Passport how to authentication between services ?
27 views
Skip to first unread message
Trieu Le
Sep 22, 2018, 1:02:24 AM9/22/18
to nodejs
Hi guys,
I have a question about passport on NodeJS
I have 2 projects using passport on Nodejs, first project includes some views for user interface (frontend), this project using passport for authentication with mongodb and express. Another project includes all REST API services.
My problems is: first project is running on: http://localhost:80 and it call API of second project which running on http://localhost:1234/api
How can i secure my second project ? This project included all of REST API for first project.
Thanks !
Zlatko
Sep 29, 2018, 1:06:21 PM9/29/18
to nodejs
Well, as you've said yourself, your first project uses passport-mongodb or similar authentication strategy. What does your second project use? Are you accessing it exclusively server-to-server or also regular fashion, from a client? If it's server to server, do you need to also pass along authorization info (oh behalf of which user is the first server asking for resources on the second)?
In general, you can use some relatively simple way, like encrypt the communication with a preshared key or similar. But in most cases, you should try to implement something like OAuth.
With OAuth, you have ensured all of these scenarios - server-to-server, client-to-server, server-to-server with clients authorization etc.
In general, you can use some relatively simple way, like encrypt the communication with a preshared key or similar. But in most cases, you should try to implement something like OAuth.
With OAuth, you have ensured all of these scenarios - server-to-server, client-to-server, server-to-server with clients authorization etc.
Reply all
Reply to author
Forward
0 new messages