每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，欢迎关注开源日报。交流QQ群：202790710；微博：https://weibo.com/openingsource；电报群 https://t.me/OpeningSourceOrg

今日推荐开源项目：《无限图标制 eva-icons》传送门：GitHub链接

推荐理由：顾名思义，这个项目是一个开源图标大合集。无论是在网站上还是在各种移动端应用上都会用到很多的图标，如果你正在为了寻找合适的图标而烦恼的话，这个项目能够为你排忧解难。

今日推荐英文原文：《6 JavaScript User Authentication Libraries for 2019》作者：Jonathan Saring

原文链接：https://blog.bitsrc.io/6-javascript-user-authentication-libraries-for-2019-6c7c45fbe458?source=topic_page---------5------------------1&gi=66c7ffe24b3f

推荐理由：用户认证是很多时候都需要实现的功能，这些 JS 库兴许可以帮助你更轻松的实现它

6 JavaScript User Authentication Libraries for 2019

“Build me a user-authentication in two weeks!”- Useful ways to get the job done, quick and simple.

Don’t let users wait. Not even the suspicious one on the right who is secretly drinking.

“Build me a user-authentication system in two weeks” is a common phrase among R&D teams these days. For various reasons, this task has always been one of those things left for a single developer in the team to sort out.

On one hand, you really don’t want to waste a lot of time doing it. On the other, you’re concerned that this kind of information might be better off handled by your own internally-written service, for better scaling later on.

As new tutorials appear around the web (a good place to start), and more teams are trying to understand the cost-benefit equation for implementing their own solution vs using a library or a service, I’ve gathered a short review of what’s out there. Hope this can help save some time, and make a better informed decision. Feel free to comment and share your own insights.

Suggestion: Instead of duplicating such common code between projects and services, we use Bit to turn such code into shared components and organize them where we can easily discover, use and sync our changes. Give it a try!Bit - Share and build with code components
Bit helps you share, discover and use code components between projects and applications to build new features and…bitsrc.io

1. Passport JS

Passport is not only a 15k stars user-auth library, it is probably the most common way for JS developers to use an external library for user authentication. This library basically provides relatively flexible and modularmiddleware for Node.js which can be integrated to any Express-based web application. It’s also a community platform which supports various kinds of common authentications such as username and password, Facebook, Twitter, and more. If you don’t want to implement your own solution, it’s probably your first go-to option. Note these common mistakes to be avoided though.jaredhanson/passport
Simple, unobtrusive authentication for Node.js. Contribute to jaredhanson/passport development by creating an account…github.com

With express: https://github.com/expressjs/session
We use Bit to isolate individual components from passport (e.g. extensions) and use them across some of our projects 🙂

2. Auth0

While this isn’t a library but rather a service, it’s a robust yet quick way to get the job done. Auth0 is a (quite big) start-up company which provides a wide universal authentication & authorization platform for web, mobile and legacy applications. Some say it’s the closest solution to Plataformatec’s Devise for Ruby on Rails, except you can connect any app or API in any language. There are over 100 pre-built integrations, and here’s a quick-start with Node.js.Never Compromise on Identity. — Auth0
Auth0 is the solution you need for web, mobile, IoT, and internal applications. Loved by developers and trusted by…auth0.com

3. Permit

Permit is a 1K stars project which aims to provide an “unopinionated” authentication library for building Node.js APIs. Permit lets you add an authentication layer to any Node.js API and can be used with frameworks like Express, Koa, Hapi and Fastify. It can be used with multiple types of API from REST to GraphQL, hence the “unopinionated” design. Permit aims to focus on APIs (stateless requests) and supporting frameworks other than Express. It’s also being active developed, which makes Permit an interesting choice to consider. definitely worth keeping an eye on this one.ianstormtaylor/permit
An unopinionated authentication library for building Node.js APIs. — ianstormtaylor/permitgithub.com

See examples. Here’s one with Express:


import { Bearer } from 'permit'
import express from 'express'

const permit = new Bearer({
  basic: 'username', // Also allow a Basic Auth username as a token.
  query: 'access_token', // Also allow an `?access_token=` query parameter.
})

function authenticate(req, res, next) {
  // Try to find the bearer token in the request.
  const token = permit.check(req)

  // No token found, so ask for authentication.
  if (!token) {
    permit.fail(res)
    return next(new Error(`Authentication required!`))
  }

  // Perform your authentication logic however you'd like...
  db.users.findByToken(token, (err, user) => {
    if (err) return next(err)

    // No user found, so their token was invalid.
    if (!user) {
      permit.fail(res)
      return next(new Error(`Authentication invalid!`))
    }

    // Authentication succeeded, save the context and proceed...
    req.user = user
    next()
  })
}

const app = express()

app.get('/', (req, res) => {
  res.send('Some unrestricted content.')
})

app.get('/restricted', authenticate, (req, res) => {
  res.send('Restricted content!')
})

app.listen(3000)

4. Grant

A rather new and promising library providing OAuth Middleware for Express, Koa and Hapi- with over 180 supported providers and a live playground. In case you want to use it with your own private OAuth provider, you can specify the required key yourself. Although this library is already getting traction (+ 1K stars), resources are relatively scarce so try it out with care.simov/grant
OAuth Middleware for Express, Koa and Hapi. Contribute to simov/grant development by creating an account on GitHub.github.com

5. Feathers authentication management

Feathers is an open source (11K stars) real-time, micro-service web framework for NodeJS that gives you control over your data via RESTful resources, sockets and flexible plug-ins.

Feathers also provides authentication and authentication management modules which let you add sign up verification, forgotten password reset, and other capabilities to local feathers-authentication. The idea is to combine different authentication methods under one roof, in a flexible infrastructure. Here’s a step-by-step guide to help you get started.feathersjs/authentication
Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS. …github.com feathers-plus/feathers-authentication-management
Adds sign up verification, forgotten password reset, and other capabilities to local feathers-authentication …github.com

6. Just use Firebase Authentication (for small apps)

This might not necessarily be the long-term solution to manage user auth in your scaling platform (or is it?). But, it’s a very useful way to get the job done, fast and simple, for your applications deployed with Firebase.

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook, and Twitter. Learn more here.

Here’s a very nice tutorial for building a React app that leverages Firebase for User Auth with Facebook, Twitter and GitHub:React OAuth Authentication with Firebase
We build an awesome React app with Firebase to consume OAuth Authentication with GitHub, Twitter and Facebookblog.bitsrc.io

And here’s a similar tutorial for building a Vue.js application with Firebase authentication:Build a Vue App with Firebase Authentication and Database
A short yet detailed guide to building a simple Vue app with Firebase for Authentication and Firestore for Database.blog.bitsrc.io

And with the MERN stack (3-part series):Build a Login/Auth App with MERN Stack- Part 1
Create a (minimal) full-stack app with user authentication via passport and JWTs.blog.bitsrc.io