I would like to ask the community for help to better understand and use Passport.js.
The way I learned to use it, you define a strategy, make a couple of auth routes and persist session on a cookie.
So, for instance, you would create a Google strategy like this:
const passport = require('passport') const GoogleStrategy = require('passport-google-oauth20').Strategy passport.use(new GoogleStrategy( options, (accessToken, refreshToken, profile, done) => done(null, profile) ))
Then add cookie-session and passport middleware:
app.use(cookieSession(cookieOptions)) app.use(passport.initialize()) app.use(passport.session())
And finally create a log in route and a callback route:
app.get('/google', passport.authenticate('google', scope)) app.get('/google/callback', passport.authenticate('google', options))
But my understanding of Passport.js is very limited and I often wonder if this is even a good idea. For instance, I don't really know what the parameters
refreshToken in the strategy's callback are. I imagine they serve some purpose beyond just existing, but I wouldn't know how to use them.
So I thought I'd ask around and hopefully hear good opinions on the matter.
How do you personally use Passport.js?
What method(s) do you use to persist sessions?
What are the pitfalls/security issues with the approach I outlined above?
What can we use
Thanks a lot in advance for your replies^^