What is the best way to add authentation and authorization in backend restful api?
There are probably a lot of good answers to this. It also depends on what you are using. If you are using Node, Passport is a common library to use - there are many, many tutorials out there. I believe things like firebase can give you and out of the box authentication server to make your life easier.
I saw many people use jsonwebtoken lib to auth and aurth user manually and I’m confuse which one is works.
Well, JWT is just a type of token you can use for authentication. It can also be used with passport, but I’m sure there are plenty of other libraries that use it too.
will you tell me what is the difference between passport-local and jwt auth they seems same to me.
Passport is a library for authorisation. You can authorise in different ways:
passport-local is a plugin (an authorisation strategy) for authorising in your app via a username and password.
The JSON web token library lets you generate a web token, which is token that can be used for authenticating, ie proving that a request is authentic. The library you mentioned doesn’t let you do authentication by itself, you would need to write all the logic to do that yourself.