# Passport.js — Simple Authentication Middleware for Node.js > Passport.js is an unobtrusive authentication middleware for Node.js that supports 500+ strategies including OAuth, OpenID Connect, and local username/password. ## Install Save as a script file and run: # Passport.js — Simple Authentication Middleware for Node.js ## Quick Use ```bash npm install passport passport-local express-session ``` ```javascript const passport = require('passport'); app.use(passport.initialize()); app.use(passport.session()); ``` ## Introduction Passport.js is a middleware-based authentication framework for Express and Connect-compatible Node.js applications. Its strategy pattern lets developers plug in any authentication mechanism without changing application code. ## What Passport.js Does - Authenticates requests via a pluggable strategy architecture - Supports 500+ community strategies (OAuth 2.0, SAML, LDAP, JWT, local, and more) - Serializes and deserializes user objects into server-side sessions - Integrates natively with Express middleware pipelines - Handles login, logout, and session persistence out of the box ## Architecture Overview Passport attaches itself to the Express request pipeline as middleware. When `passport.authenticate('strategy')` is called on a route, it delegates to the named strategy instance, which validates credentials (checking a database, calling an OAuth provider, etc.) and returns a user object or an error. The framework then serializes the user into the session via `serializeUser` and deserializes on subsequent requests. ## Self-Hosting & Configuration - Install `passport` plus one or more strategy packages (e.g., `passport-local`, `passport-google-oauth20`) - Configure each strategy with a verify callback that checks credentials and calls `done(null, user)` - Define `serializeUser` and `deserializeUser` to control what is stored in the session - Mount `passport.initialize()` and `passport.session()` middleware in your Express app - Protect routes by adding `passport.authenticate('strategy')` as route middleware ## Key Features - Strategy pattern decouples authentication logic from application code - Over 500 official and community strategies covering virtually every provider - Lightweight core with no forced dependencies on any database or template engine - Single sign-on via OAuth 2.0, OpenID Connect, and SAML strategies - Works with any session store compatible with `express-session` ## Comparison with Similar Tools - **Auth.js (NextAuth)** — full-stack auth for Next.js with built-in providers; Passport.js is framework-agnostic middleware - **Keycloak** — standalone identity server with admin UI; Passport.js embeds directly into your Node app - **SuperTokens** — managed or self-hosted auth with pre-built UI; Passport.js gives lower-level control - **Firebase Auth** — hosted auth by Google; Passport.js runs entirely in your own backend - **Lucia** — modern session-based auth library; Passport.js has a far larger strategy ecosystem ## FAQ **Q: Does Passport.js work with frameworks other than Express?** A: It works with any Connect-compatible framework (Koa via adapters, Fastify via plugins). Native Express integration is the best supported. **Q: How do I use JWT instead of sessions?** A: Use `passport-jwt` strategy and disable sessions by passing `{ session: false }` to `passport.authenticate`. **Q: Is Passport.js still actively maintained?** A: Yes. Passport 0.7+ receives updates, and the ecosystem of strategies is maintained by individual authors. **Q: Can I combine multiple strategies on one route?** A: Yes. Pass an array of strategy names to `passport.authenticate` or chain middleware to try strategies in order. ## Sources - https://github.com/jaredhanson/passport - https://www.passportjs.org/ --- Source: https://tokrepo.com/en/workflows/ef1c73f5-40e3-11f1-9bc6-00163e2b0d79 Author: Script Depot