Why should Tech SaaS Startups Utilize Passport.js as a Quick Authentication Solution?

Anchal Rastogi
~ 6 min read | Published on Mar 23, 2023





What's in a name? that which we call a rose
By any other name would smell as sweet.
- William Shakespeare, Romeo and Juliet

Well… if it were as simple 🙂

Identity and its management has become more important than ever in today’s world with thousands of applications getting launched every month. Identity and Access Management System is a framework of business processes, policies and technologies that help in managing electronic or digital identities. It also defines who has access to the systems and the nature of access to the systems.  Online identities are as good as other paper identities used in real life scenarios (sometimes digital imprints of the same), whether it is

  • a passport and a visa to enter a country that defines the privileges on arrival or
  • a boarding pass to define whether you are allowed on the flight and are eligible for first class or business class pleasures or
  • your SSN for certain benefits in a country.

Similar to how a  wrong identity entering your flight can cause a hijack, a wrongly authorized user can cause havoc on your applications and supported systems.

With multi-tenant systems, this plays an even more crucial role as the data of one organization should be segregated and protected from the users of other organizations.

multi-tenant systems play crucial role

Hence identity and access control becomes a very significant part of the system.

Well, having worked with a lot of applications in different domains, I realised there are various  kinds of authentication systems that teams work with across applications. Some are proprietary code bases, some open source, managed systems or even hybrid models.

With a wide range of tools available, it becomes difficult for engineering teams to make a quick decision on what to opt for and they spend a lot of time to hunt for the right solution.

Having faced a similar challenge in one of our recent projects, I thought it might be a good idea to document our learnings specially for early stage startups to make quicker decisions.

What are the decision makers while selecting an IAM tool?

When looking at IAM (Identity and Access Management) tools, I feel these are the main consideration points for any team and specifically SaaS startups:

User access management
  • Authentication mechanisms/strategies provided - Prefer a library or tool that can cater to your current as well as future needs. Say your current need is just for local auth, but you see a need in future for SSO with various social platforms, then you should select a library that supports all these from the very beginning.
  • Easy integration with less effort - The main purpose of using a pre-built  library is to spend as less effort as possible to handle various authentication scenarios. Time to market is very important specially for Startups in their initial phase. So if a library is complicated and involves more effort from the team, it might be worth considering building your own code.
  • Cost - Cost again is a very big factor and here open source tools come in handy  if they provide good functionalities.
  • Flexibility and adaptability - In a product lifecycle, not everything is predictable and some use cases come as a surprise. It is desirable to choose a library that provides you flexibility to adapt and include both planned and unplanned use cases. And hence choosing a tool with right licensing to allow you the above is as critical.
  • Support - For managed services, it is a given, but for open source and unmanaged tools and libraries, generally look for the kind of support that the community provides. Sometimes, though the tool may look easy to use, but with no community support can become difficult to debug, maintain and build on.

We too had multiple constraints specially with respect to cost, time to market and flexibility. Therefore it became important for the team to do some research and make an informed decision.

Quick Comparison of Various Tools in the Market

There were a lot of libraries and solutions that we explored for our use case - both managed and unmanaged, as well as open source vs paid. Here is a quick snapshot based on the earlier defined parameters for a few of the tools and frameworks.

Authentication tools comparison chart

During exploration, we realized that for our use case, managed solutions will have their own limitations in terms of what and how much we could configure. Also since cost was another big factor, we decided to go for an open source solution.

And hence Passport.js

Passport is a middleware for Node.js, that makes it easy to implement authentication and authorization. It works well with MEAN or MERN stack.

  • First and foremost, it provides 500+ authentication strategies that cover for most of the authentication mechanisms required in a general web application. It handles use cases with local auth with username and password, JWT, OAuth, SAML, Auth0 to SSO for most of the social platforms like Google, FB, LinkedIn, AWS, Azure, GitLab, GitHub and many more. This gave us a pre-built library that we could use to build for our current use cases and then we knew we could extend it anytime to include further integrations out of the box when needed.
  • There was ease of integration with proper APIs and support documentation available. Since it is a widely used library for Node.js applications, there is also good community support and content available online for resolving issues or debugging.
  • Passport js is open source with MIT license. Since we were new on the product with budget constraints, this was a good option from cost perspective.
  • RBAC (Role based access control) implementation with the library, was again a positive for us as we had that requirement from the beginning of the product roadmap. We knew we could control what kind of role based access and rules we wanted to apply. Since ours was a growing product, change was a constant for us and hence a library that could provide us more flexibility and control was significant.
Sign up page for zipy app

There was just one limitation with the library that our service using the code had to be written in Node.js. Since we follow micro-services architecture, that was not really a bottleneck for us.

For simple integration with the library, check the Passport docs or read this blog.

Our integration with Passport.js is up and running in Production and lot of users have been using the sign-in/sign-up functionality with local auth and Google/Github SSO.

Conclusion

Overall Passport.js turned out to be a great solution for our IAM scenarios and we have not yet found a use case that we were unable to solve with it.  Whether you are building your first login page or are an expert in all things identity, the documentation will help you understand Passport and use it in your applications. Therefore, I would strongly recommend startups who are looking for a quick solution for identity management to use this library.

PKI and SSO
When I discover who I am, I’ll be free.
- Ralph Ellison, Invisible Man

Call to Action

Feel free to comment or write to us in case you have any further questions at support@zipy.ai. We would be happy to help you. In case you want to explore Zipy for your app, you can sign up here or book a demo here.

Fix bugs faster with Zipy!

  • Session replay
  • Network calls
  • Console Logs
  • Stack traces
  • User identification
Get Started for Free





Fix bugs faster with Zipy!

Get Started for Free
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Want to solve customer bugs even before they're reported?

zipy
for developers
with
Loved by developers
by developers just like you
© 2022 Zipy AI | All rights reserved
Integrately - Integrate Your Apps In 1 Click
SOC for Service Organizations
SOC 2 Type I Certified