I am trying to learn and implement MEAN stack (node, express, mongo, angular) to create an SAAS application I have been working on.
Currently i'm working on the REST API that the frontend will consume. I am having trouble understanding / deciding on an authentication scheme.
I am looking into passport.js to use with the REST API but I feel like maybe i'm confused about its implementation. Everything I read about oauth 2.0 says its pretty much the defacto standard for authentication with modern REST api's however most of what i'm reading says you click a button and it asks for authorization, just like a facebook or twitter signon.
So i'm wondering, is it even necessary to have a token based authentication if I just want my users to provide an email and password and sign in.
Can someone explain this at least: If I use Oauth 2.0, do I have to have sign in buttons that initiate some kind of facebook connect looking flow, or can I have a user provide an email and password and use that as a means to obtain the tokens from the oauth server.
SO CONFUSED. haha. I just need to figure out a good, acceptable way besides plain old username / password authentication to secure the api so I can get on with the build. All suggestions and links to applicable tutorials are appreciated. Thanks.