Extending our server

  • https://bitbucket.org/magicchicken/webgameserver/src
  • Adding new dependencies to package.json:
    • "ejs" - for rendering views
    • "passport"
    • "passport-local"
    • "passport-google"
    • "passport-facebook"
    • "passport-twitter"
  • Adding cookie and session support to our express server
  • Adding new views; pages we fill out with code and that the user will see
    • layout.ejs - automatically used by the view rendering engine
    • login.ejs - Lets you choose which service to log in with
    • index.ejs - home page, links you to either the login page or lets you log out
    • account.js - must be authenticated to view
  • Basically, a combination of several Passport examples linked below!

Sidenote: About Views

Choosing an authentication module for Express

  • We could use any other 3rd party authentication library: everyauth, passport, faceplate, connect-auth, etc
  • I'm going wtih Passport, which is an authentication framework for Connect and Express. It is extensible through "plugins" known as strategies.
  • Why? Because it supports a variety third-party services and the docs/examples looked good.
  • Feel free to research and use whatever fits your style/needs.
  • The book uses Faceplate in Chapter 20, which might be handy as a guide.

Authentication overview

  • In a typical web application, the credentials used to authenticate a user will only be transmitted during the login request.
  • If authentication succeeds, a session will be established and maintained via a cookie set in the user's browser.
  • If authentication fails, we don't let the user go to any protected pages.

Authentication with Passport

  • http://passportjs.org/guide/
  • Passport support a whole bunch of third-party services that are out there: Google, Facebook, Twitter, Netflix, GitHub, BitBucket, AOL, Yahoo, etc
  • You can also just use basic Username and Password, managed locally.
  • For each one you need to configure the middleware and setup the routes.

    User Storage

    • req.user
    • Persistent sessions by serializing the authenticated user to the sesion.
    • passport.authenticate() invokes req.login(), which assigns the user to req.user
    • Invoking /logout will remove the req.user property and clear the login session

    Authenticating a User

    • Authenticating requests is as simple as calling passport.authenticate() and specifying which strategy to employ.
    • Before asking Passport to authenticate a request, the strategy (or strategies) used by an application must be configured.

      Facebook authentication

      • Guide: http://passportjs.org/guide/facebook/
      • Example: https://github.com/jaredhanson/passport-facebook
      • Requires you have a facebook account
      • Create a facebook app using the Developers page
      • https://developers.facebook.com/apps
      • Setup the App Domain and Website with Facebook Login to support localhost testing (see chapter 20, page 389)

      Google authentication

      • Guide: http://passportjs.org/guide/google/
      • Example: https://github.com/jaredhanson/passport-google
      • pretty easy
      • doesn't seem to have user.id or user.username

      Twitter authentication

      • Guide: http://passportjs.org/guide/twitter/
      • Example: https://github.com/jaredhanson/passport-twitter
      • Requires that you have a Twitter account so you can create an app
      • https://dev.twitter.com/apps - To create a Twitter app (required if you use Twitter authentication)
      • Twitter doesn't let you register localhost as the callback url, so you have to set it to

      Local authentication

      • username and password are specific to your site
      • Need to have storage for them on your own database
      • More security concerns managing information on your own site


      • CSS buttons for various sites: http://zocial.smcllns.com/sample.html


  • Add user authentication to your server application that at least works with local testing
  • Can you get it working on Heroku?

Next Week

  • Authentication while running online through Heroku.
  • Persistent session - Storing our session data in our database or with cookies, so the user can stay logged in between sessions.
  • Associate our authenticated user account with a user record in our database.
  • Associating game data with our user accounts (score, total kills, total deaths, achievements unlocked).
  • Updating our user data from our game.