Home Ask Login Register

Developers Planet

Your answer is one click away!

Adam Thompson February 2016

RESTful Node.js Application with passport-http

I'm working to get passport-http working with my application to make it comply with RESTful principles.

Right now the default is that the browser prompts the user for a username and password with it's own prompt.

With Node.js and PassportJS is it possible to use my own login form? In the case that a user tries to access a page that they are not authenticated for then I would redirect them to that form. Or is this in itself violating the principles of RESTful design?


jack blank February 2016

This is what you need in your server file to create user and password authentication. you need to include the localStategy, configure passport, and use the serialize and deserialize methods. The below works.

var express = require("express");
var app = express();
var passport = require("passport");
var flash = require("connect-flash");
var LocalStrategy = require("passport-local").Strategy;
var mongoose = require("mongoose");
var bodyParser = require("body-parser");
var session = require("express-session");
var cookieParser = require("cookie-parser");

app.use(bodyParser.urlencoded({extended : false}));


    secret : "keyboard cat",
    resave : false,
    saveUninitialized : true



mongoose.connect("mongodb://localhost/passport", function(){

var userSchema = new mongoose.Schema({
    username : String,
    password : String,

userSchema.methods.validPassword = function(pwd){
    return (this.password === pwd)
var User = mongoose.model("User", userSchema)

passport.use("local", new LocalStrategy(
    function(username, password, done){
        User.findOne({ username : username}, function(err, user){
            if(err){return done(err);}
                console.log("no user")
                return done(null, false,{message : "Incorrect username."});
                return done(null, false,{message : "Incorrect password."});
            return done(null, user)

passport.serializeUser(function(user, done){ // change done to cb
    done(null, user);

passport.deserializeUser(function(user, done){
    User.findOne(user, function(err, user){
        console.log("myerr" + err)
        done(err, user)

app.set("views", "./views") 

whipdancer February 2016

REST defines web services. Services are UI agnostic.

In theory, you should be testing your services with a tool such as fiddler, firebug, postman or something similar.

Your UI choices are completely separate.

If you need someone to be able to authenticate, then you will need to handle the visual presentation of the request to user to authenticate.

If you look at the documentation of passport, they show an example of basic authentication:

app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login'}));

In this case, the authenticate will redirect the user to the page defined at the root of the website if successful, else the user will be redirected to a page served at /login.

In either case, the login attempt is a post method that comes from a page served by the webserver.

passportjs docs

Post Status

Asked in February 2016
Viewed 1,471 times
Voted 5
Answered 2 times


Leave an answer

Quote of the day: live life