Authentication and Authorization is one of the most important parts of nearly all applications. Is the person using your app who they say they are? Is the right data for the right person being displayed at the right time?
Auth (short for Authentication) is also one of the harder parts to understand how to build. This page is dedicated to exploring different ways to authenticate and authorize an application.
PassportJS docs aren't the best, but Passport is one of the most popular authentication methods in Node & Express applications, so we're going to start with Passport. The cool thing about Passport is it offers a variety of separate "strategies" to authenticate your app. You can use Twitter, Google, Email & Password, Json Web Tokens, and much more.
In this section, we're first going to learn about Sessions, and how they work all by themselves. Once we understand how sessions work, we'll be able to implement a sessions based authentication strategy with Passport.js.
Once we understand how Sessions work we're going to learn about JSON Web Tokens (JWT) and how they work to store personalized, sensitive data. After we learn how the process of storing info in JWTs and decoding the token into usable data works, we will implement an authentication strategy in Passport that utilizes the passport-jwt strategy.