How would you go about this?

I am doing a project with authentication with passport js with the Strategies (Google, Facebook, Local). I am working on the google part now but there is a small problem. When users register locally I save their data to the db (email,username,hashedPassword) but now when they register/signin through google I do not have access to their password (obviously). It is required in the user schema and I do not want to create a new user schema.

Could I save the password as the user id I received from google?

Since your application only needs/saves a password for a user if they login via local-auth (username+password) you could update your schema to make this field optional based upon which method they used to login.

Or handle it at another level, rather than the schema itself and make the field optional.

Or have multiple schemas for the different login methods that are then “inherited” depending on different attributes on the user-account. Like have a authType and setup multiple schemas that are used depending on which authType the user is logging in with

Or don’t use local auth at all and never deal with passwords (yay)

Or use a mix of any of these approaches.


I personally would throw out the local-auth because I don’t like to deal with passwords on any of my apps. If that isn’t an option and you must support multiple authentication methods internally, you have a number of options, most of which focus on making the password property not be required conditionally.

1 Like

I added a provider to the schema. So if the provider is not local, then the password is not required

1 Like