Top JavaScript User Authentication Libraries for 2019

by jay patel

“Build me a user-authentication system in two weeks” is a common phrase among R&D teams these days. For various reasons, this task has always been one of those things left for a single developer in the team to sort out.

On one hand, you really don’t want to waste a lot of time doing it. On the other, you’re concerned that this kind of information might be better off handled by your own internally-written service, for better scaling later on.

As new tutorials appear around the web (a good place to start), and more teams are trying to understand the cost-benefit equation for implementing their own solution vs using a library or a service.

In this article you will read the following JavaScript User Authentication Libraries:

1. Passport JS

2. Auth0

3. Permit

4. Grant

5. Feathers authentication management

6. Firebase Authentication

Learn Each Libary in Details.

1. Passport JS

Passport JS

Passport is not only a 15k stars user-auth library, it is probably the most common way for JS developers to use an external library for user authentication. This library basically provides relatively flexible and modularmiddleware for Node.js which can be integrated to any Express-based web application. It’s also a community platform which supports various kinds of common authentications such as username and passwordFacebookTwitter, and more. If you don’t want to implement your own solution, it’s probably your first go-to option. Note these common mistakes to be avoided though.


Simple, unobtrusive authentication for Node.js. Contribute to jaredhanson/passport development by creating an account…


2. Auth0


While this isn’t a library but rather a service, it’s a robust yet quick way to get the job done. Auth0 is a (quite big) start-up company which provides a wide universal authentication & authorization platform for web, mobile and legacy applications. Some say it’s the closest solution to Plataformatec’s Devise for Ruby on Rails, except you can connect any app or API in any language. There are over 100 pre-built integrations, and here’s a quick-start with Node.js.



Never Compromise on Identity. — Auth0
Auth0 is the solution you need for web, mobile, IoT, and internal applications.Loved by developers and trusted by…


3. Permit

Permit auth

Permit is a 1K stars project which aims to provide an “unopinionated” authentication library for building Node.js APIs. Permit lets you add an authentication layer to any Node.js API and can be used with frameworks like Express, Koa, Hapi and Fastify. It can be used with multiple types of API from REST to GraphQL, hence the “unopinionated” design. Permit aims to focus on APIs (stateless requests) and supporting frameworks other than Express. It’s also being active developed, which makes Permit an interesting choice to consider. definitely worth keeping an eye on this one.

An unopinionated authentication library for building Node.js APIs. — ianstormtaylor/permit


See examples. Here’s one with Express:



import { Bearer } from 'permit'

import express from 'express'


const permit = new Bearer({

basic: 'username', // Also allow a Basic Auth username as a token.

query: 'access_token', // Also allow an `?access_token=` query parameter.



function authenticate(req, res, next) {

// Try to find the bearer token in the request.

const token = permit.check(req)


// No token found, so ask for authentication.

if (!token) {

return next(new Error(`Authentication required!`))



// Perform your authentication logic however you'd like...

db.users.findByToken(token, (err, user) => {

if (err) return next(err)


// No user found, so their token was invalid.

if (!user) {

 return next(new Error(`Authentication invalid!`))



// Authentication succeeded, save the context and proceed...

req.user = user





const app = express()

app.get('/', (req, res) => {

res.send('Some unrestricted content.')



app.get('/restricted', authenticate, (req, res) => {

res.send('Restricted content!')





4. Grant

Grant Auth

A rather new and promising library providing OAuth Middleware for Express, Koa and Hapi- with over 180 supported providers and a live playground. In case you want to use it with your own private OAuth provider, you can specify the required key yourself. Although this library is already getting traction (+ 1K stars), resources are relatively scarce so try it out with care.


OAuth Middleware for Express, Koa and Hapi. Contribute to simov/grant development by creating an account on GitHub.


5. Feathers authentication management

Firebase Authentication

Feathers is an open source (11K stars) real-time, micro-service web framework for NodeJS that gives you control over your data via RESTful resources, sockets and flexible plug-ins.

Feathers also provides authentication and authentication management modules which let you add sign up verification, forgotten password reset, and other capabilities to local feathers-authentication. The idea is to combine different authentication methods under one roof, in a flexible infrastructure. Here’s a step-by-step guide to help you get started.


Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS. …


feathers-plus/feathers-authentication-management Adds sign up verification, forgotten password reset, and other capabilities to local feathers-authentication…


6. Just use Firebase Authentication (for small apps)

 Feathers Auth

This might not necessarily be the long-term solution to manage user auth in your scaling platform (or is it?). But, it’s a very useful way to get the job done, fast and simple, for your applications deployed with Firebase.

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook, and Twitter. Learn more here.

Honorable mentions

Most of these are unmaintained, so try with care!

node.js auth package (password, facebook, & more) for Connect and Express apps — bnoguchi/everyauth


Okta | Always On
Looks like you have Javascript turned off! Please enable it to improve your browsing experience. The Okta Identity…


import Amplify from 'aws-amplify' ; Amplify .


An authentication library for Next.js projects. Contribute to iaincollins/next-auth development by creating an account…


Passwordless and 2FA auth without a database. Contribute to sffc/easy-no-password development by creating an account on…


User identity/authentication/accounts management microservice for node.js - nmaro/ooth


OAuth 2.0 authorization server toolkit for Node.js. — jaredhanson/oauth2orize


User Management and Authentication for React. Contribute to stormpath/stormpath-sdk-react development by creating an…


OAuth 2.0 provider toolkit for nodeJS, standalone server and express middleware support - t1msh/node-oauth20-provider


Authentication solution for Express. Contribute to zemirco/lockit development by creating an account on GitHub.

Leave a Reply

Your email address will not be published. Required fields are marked *

   Confirm you are not a spammer
   Notify me of follow-up comments by email.