Integrating Passport with an Existing Node.JS Application

This is not an exhaustive step-by-step. It is a high level overview of what questions you should be asking yourself as you integrate an authorization service like GitHub's Passport service with an existing node.js application, and roughly in what order you should be asking those questions. Step 0: get an app fully working that you will then be able to open up to other users via some sort of authorization service. So for example I worked through this tutorial and got it working: http://www.clementinejs.com/tutorials/tutorial-beginner.html, then to learn Passport started down this road: http://www.clementinejs.com/tutorials/tutorial-passport.html. Step 1: You then have to register your app with the service ( for this I am registering with GitHub but I think the overall process is roughly the same for any other service like Twitter, Google, or Facebook). The result of your efforts will be an API key that is like the secret door between that service and your app! Step 2: Back in your application, set up the data model to use the information that will come in from the API. The fields you add will typically be something like id, displayName, userName, and publicRepos (notice there is no need to store passwords or any of the associated headaches; that is one big reason for using one of these authorization services) Step 3: In you application, make sure the API key and any related stuff from the authorization service gets stored in your .env file and then that .env file gets included in the stuff that does NOT get pushed up to GitHub (if you are indeed using GitHub as your code version management repository - sorry, this is an assumption on my part) Step 4: Authorization Configuration. Huh-boy, here we go. The thing is, the authorization service we are using (gitHub in this case) needs to be able to confirm your application has permission to access the authorization service's API and retrieve user information. To that end, your application needs to reference the Node process.env object. So you have to export it so it is available (via require) in other parts of your application. Step 5: Set up the authentication part of your application. Step 6: Changing your existing application means adding lots of new functionality and changing a lot of existing functionality. This varies from application to application and authorization service to authorization service. What follows are examples of the kinds of questions you have to ask yourself before you can get your application to play ball with the authorization service you chose to work with. - Make sure that, in the transition from your original application to a version that uses Passport, you made any modifications to your server-side code that accounts for these changes ( for example, did changes to which model you are using require updates to the server-side controller?) - Do not forget to also change and update routes accordingly (for example, make sure passport is one of the arguments for the main function in routes - this will expose the stuff that comes with Passport to your routes)! - Now that the application is using an authentication service, the user needs to have a loggedin/notloggedin state; typically this is handled by a function in routes. - Similarly, did you update your AJAX functionality? Step 7: Changing your existing application to use an authorization service will mean adding new views and updating others Step 8: Changing your existing application to use an authorization service will mean some of the views that you add to your application will need additional controllers to work with the API connecting your application to the data the authorization service provides. Most likely you will need an additional controller that updates the view(s) with information it retrieves the user information from the API.