So it was with great trepidation that I added express-session and passport to the mix, with the passport-oauth2 add-on to help me better manage authentication via the OAuth2 protocol. These are, however, a lot of moving parts to add all at once, and I’m realizing that these packages are going to take some time for me to parse through and understand. Initially, I had anticipated that it might take me about a week’s worth of work to get this authorization system up and running; when I started making quick progress up front, I amended that to accomplish this work over the weekend. However, now I’m realizing that a week is far more realistic.
Of major help was dropping into the Discord API server on Discord, where there was already a running conversation on OAuth2, and where I came across this excellent write up of OAuth2 on digitalocean. Tomorrow, as part of my coding work, I’ll be sitting down with pen and paper to draw out a diagram of how the authorization flow will work on my site, as I gain a better understanding of how the authorization flow works in general. In this process, I hope to better understand how I can utilize passport effectively, and better justify my use of it. I’m still set on using as few dependencies as possible, and I know that my dependencies will swell a bit once I begin integrating React.
Comments? Follow me on twitter and drop me a line in response to this tweet:
Day 007: lots of brain-imploding reading, learning, and practice around authorizing users. Made progress in the Advanced Node and Express module on @freeCodeCamp. Worked through some of the passportjs source code. Lots of work to do still.https://t.co/K5UEjS9OUm#nonsensemod365 pic.twitter.com/VlEEkPUYp2— Joshua Alexander (@nonsensecodes) April 20, 2020