I have an application that uses passport with passport-google-oauth (https://github.com/jaredhanson/passport-google-oauth) to allow Google Authentication with RESTful API endpoints.
I'm looking to create other applications (for example, a Chrome extension) that need to communicate with these API endpoints. How do I secure a REST API with Google authentication in passport? I read a lot of things on securing a REST API in general (i.e. if I had my own login), but how would I do it if my application relies on a third-party login? (ie. Google, Facebook, Twitter, etc.)
Thanks
Passport.js ONLY handles authentication -- it doesn't handle authorization at all.
What you'll want to do, if you want to authenticate a user to your webapp is use something like Google Oauth to let a user create an account on your webapp.
You'll then need to use a separate Passport.js strategy for handling developer authentication against your API service.
For instance, if you want a developer to authenticate against your API using Basic Auth, you could use this Passport strategy to allow this: https://github.com/jaredhanson/passport-http
Hopefully that makes sense!