In the first part of our API we will make use of PassportJS’ ‘local’ strategy to provide basic username and password authentication.
This strategy is ideal if your requirements are fairly basic and you’re looking to authenticate users who may be supplying their credentials via a web site or some other means.
Our output, in this case, will be a JSON Web Token, or JWT, which is signed by our API. To access other resources that our API may expose (in this case some mock user profile data), the user has to supply the JWT in their request in order for us to verify it.
Up Next: Describing the API