Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Basic Authentication with Passport

Basic Authentication with Passport

Basic authentication is one of the simplest authentication strategies because it doesn't require cookies, sessions, or even a login form! Instead, it uses HTTP headers which means credentials are transmitted on each request.


You will need to install passport and passport-http. The passport-http module is what allows you set up the Basic Authentication Scheme, in addition to a couple other authentication strategies.

$ npm install express passport passport-http --save


Set up your express server as you normally would. In addition, require both of the passport modules into the top of your server file:

var passport = require('passport');
var BasicStrategy = require('passport-http').BasicStrategy;  // Want to use Basic Authentication Strategy
// Other middleware

var user = { username: 'bob', password: 'secret', email: '' };
passport.use(new BasicStrategy(
  function(username, password, done) {
    // Example authentication strategy using 
    if ( !(username === user.username && password === user.password) ) {
      return done(null, false);
    return done(null, user);

// Routes

Protecting Endpoints

Using passport, you can easily protect routes in your express applicaiton. the passport.authenicate handler accepts a strategy name (basic), as well as some extra options. In this example we're going to disable sessions on the server.

  passport.authenticate('basic', { session: false }),
  function(req, res) {

Note: Just because sessions are disabled on the server, your browser may cache headers. Check your network tab!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment