0

I'm looking for some advice with authentication for my web app. I'm using Node, Express and Passport to build out this app

The app has a REST API using Basic Auth (no session creation), and hosts several Angular.js web pages using form Auth (with session creation).

I would like the Angular pages to connect to the REST API, which is using a different Auth strategy. It seems I have two options:

  1. Create a custom Basic Auth middleware, (because Passport doesn't do this out of the box). This will do session Auth if request has one, otherwise standard Basic Auth

  2. Expose two API's one with Basic Auth (for external use) and one with form Auth (for the app pages)

If also heard that using OAuth2 might be an option, but surely that only makes sense for authenticating with a third party?

Improve this question
1
  • Are both authentication strategies intended to access the same content from the same endpoints? Commented Jul 24, 2013 at 12:45

1 Answer 1

Reset to default
1

My current solution has been to perform mixed auth (session and basic) on the rest api. If a session exist continue, otherwise perform basic auth. As follows:

api.coffee:

app.api.external.get("/agents", [auth.basic], (req, res) -> res.json myListOfAgents

auth_middleware.coffee

basic: (req, res, next) -> if req.isAuthenticated() return next() else return passport.authenticate('basic', { session: false })(req, res, next)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

After more than 1h stuck with this, the last line made my day!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.