{"id":13398741,"url":"https://github.com/jaredhanson/passport","last_synced_at":"2025-05-12T16:24:50.630Z","repository":{"id":38867087,"uuid":"2540368","full_name":"jaredhanson/passport","owner":"jaredhanson","description":"Simple, unobtrusive authentication for Node.js.","archived":false,"fork":false,"pushed_at":"2024-08-16T21:56:14.000Z","size":847,"stargazers_count":23300,"open_issues_count":390,"forks_count":1241,"subscribers_count":301,"default_branch":"master","last_synced_at":"2025-05-05T11:47:03.600Z","etag":null,"topics":["express","nodejs","oauth","oauth2","openid","openid-connect","passport","saml"],"latest_commit_sha":null,"homepage":"https://www.passportjs.org?utm_source=github\u0026utm_medium=referral\u0026utm_campaign=passport\u0026utm_content=about","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaredhanson.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"jaredhanson","patreon":"jaredhanson","ko_fi":"jaredhanson"}},"created_at":"2011-10-08T22:38:32.000Z","updated_at":"2025-05-05T08:35:54.000Z","dependencies_parsed_at":"2022-07-14T07:10:29.797Z","dependency_job_id":"f928b6b8-1d92-4d70-9d04-a5c87e201f27","html_url":"https://github.com/jaredhanson/passport","commit_stats":{"total_commits":550,"total_committers":37,"mean_commits":"14.864864864864865","dds":0.08727272727272728,"last_synced_commit":"cfdbd4a762b51e339ebfea931d65bccbbde53282"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaredhanson","download_url":"https://codeload.github.com/jaredhanson/passport/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252504159,"owners_count":21758654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["express","nodejs","oauth","oauth2","openid","openid-connect","passport","saml"],"created_at":"2024-07-30T19:00:31.277Z","updated_at":"2025-05-05T12:54:50.234Z","avatar_url":"https://github.com/jaredhanson.png","language":"JavaScript","readme":"[![passport banner](http://cdn.auth0.com/img/passport-banner-github.png)](http://passportjs.org)\n\n# Passport\n\nPassport is [Express](http://expressjs.com/)-compatible authentication\nmiddleware for [Node.js](http://nodejs.org/).\n\nPassport's sole purpose is to authenticate requests, which it does through an\nextensible set of plugins known as _strategies_. Passport does not mount\nroutes or assume any particular database schema, which maximizes flexibility and\nallows application-level decisions to be made by the developer. The API is\nsimple: you provide Passport a request to authenticate, and Passport provides\nhooks for controlling what occurs when authentication succeeds or fails.\n\n---\n\n\u003cdiv align=\"center\"\u003e\n \u003csup\u003eSponsors\u003c/sup\u003e\n \u003cbr\u003e\n \u003c!-- Auth0 --\u003e\n \u003cdiv\u003e\n \u003ca href=\"https://auth0.com/\"\u003e\n \u003cpicture\u003e\n \u003csource srcset=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/auth0.png\" media=\"(prefers-color-scheme: light)\"\u003e\n \u003csource srcset=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/auth0-dark.png\" media=\"(prefers-color-scheme: dark)\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/auth0.svg\" width=\"275\"\u003e\n \u003c/picture\u003e\n \u003cp\u003e\n \u003cb\u003eSimple Authentication\u003c/b\u003e\n \u003cbr\u003e\n Make login our problem. Not yours.\n \u003c/p\u003e\n \u003c/a\u003e\n \u003cp\u003eAuth0 by Okta provides a simple and customizable login page to authenticate your users. You can dynamically add new capabilities to it - including social login, multi-factor authentication, or passkeys - without making changes to your app’s code.\u003c/p\u003e\n \u003cp\u003eWe help protect your app and your users from attacks - defending your application from bot attacks and detecting runtime anomalies based on suspicious IPs, breached credentials, user context, and more.\u003c/p\u003e\n \u003c/div\u003e\n \u003cbr\u003e\n \u003c!-- WorkOS --\u003e\n \u003cdiv\u003e\n \u003ca href=\"https://workos.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=passport_js\u0026utm_source=github\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/workos.png\"\u003e\n \u003cp\u003e\n \u003cb\u003eYour app, enterprise-ready.\u003c/b\u003e\n \u003cbr\u003e\n Start selling to enterprise customers with just a few lines of code. Add Single Sign-On (and more) in minutes instead of months.\n \u003c/p\u003e\n \u003c/a\u003e\n \u003c/div\u003e\n \u003cbr\u003e\n \u003c!-- Descope --\u003e\n \u003cdiv\u003e\n \u003ca href=\"https://www.descope.com/?utm_source=PassportJS\u0026utm_medium=referral\u0026utm_campaign=oss-sponsorship\"\u003e\n \u003cpicture\u003e\n \u003csource srcset=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg\" media=\"(prefers-color-scheme: light)\"\u003e\n \u003csource srcset=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope-dark.svg\" media=\"(prefers-color-scheme: dark)\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg\" width=\"275\"\u003e\n \u003c/picture\u003e\n \u003cp\u003e\n \u003cb\u003eDrag and drop your auth\u003c/b\u003e\n \u003cbr\u003e\n Add authentication and user management to your consumer and business apps with a few lines of code.\n \u003c/p\u003e\n \u003c/a\u003e\n \u003c/div\u003e\n \u003cbr\u003e\n \u003c!-- FusionAuth --\u003e\n \u003cdiv\u003e\n \u003ca href=\"https://fusionauth.io/?utm_source=passportjs\u0026utm_medium=referral\u0026utm_campaign=sponsorship\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/fusionauth.png\" width=\"275\"\u003e\n \u003cp\u003e\n \u003cb\u003eAuth. Built for Devs, by Devs\u003c/b\u003e\n \u003cbr\u003e\n Add login, registration, SSO, MFA, and a bazillion other features to your app in minutes. Integrates with any codebase and installs on any server, anywhere in the world.\n \u003c/p\u003e\n \u003c/a\u003e\n \u003c/div\u003e\n \u003cbr\u003e\n \u003c!-- Stytch --\u003e\n \u003cdiv\u003e\n \u003ca href=\"https://stytch.com?utm_source=oss-sponsorship\u0026utm_medium=paid_sponsorship\u0026utm_campaign=passportjs\"\u003e\n \u003cpicture\u003e\n \u003csource srcset=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/stytch.png\" media=\"(prefers-color-scheme: light)\"\u003e\n \u003csource srcset=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/stytch-dark.png\" media=\"(prefers-color-scheme: dark)\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/stytch.png\" width=\"275\"\u003e\n \u003c/picture\u003e\n \u003cp\u003e\n \u003cb\u003eAPI-first AuthN, AuthZ, and Fraud Prevention\u003c/b\u003e\n \u003cbr\u003e\n The most powerful identity platform built for developers. Easily build and secure a modern auth flow with user \u0026 org management, multi-tenant SSO, MFA, RBAC, device fingerprinting, and more.\n \u003c/p\u003e\n \u003c/a\u003e\n \u003c/div\u003e\n\u003c/div\u003e\n\n---\n\nStatus:\n[![Build](https://travis-ci.org/jaredhanson/passport.svg?branch=master)](https://travis-ci.org/jaredhanson/passport)\n[![Coverage](https://coveralls.io/repos/jaredhanson/passport/badge.svg?branch=master)](https://coveralls.io/r/jaredhanson/passport)\n[![Dependencies](https://david-dm.org/jaredhanson/passport.svg)](https://david-dm.org/jaredhanson/passport)\n\n\n## Install\n\n```\n$ npm install passport\n```\n\n## Usage\n\n#### Strategies\n\nPassport uses the concept of strategies to authenticate requests. Strategies\ncan range from verifying username and password credentials, delegated\nauthentication using [OAuth](http://oauth.net/) (for example, via [Facebook](http://www.facebook.com/)\nor [Twitter](http://twitter.com/)), or federated authentication using [OpenID](http://openid.net/).\n\nBefore authenticating requests, the strategy (or strategies) used by an\napplication must be configured.\n\n```javascript\npassport.use(new LocalStrategy(\n function(username, password, done) {\n User.findOne({ username: username }, function (err, user) {\n if (err) { return done(err); }\n if (!user) { return done(null, false); }\n if (!user.verifyPassword(password)) { return done(null, false); }\n return done(null, user);\n });\n }\n));\n```\n\nThere are 480+ strategies. Find the ones you want at: [passportjs.org](http://passportjs.org)\n\n#### Sessions\n\nPassport will maintain persistent login sessions. In order for persistent\nsessions to work, the authenticated user must be serialized to the session, and\ndeserialized when subsequent requests are made.\n\nPassport does not impose any restrictions on how your user records are stored.\nInstead, you provide functions to Passport which implements the necessary\nserialization and deserialization logic. In a typical application, this will be\nas simple as serializing the user ID, and finding the user by ID when\ndeserializing.\n\n```javascript\npassport.serializeUser(function(user, done) {\n done(null, user.id);\n});\n\npassport.deserializeUser(function(id, done) {\n User.findById(id, function (err, user) {\n done(err, user);\n });\n});\n```\n\n#### Middleware\n\nTo use Passport in an [Express](http://expressjs.com/) or\n[Connect](http://senchalabs.github.com/connect/)-based application, configure it\nwith the required `passport.initialize()` middleware. If your application uses\npersistent login sessions (recommended, but not required), `passport.session()`\nmiddleware must also be used.\n\n```javascript\nvar app = express();\napp.use(require('serve-static')(__dirname + '/../../public'));\napp.use(require('cookie-parser')());\napp.use(require('body-parser').urlencoded({ extended: true }));\napp.use(require('express-session')({ secret: 'keyboard cat', resave: true, saveUninitialized: true }));\napp.use(passport.initialize());\napp.use(passport.session());\n```\n\n#### Authenticate Requests\n\nPassport provides an `authenticate()` function, which is used as route\nmiddleware to authenticate requests.\n\n```javascript\napp.post('/login', \n passport.authenticate('local', { failureRedirect: '/login' }),\n function(req, res) {\n res.redirect('/');\n });\n```\n\n## Strategies\n\nPassport has a comprehensive set of **over 480** authentication strategies\ncovering social networking, enterprise integration, API services, and more.\n\n## Search all strategies\n\nThere is a **Strategy Search** at [passportjs.org](http://passportjs.org)\n\nThe following table lists commonly used strategies:\n\n|Strategy | Protocol |Developer |\n|---------------------------------------------------------------|--------------------------|------------------------------------------------|\n|[Local](https://github.com/jaredhanson/passport-local) | HTML form |[Jared Hanson](https://github.com/jaredhanson) |\n|[OpenID](https://github.com/jaredhanson/passport-openid) | OpenID |[Jared Hanson](https://github.com/jaredhanson) |\n|[BrowserID](https://github.com/jaredhanson/passport-browserid) | BrowserID |[Jared Hanson](https://github.com/jaredhanson) |\n|[Facebook](https://github.com/jaredhanson/passport-facebook) | OAuth 2.0 |[Jared Hanson](https://github.com/jaredhanson) |\n|[Google](https://github.com/jaredhanson/passport-google) | OpenID |[Jared Hanson](https://github.com/jaredhanson) |\n|[Google](https://github.com/jaredhanson/passport-google-oauth) | OAuth / OAuth 2.0 |[Jared Hanson](https://github.com/jaredhanson) |\n|[Twitter](https://github.com/jaredhanson/passport-twitter) | OAuth |[Jared Hanson](https://github.com/jaredhanson) |\n|[Azure Active Directory](https://github.com/AzureAD/passport-azure-ad) | OAuth 2.0 / OpenID / SAML |[Azure](https://github.com/azuread) |\n\n## Examples\n\n- For a complete, working example, refer to the [example](https://github.com/passport/express-4.x-local-example)\nthat uses [passport-local](https://github.com/jaredhanson/passport-local).\n- **Local Strategy**: Refer to the following tutorials for setting up user authentication via LocalStrategy (`passport-local`):\n - Mongo\n - Express v3x - [Tutorial](http://mherman.org/blog/2016/09/25/node-passport-and-postgres/#.V-govpMrJE5) / [working example](https://github.com/mjhea0/passport-local-knex)\n - Express v4x - [Tutorial](http://mherman.org/blog/2015/01/31/local-authentication-with-passport-and-express-4/) / [working example](https://github.com/mjhea0/passport-local-express4)\n - Postgres\n - [Tutorial](http://mherman.org/blog/2015/01/31/local-authentication-with-passport-and-express-4/) / [working example](https://github.com/mjhea0/passport-local-express4)\n- **Social Authentication**: Refer to the following tutorials for setting up various social authentication strategies:\n - Express v3x - [Tutorial](http://mherman.org/blog/2013/11/10/social-authentication-with-passport-dot-js/) / [working example](https://github.com/mjhea0/passport-examples)\n - Express v4x - [Tutorial](http://mherman.org/blog/2015/09/26/social-authentication-in-node-dot-js-with-passport) / [working example](https://github.com/mjhea0/passport-social-auth)\n\n## Related Modules\n\n- [Locomotive](https://github.com/jaredhanson/locomotive) — Powerful MVC web framework\n- [OAuthorize](https://github.com/jaredhanson/oauthorize) — OAuth service provider toolkit\n- [OAuth2orize](https://github.com/jaredhanson/oauth2orize) — OAuth 2.0 authorization server toolkit\n- [connect-ensure-login](https://github.com/jaredhanson/connect-ensure-login) — middleware to ensure login sessions\n\nThe [modules](https://github.com/jaredhanson/passport/wiki/Modules) page on the\n[wiki](https://github.com/jaredhanson/passport/wiki) lists other useful modules\nthat build upon or integrate with Passport.\n\n## License\n\n[The MIT License](http://opensource.org/licenses/MIT)\n\nCopyright (c) 2011-2021 Jared Hanson \u003c[https://www.jaredhanson.me/](https://www.jaredhanson.me/)\u003e\n","funding_links":["https://github.com/sponsors/jaredhanson","https://patreon.com/jaredhanson","https://ko-fi.com/jaredhanson"],"categories":["JavaScript","Packages","Features\u003ca name=\"features\"\u003e\u003c/a\u003e","Repository","包","Authentication","Javascript","目录","后端开发框架及项目","Back-End Development","中间件","`Authentication Development`","Framework agnostic packages","Client Library"],"sub_categories":["Authentication","认证","\u003ca name=\"authN-node\"\u003e\u003c/a\u003eNode.js","Security","认证方式","管理面板","身份验证","General utilities","JavaScript / TypeScript"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaredhanson%2Fpassport","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaredhanson%2Fpassport","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaredhanson%2Fpassport/lists"}