We have Facebook and Google authentication working perfectly. We should be able to sign in and go to http://localhost:3000/chat
and get an authorized Socket.IO handshake, although we now cannot sign in using our local username and password.
Note
Technically, the function does come back as authorized, but we do not set the correct variables in the session anymore.
We also want to create a function that is much more secure than just a username check.
The passport-local
module will work in the passport.authenticate
middleware, but we will have to write our own logic. This is different than the other modules where the logic is written, and we just have to add our application specific parts. Let's build our authentication logic.
Open your config.js
file in the root directory. We are going to add some cryptographic settings as follows:
crypto: { workFactor: 5000, keylen: 32, randomSize: 256 }
We will talk about and use the workFactor
later. The keylen
...