Top Free Javascript User Authentication Libraries

by Janeth Kent Date: 29-01-2020 javascript authentication libraries


We are keen on security: authentication is an important issue when creating a dynamic web application

Authentication is for identifying users and provide different access rights and content depending on their id. Since new tutorials appear on the web and more people try to understand the cost-benefit equation for implementing their own solution vs. using a library or service, we have gathered a brief review of what's out there.

Let's see.

1. Passport JS

Passport is Express-compatible authentication middleware for Node.js.

Passport's sole purpose is to authenticate requests, which it does through an extensible set of plugins known as strategies. Passport does not mount routes or assume any particular database schema, which maximizes flexibility and allows application-level decisions to be made by the developer. The API is simple: you provide Passport a request to authenticate, and Passport provides hooks for controlling what occurs when authentication succeeds or fails.

Passport is not just a 15k star user-auth library, it is probably the most common way to use an external library for user authentication by JS developers. Basically, this library offers Node.js relatively flexible and modular middleware that can be integrated into any web application based on Express.

2. Permit

Before Permit, the only real choice for authentication libraries in Node.js was Passport.js. But it has a bunch of issues that complicate your codebase. Permit makes it easy to add an authentication layer to any Node.js API. It can be used with any of the popular server frameworks (eg. Express, Koa, Hapi, Fastify) and it can be used for any type of API (eg. REST, GraphQL, etc.) due to its simple, unopinionated design.

Permit lets you authenticate via the two schemes most APIs need: a single secret bearer token, or a set of username and password credentials. For example, here's how to authenticate a bearer token:

import { Bearer } from 'permit'

// A permit that checks for HTTP Bearer Auth, falling back to a query string.
const permit = new Bearer({
  query: 'access_token',
})

async function handler({ req, res }) {
  // Try to find the bearer token in the request.
  const token = permit.check(req)

  // No token, that means they didn't pass credentials!
  if (!token) {
    permit.fail(res)
    throw new Error(`Authentication required!`)
  }

  // Authenticate the token however you'd like...
  const user = await db.users.findByToken(token)

  // No user, that means their credentials were invalid!
  if (!user) {
    permit.fail(res)
    throw new Error(`Authentication invalid!`)
  }

  // They were authenticated, so continue with your business logic...
  ...
}

Since Permit isn't tightly coupled to a framework or data model, it gives you complete control over how you write your authentication logic—the exact same way you'd write any other request handler.


Differences between Permit and Passport:

  • Passport is not focused on authenticating APIs. Passport is focused on authenticating web apps with services like Facebook, Twitter and GitHub. APIs don't need that, so all the extra bloat means lots of complexity for no gain.

  • Passport is tightly-coupled to Express. If you use Koa, Hapi, Fastify, or some other framework you have to go to great lengths to get it to play nicely.

  • Other middleware are tightly-coupled to it. Passport stores state on the req object, so all your other middleware become tightly coupled to its implementation, making your codebase brittle.

  • It results in lots of hard to debug indirection. Because of Passport's black-box architecture, whenever you need to debug an issue it's causing you have to trace its logic across many layers of indirection and many repositories.

  • It's not very actively maintained. Passport's focus on OAuth providers means that it takes on a huge amount of scope, across a lot of repositories, many of which are not actively maintained anymore.

3. Grant

A relatively new and promising library with more than 180 supported providers and a live playground for Express, Koa and Hapi with OAuth Middleware. If you want to use it with your own private OAuth provider, you can specify the required key. Although this library already has traction (+ 1 K stars), it has relatively few resources, so try carefully.

4. Feathers

Feathers is an open source web framework for NodeJS that allows you to control your data through RESTful resources, sockets and flexible plug-ins in real time. Feathers also offers authentication and authentication management modules that allow you to add verification, forgotten reset of passwords and other features to authenticate local feathers.

The general idea is to combine multiple methods of authentication in a flexible infrastructure under one roof.

5. Firebase Authentication (for small apps)

Firebase authentication is required to provide your users with read / write privileges via security rules. We have not yet covered security rules, but we only know that security rules depend on the authentication status of a user.

Firebase ships Google, Facebook, Twitter and GitHub with its own email / password auth and OAuth2 integrations. You can also integrate your own authors with Firebase Authentication to provide users with access to data without forcing them to create an account outside your existing systems.

Firebase Auth includes a user management system. You can save some basic data against your Firebase Auth users, and you offer multiple login methods -- email/password, Google, Facebook…-- and link your users’ accounts into single Firebase Auth user accounts. Auth also provides for integrations into your pre-existing auth system so that your app can take advantage of Firebase’s security rules.

Firebase may not be the long - term solution for managing user auth on your scaling platform (or is it?). But it's a very useful way to get your applications deployed with Firebase done, quickly and easily.

Business vector created by rawpixel.com - www.freepik.com

 
by Janeth Kent Date: 29-01-2020 javascript authentication libraries hits : 12709  
 
Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.

 
 
 

Related Posts

Validating HTML forms using BULMA and vanilla JavaScript

Today we are going to write about contact forms and how to validate them using JavaScript. The contact form seems to be one of the top features of every basic home…

A FULFILLED PROMISE - Using the FETCH API to make AJAX calls

In this article we talked about what AJAX calls are and how to use them in a traditional way, by using the XMLHttpRequest (XHR) object. In short, thanks to AJAX…

How to use Parallax.js effect on your website

Today, we're going to write about the parallax effect, similar to parallax scrolling, and how to implement it to improve your landing page. In webdev, they say mobile first -…

How to make the website's dark mode persistent with Local Storage, CSS and JS

Recently we wrote about how to do a switchable alternative color mode or theme, a very useful and popular feature to websites. Today’s article is going to be about how…

Brief History of Biometric Authentication

These days, biometric authentication seems to be part of every little gadget or device we use. You’ve no doubt used it when logging onto your laptop, your tablet, or your…

Dark Mode on website using CSS and JavaScript

In today’s article we are going to learn how to build pretty much standard these days on the web pages and that is the alternative color mode and switching between…

JavaScript: Spread and Rest operators

In today’s article we are going to talk about one of the features of the ES6 version(ECMAScript 2015) of JavaScript which is Spread operator as well as Rest operator. These features…

Javascript: what are callbacks and how to use them.

Today we are going to learn about a concept that is widely used in javascript and that is used quite a lot by today's frameworks, libraries, especially NodeJS. This is…

HTTP Cookies: how they work and how to use them

Today we are going to write about the way to store data in a browser, why websites use cookies and how they work in detail. Continue reading to find out how…

The package managers npm and yarn: main differences

Npm and yarn are package managers that help to manage a project’s dependencies. A dependency is, as it sounds, something that a project depends on, a piece of code that…

The Javascript asign() method to merge and clone objects

In this article, we will be covering Object.assign()method in javascript in detail with examples. A javascript object is a collection of key-value pairs. Keys are also known as properties of object. Keys…

All the javascript functions and methods to manipulate arrays

This article will show that the prominent JavaScript array functions are .map(), .filter(), and .reduce(), and will then go through examples of instances in which .every() and .some() would save…

We use our own and third-party cookies to improve our services, compile statistical information and analyze your browsing habits. This allows us to personalize the content we offer and to show you advertisements related to your preferences. By clicking "Accept all" you agree to the storage of cookies on your device to improve website navigation, analyse traffic and assist our marketing activities. You can also select "System Cookies Only" to accept only the cookies required for the website to function, or you can select the cookies you wish to activate by clicking on "settings".

Accept All Only sistem cookies Configuration