let's go down to the the post login route so what we're going to do is include a middleware in the post login route called passport that authenticate and then in the authenticate we're going to say the local strategy and we're going to pass in well we can we can worry about the rest of this a little bit later all I wanted to show you here is that we're passing this middleware in the login post route and so basically what's going to happen is we make a post request to log in with our username and password and then that gets intercepted by the passport middleware and then we come in passport populates these two objects it runs this function so we're looking up the user in the database validating the credentials returning some sort of response and if we get this response right here where we populate a user then it's going to go to the next part of this function and it lets us in the route so that is the basic implementation of passport and now we're going to tie up some loose ends and make sure that it actually works and then we'll see it run live we just have a few more things we have to do to get this working the first thing I forgot to do when we finished this up is actually complete this verify callback so we started with passport views and then we passed in all of this stuff so we need to actually do this now so the first thing that we need to do is let's see we have our custom fields and our verify callback so in our new local strategy we're gonna pass in our custom fields and our verify callback and then we are going to say passport use and then we're gonna pass it in that local strategy so now we actually have it configured and in app j/s when we require it in somewhere let's see where do we do this right here in the passport authentication we require in the configuration and what that's gonna do is basically just take this line right here and include it in the app KS now that we've got our strategy configured we've done the bulk of the work there are a few extra things that we're gonna have to put in here I'm gonna go ahead and just copy them in and then we're going to come back to them a little bit later after we have everything working to understand them a little bit better so at the bottom of this configuration I'm just gonna paste in two initializations and this is the passport serialized user and deserialize user now this has to do with the Express session and how we put a user into the session and grab a user out of the session basically what is happening is we're going to put the user ID into the session and then we're going to when we want the user to come out of the session we will grab that user ID that was stored there and find it in the database again we're gonna come back to this so don't worry about it if you don't understand it I think this these two functions are a little bit tricky especially because there's not a whole lot of documentation around them so let's save that save this real quick let's come back to app dot J s and add in our last two lines that we're going to need before all of this is going to work so right after we require in the passport configuration we're going to say app dot use passport initialize and again what this is going to do is kind of initialize the passport middleware and basically so that it doesn't get stale so we might be using different routes we might click to several different routes and if we don't reinitialize the passport middleware then there's a chance that hey maybe the user may be their session expired or something in the time that we're doing that it's just always safe to refresh the passport middleware every single time that we load a route and so that's what this is doing and then we need to put in passport that session which has to do a little bit with what we just talked about the serialize and deserialize user but more so it has to do with the actual express session middleware so I know we talked about this a little bit earlier we also talked about it in a separate video but the Express session gives us access to the request that session object and anything that we store on the request dot session object inside any of the routes is going to be persisted to the database under the sessions collection so knowing this passport cleverly kind of plugs into that and bootstraps off it and uses it as a user authentication mechanism so we're going to actually go through this along with the serialize and deserialize user in a few minutes but for now let's see if we've got this working we still have a few things to do in the routes before it's going to work but let's save it and actually run the app I'm gonna run this with node Mon so we have live updates so node Mon fjs and doesn't look like we have any airs at the moment so there's a chance that we have this working the first thing that we're gonna have to do before the passport middleware is going to be effective is finish defining the password verification and generation functions so if you remember in the passport configuration in this verify callback that we had defined we called this method called valid password but in this module we haven't actually created this valid password function so it's not going to work as it stands right now we're gonna have to go over to our password utils file and define both the valid password and the gen password functions before anything's going to work we're going to open up password utils in the Lib folder and you'll see that I have basically templated out the two functions that we're going to but to understand this I've actually put a slide together so that you can visualize what's at what's actually happening with the generate and validate password functions we're gonna be using the nodejs crypto library to do this but before we get into the actual like what methods were using it's better to have a conceptual understanding on the screen right now is a basic representation of how we generate and validate a password to a database now the cardinal rule here is that you're never going to store a plaintext password in a database that's kind of web application 101 I think everyone is pretty familiar with that but actually figuring out how to do that is a little bit more complicated now we talked about earlier how the passport j/s middleware does not give you a specific way that you need to do this it gives you a lot of freedom as to how you might generate and validate the passwords that the users are providing in the login and register forms as we go through this just note that this is not the only way that you can go through this process there are other libraries other than the node.js built in crypto library there's also different types of logic that you can go through but I've tried to keep it as standard as possible and kind of in line with what you would call best practice so anyway is what's going on here is we have two steps in the process so we have the creation of the password and the verification of the password you can think of this as the register and the login so you're sitting there behind your computer you found this cool new web app and the first thing that the web app is going to ask you to do is register you need to give them a username and a password and then maybe a couple other things like an email first last name maybe even in the address or something but what's important is that you are providing that web app with a plaintext password you're just typing that into a field and when the web app receives that password it is still in plain text form we can't really avoid that that's fine but what happens is we need to transform that into something that we can actually store securely in the database without worrying about some hacker you know taking over a database and grabbing all the you know users passwords in that database once the user information is stored in the database we can move on to step two which is password verification now in step two you can think of this as the login process so when the user sits behind their computer and is typing in their username and password to log into your web app that's going to be the verification step and what's going to happen is they're going to provide you with their username which you're going to take and you're going to look up that user in your database using the username or maybe an email once you find that user in the database then you're going to have access to this password hash and the salt that we stored before so you're going to pull both of those values out and along with the password the plaintext password that the user just provided you you're gonna put those values through the same exact hash function so you pull the salt out of the database from that user and you put in the plaintext password that they just typed in and so in this case we have the same exact values for these parameters as we did when we created the hash in the beginning and we know since a hash function is always going to give you the same exact value if you put the same parameters into it we know that we can generate a password hash and compare it to the hash that we stored in the user record in the database and if those two values match then we know that we have validated this user and that they have entered the correct credentials we've got a conceptual understanding of this process so let's go ahead and code it we're going to come back to BS code again I've set up the functions in the parameters that they require right here and we're going to start with the generate password function which is the step one of the process so this password argument is going to come from the user when they type their password into the register form and then here is our implementation now I'm going to walk you through this we're using the node.js crypto library and the first thing that we're gonna do with that is generate a salt which is just a pseudo-random value and it's going to add a bit of randomness to our generation of the hash so we have the salt then we pass in the plaintext password in that salt to the pbkdf2 method on the crypto library and in this last part sync just means synchronous for synchronous operation and then the 10,000 right here is going to represent how many iterations we're doing 64 is how long or how big this hash is going to be and then right here we specify which hashing function we're going to use finally we will convert this to a hexadecimal string now down here we just return those two values and we're done with this piece of the implementation to learn a little bit more about what we just did I'm gonna pull up a document on Google this is from the internet Engineering Task Force and it's just basically a specification for different cryptography methods and or password based cryptography methods and if we go down to the table of contents we can actually find the pbkdf2 specification which is what we were using from the node.js crypto library and you'll see that this is actually going to well we might actually be in the wrong spot here we're in the appendix see if we can get somewhere a little bit more straightforward okay we clicked on the wrong one here so we need to click on 5.2 and this is going to show you kind of the template for implementing that kind of function so the node.js crypto library is just implementing this standard right here and we can actually come up and see some information about it so I think there's something on iteration count it says that they recommend at least a thousand we put in well you want to have ten million for a super secure implementation we are somewhere in the middle with ten thousand which should be fine and then it also talks a little bit about the salt up here and you can read up about what that actually is a lot of this is just math so I don't want to get into it but this is kind of where the standard comes from so we're not just using some random crypto function this is kind of what the engine internet engineering task force has designated as this is how you should do it when you are verifying and generating passwords we can now come back and do the second function which is the valid password I'm not really sure why I called it valid password probably should be valid eight password but anyways here is the implementation for that all we're doing it this is basically the same exact thing remember what we went through on the slide we're just creating the same exact hash that we did up here except this time we're receiving the hash and the salt or well we're just passing the salt but we're getting that salt from the user record in the database and then we're getting this password when the user types it in in the login form so given the same inputs we should expect the same output and therefore we are going to return whether the hash that comes from the database is equal to the hash that we computed using the password that the user just provided us in the salt that was in the database for that user record so we're gonna either receive true or false and this is what we're going to put in our passport j/s verify callback so let's save this and come back to our passport j/s configuration and you'll see that we're already using this right here we've already set it up how we want to we just need to import it so I'll do that right now so we'll say valid password equals require Lib password utils dot valid password because we've exported them here at the bottom so now our passport J s implementation is complete and it should work with our application once we implement the to post routes for login and register so let's do that right now we'll come to the routes and you'll see that we have the login and register routes they're not implemented yet so we need to do that it's pretty simple so I'm just gonna paste in the implementation most of this is just creating a user record in the database but we're also going to be implementing that first part the gen password function in this register route I think I have it yep I have this already imported but let's go ahead and rename it will just say gen password to stay consistent and then we need to grab the gen password function off of the import so now that we have that we can implement this so here's the implementation we'll walk through it really quickly I want to point out a few things before we get started we are grabbing the password and user name values from the request body dot PW in you name fields if you remember from the passport configuration just to demonstrate the options you can do we went ahead and customized what we're expecting to see from that request that body object so we need to stay consistent and we need to use those to grab those values so you can see what we're doing here is we are generating that salt hash object so it's just an object with the salt in the hash so this one right here and that's coming from the gen password function that we just imported up here from the password utils then we are going to create a new user object for the database we're going to save that user we'll go ahead and just console.log it to the terminal and then we are going to redirect to the login route all right so we have implemented register and we can go ahead and try that out in the browser so let's run it run the application looks like we don't have any airs so let's jump back to the browser type in localhost 3000 slash register or actually we can just go to the home page and it gives us a link to the register we're going to enter our username and our password I'll just do one two three to keep it simple and we'll submit it looks like it properly did something let's come back to the terminal to verify that good news we see the object that we just created we put the username in there and then the hash and the salt that we got from the gen password function and then we can also check the database so let me just open go shale and we'll look it up so show databases we are using the tutorial DB based on the dot env file so I will say use tutorial DB and then we can say DB users dot fine and you should see the user that we just created so clearly we've got the user in the database and the last thing that we need to do in this entire flow is implement the login route so if we come back to what we're already in the file we have the login route that we've already kind of put this passport that authenticate method in a little bit earlier but I just want to add a few things to it and we'll actually simplify this a little bit as well the first thing I'm gonna do is pass in a second argument to the authenticate method and this is just going to be an object that tells passport where to redirect based on the status of the login so if you remember the passport dot authenticate method is literally just going to look in the passport configuration for this verify call back and it's going to call this function right here and this is going to return either a user if we are validating the user correctly and the user has provided the correct password or we're gonna say false and in that case it's gonna redirect to the login failure so really since we're adding conditions for both a success and a failure we don't need this last function right here so we've just included this normal callback that we see in most express routes but we don't need that in this implementation and we are pretty much done with the login post request so let's save this and give it a try in the browser we'll type in the same user that I did earlier one-two-three-four the password and submit and it says that we have successfully logged in so something worked here now we can go to the protected route it says you are authenticated we can logout and reload now we're not authenticated and we can log-in again so we can just go in this circle here it's kind of how I set it up so that we can see that flow but I'm gonna be talking a lot more about how this is actually working and how you can use the passport middleware in your routes in the next video but let's come back one more time to the code and just kind of take a look at the routes that we just went through so we started at login login submitted the data that we put in there and the passport verify callback was called we successfully validated the user so we got to right here and then we come to the route the login post route and we had a success so we are going to come to the login success route you can see this success redirect login success so we'll come down here somewhere so we came to the login success then it said go to the protected route so we clicked that link and we came right here which you'll see a little bit of extra syntax we're gonna go through this in the next video but this is how we would authenticate the user once we've run through that authentication flow in the login post route and then we can also log out so we've got a logout method on the request object and then the cycle kind of repeats we are officially done with the passport configuration we've got it working completely and this is all you're gonna have to do for the passport local strategy to authenticate users into your web app now I did mention earlier that we were gonna come back to something and it was in the passport configuration here at the bottom so these two methods the passport dot serialize and deserialize and then also I think in a pas we have these two lines the initialize in session now we don't really know how those are working and I promise that we'll come back and explain how those are working and kind of see it for ourselves in code I would also like to go through some of these things like request that log out and request that is authenticated and understand what is going on there and also kind of understand you know you would intuitively think well we're probably just going to use the passport dot authenticate middleware on every single route that we want to authenticate but that's not the case for the passport local strategy so if you're interested in learning more about how all of this works I'm going to cover that in the very next video if you enjoyed this one be sure to give it a thumbs up and subscribe and I will see you in the next video

Info

Channel: Zach Gollwitzer

Views: 17,249

Rating: 4.9627905 out of 5

Keywords: passportjs, user authentication, nodejs user authentication, expressjs user authentication, passport local, passport jwt, javascript, express middleware, HTTP Cookies, HTTP Headers, express sessions

Id: xMEOT9J0IvI

Channel Id: undefined

Length: 54min 24sec (3264 seconds)

Published: Mon Feb 10 2020