Passport: The future of Passport.js

Created on 6 Dec 2019  路  7Comments  路  Source: jaredhanson/passport

Hey :wave:

Passport.js still remains the recommended way by many to implement authentication in Node.js applications. There are a lot of businesses that rely on this and there are also a lot of newcomers to Node being directed to this library by various videos and blog articles.

I noticed that there hasn't been a commit in 7 months and this has led me to wonder about the future of the project.

There are currently, as of writing, 308 open issues and 30 open pull requests. Quite a few of these issues and pull requests span back months or years and many don't have any responses.

I understand maintaining an open source library of this size and importance is tiresome work but I just wonder what the plans are for the future? How should we collectively go about triaging these issues and working our way through the open PRs?

Is there also work to be done on improving the documentation for the project? Last time I implemented Passport.js in a project I stumbled across this alternate manual, the existence of this probably indicates the official documentation could do with some work.

I also found similar sentiment in the /r/node Reddit thread about the alternate documentation.

Thanks,
Luke

Most helpful comment

Also, the website itself allows http access and does not auto-redirect to https. Second, the SSL cert does not match domain and flags a browser warning. This sends a wrong message, given that the passport library is pertaining security :)

All 7 comments

I just stumbled over this package on my search for authorisation middlewares for koajs.
The official sites /packages page is 404, this lead me to the issues tracker.

I'd like to see WebAuthn somehow integrated, there does not seem to be a strategy out there.

The idea behind the package is great and I hope we get a statement from the current maintainers.

There are currently, as of writing, 308 open issues and 30 open pull requests.
How should we collectively go about triaging these issues and working our way through the open PRs?

Most of the 300+ open issues are actually not issues with this library, but support requests regarding problems with applications that have integrated passport for authentication. Unfortunately, I do not have time to provide free support. GitHub issues should be used to file demonstrable reports of bugs in the library itself which need fixing.

If anyone wants to volunteer, I would certainly appreciate help reading through the issues, and commenting or flagging them as support request, at which time I will close them. A comment can be made to encourage people to file discussion-related questions at: https://github.com/passport/discuss

I will continue going through the open PRs and reviewing/merging them as I have time and urgency dictates.

I'd like to see WebAuthn somehow integrated, there does not seem to be a strategy out there.

I have personally started on a WebAuthn strategy, but make no promises as to if or when it will be stable or usable. Strategies are extensible, and can be community developed (as most strategies have been!), so feel free to contribute an implementation!

The official sites /packages page is 404

You probably have JavaScript disabled in your browser, or the JavaScript had not yet loaded when you clicked the link. This is a bug in the website itself, and does not impact the functionality or usablity of the library.

Per my comment above, since this issue does not demonstrate a bug or functional issue with the library, I'm closing the issue. Feel free to continue commenting or move discussion to https://github.com/passport/discuss

Thanks Jared for responding so quickly. I agree GH issues should not be used for support questions (generally). I'm willing to flag them once you give me the required repo rights.

I headed over to https://github.com/passport/discuss and the most recent issues there are all unanswered/untagged for several months now. I wonder is there an active community for this package? Would pointing users to stackoverflow help?

The other day I found a working and pretty simple to wrap WebAuthn npm package over at https://github.com/wallix/webauthn
Maybe we could use that as a starting point?

Also where is the repo for the website, so I can fix the JS packages 404 bug?

Also, the website itself allows http access and does not auto-redirect to https. Second, the SSL cert does not match domain and flags a browser warning. This sends a wrong message, given that the passport library is pertaining security :)

It's 2021 and https://passportjs.org still doesn't resolve, plus https://www.passportjs.org has a busted cert, it's a *.herokuapp.com one.

GitHub Pages and Let's Encrypt solved this problem years ago.

Not a good look, but should be a relatively easy fix?

@jaredhanson where is the sites code hosted? Maybe we could transform it to GH pages or deploy to vercel?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

tobymurray picture tobymurray  路  6Comments

angel1st picture angel1st  路  7Comments

wongeun picture wongeun  路  4Comments

callumacrae picture callumacrae  路  5Comments

andrewbanchich picture andrewbanchich  路  4Comments