Question
I believe the best practice for RESTful API's is to be stateless. I read abit about stateless authentication but am not totally clear how to implement it (looks like a mess of tokens etc). PassportJS is a nice authentication library, but its not stateless? Is there some kind of library that helps me create stateless API's (with authentication)? I will want to use SSO (single sign on) like Google, Twitter etc. so it will be nice if the library handles that for me (like PassportJS does).
La solution
I am currently developing a REST API and using PassportJS Basic Auth (for dev purposes) with no sessions. You can tell the strategy to not use sessions:
https://stackoverflow.com/questions/18168390
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpassport.authenticate( 'basic', { 'session' : false } )
passport.authenticate( 'bearer', { 'session' : false } )
passport.authenticate( 'token', { 'session' : false } )
See here at the bottom.
Autres conseils
@fakewaffle is right. You can make passport stateless by setting session to false.
I have developed an Oauth2 server using oauth2rize. https://github.com/jaredhanson/oauth2orize/.
I use it provide access tokens to client, which are then sent with every request in authorization header. These tokens are stored in database and are therefore stateless.
You can of course use other providers to authenticate user and provide access token to client.
Passport.js provides multiple authentication providers which can be used to authenticate via 3rd party providers such as facebook, twitter, etc. Here is link to facebook auth provider http://passportjs.org/guide/facebook/.
Does this answer the question or is there something else you want to do?
