HTTP authentication not working with passport-http

I am following the tutorial on creating my first passport login system and I am having a problem with the basic passport strategy.

The problem is, my code is not blocking directory entries at /api

all, and I don't understand why.

My code looks like this:

var passport = require('passport');
var passportLocal = require('passport-local');
var passportHttp = require('passport-http');


    passport.use(new passportHttp.BasicStrategy(verifyCredentials));

    function verifyCredentials(username, password, done){
      if (username === password){
        done(null, { id: username, name: username });
      } else {
        done(null, null);

    app.use('/api', passport.authenticate('basic'));


The weird thing is that it worked the first time I ran it, but then didn't, so I wonder if there is a problem somewhere else besides my code.

Any suggestions on what is wrong would be appreciated.


source to share

2 answers

I think I know what's going on.

Your browser caches the user and password. Try opening an incognito window with Chrome and open that URL. He should ask for the password again.

AFAIK Chrome only clears the cached HTTP authorizer on close. Therefore, you must open and close incognito windows for each test ...



Alternatively, I suggest using http-auth with passport integration:

// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
    realm: "Simon Area.",
    file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...

// Application setup.
var app = express();

// Setup strategy.
var passport = require('passport');

// Setup route.
app.get('/', passport.authenticate('http', { session: false }), function(req, res) {
    res.end("Welcome to private area - " + req.user + "!");




All Articles