Difference between Passport and JWT?

I'm pretty new to Express/Node - I'm trying to figure out what the difference between Passport and JWT is but can't find a definitive answer? I know you can use one or the other for auth purposes in an application, or together with an npm package like passport-jwt.

So what I want to know is:

  1. What does JWT do that Passport doesn't (and vice versa)?

  2. What is the preferred method for authentication/authorization and why?


Solution 1:

Passport is Authentication Middleware for Node.JS, it is not for any specific method of authentication, the method for authentication like OAuth, JWT is implemented in Passport by Strategy pattern, so it means that you can swap the authentication mechanism without affecting other parts of your application.

Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.

http://passportjs.org/

A Passport strategy for authenticating with a JSON Web Token.

This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.

https://www.npmjs.com/package/passport-jwt

Solution 2:

Passport is just middleware for Node.JS.

JSON Web Token can be used "inside" of passport. Passport offers other features too.