How to use Passport-jwt with Passport-local

joshuaboulton · October 26, 2018, 10:39pm

I have set up a localstrategy signup function like this in my Express app:

passport.use(
    "signup",
    new LocalStrategy(
      {
        usernameField: "email",
        passwordField: "password"
      },
      async (email, password, done) => {
        try {
          const user = await User.create({ email, password });
          return done(null, user);
        } 
        catch (error) {
          done(error);
        }
      }
    )
  );

I’m just not sure how to go about setting up the login equivalent to this, which I want to find a user that has been created through this function, and then create a token for it and send it to the client. Thanks in advance for any help, it’s much appreciated.

JohnnyBizzel · October 28, 2018, 8:44am

Well, logically thinking, I want a form to handle the login input which sends the usr + pwd to a separate function which checks if the user is already logged in, checks the db for an existing account and if found, logs the user in.
At the point the user is found the token is issued I guess.

I used a JWT token in this project

GeorgeCrisan · October 28, 2018, 10:31am

Step by stem tutorial.

joshuaboulton · October 28, 2018, 9:22pm

Hey Johnny, reading your code really helped me understand what was going on - thanks!

If I’m not mistaken, passport-local is used to create an account or sign in an account, both of which will issue a token to the user, and passport-jwt is used on protected routes to check for that token.

You have used jwt-simple in this project. Would you still recommend that one? How does it differ to jsonwebtoken? And what do you say to people who think it’s insecure to use JWT at all? Thanks!

joshuaboulton · October 28, 2018, 9:26pm

It is a nice tutorial. I think the problem I had with it was that it seemed to be more focused on getting the authentication process over and done with, whereas I never like doing that - I have to understand exactly what every line of my code does, otherwise I feel fraudulent and I worry that I will run into trouble later that could have been avoided if I understood the first principles of each part of my project. Now that I understand a little more, I will be using this tutorial. Thanks a bunch man!

JohnnyBizzel · October 28, 2018, 10:29pm

Well I was following a course on udemy and it used jwt-simple. I don’t really know the difference but I have tried some different strategies. If you see my other projects you can see other methods of authentication.
If people say it is insecure to use JWT that is the first I have heard. But it’s good to be aware of different methods of authentication anyway.