Current CTO exploring entrepreneurship on the side; coach; mentor; instructor.
Dedicated to promoting digital literacy and ideological diversity in tech.
Passport is used to help simplify the implementation of OAuth 2.0 providers.
OAuth is an authentication standard used all around the world to help make development easier for us, and the process familiar for users.
In this context, our accessToken is designed to be an authenticated session identifier for a particular person. For security, sometimes access tokens expire. In cases when you need to generate a new one, but don't want to force a user to have to enter their credentials again, you would make a request using the refreshToken to generate a new accessToken.
OAuth can be complex, but the most common implementation looks like this:
user clicks "login with x" link
user is redirected to a web form hosted by the service x
user enters credentials and submits
service x's web form redirects to a page controlled by you with a temporary code for you to use.
you submit the temporary code, and other security credentials (client ID and client secret, typically) through a backend API request with service x
service x gives you an accessToken, and optionally, a refreshToken if needed.
you persist the above tokens in your system so your user remains "logged in".
Regardless of what service x is, if they are implementing OAuth 2.0, they are will be more or less following the above process. Passport simplifies these steps by making you not have to do this by hand for every provider you want to support, since they will function more or less the same way.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Passport is used to help simplify the implementation of OAuth 2.0 providers.
OAuth is an authentication standard used all around the world to help make development easier for us, and the process familiar for users.
In this context, our
accessToken
is designed to be an authenticated session identifier for a particular person. For security, sometimes access tokens expire. In cases when you need to generate a new one, but don't want to force a user to have to enter their credentials again, you would make a request using therefreshToken
to generate a newaccessToken
.OAuth can be complex, but the most common implementation looks like this:
accessToken
, and optionally, arefreshToken
if needed.Regardless of what service x is, if they are implementing OAuth 2.0, they are will be more or less following the above process. Passport simplifies these steps by making you not have to do this by hand for every provider you want to support, since they will function more or less the same way.