I considered three options to choose from. Passport.js, Firebase Authentication, and Keycloak are all viable choices, each with its own strengths and downsides:
Passport.js:
Passport.js is a widely adopted authentication middleware for Node.js. It provides a flexible and modular approach, allowing us to choose from numerous authentication strategies such as local username/password, social logins (OAuth), JSON Web Tokens (JWT), and more. Passport.js integrates well with Express. However, it primarily handles authentication and not other aspects like session management or authorization, which we would have to implement ourselves.
I have some experience working with this library and would suggest, to use JWTs with this approach.
Firebase Authentication:
Firebase Authentication is a service provided by Google that offers a complete authentication solution for web and mobile applications. It supports multiple authentication methods, including email/password, social logins, and phone number authentication. Firebase Authentication is easy to integrate with Angular and provides robust security features out of the box. It handles authentication, session management, and even provides additional features like user management, user roles, and analytics. It also is integrable into express applications.
Simple guide to demonstrate easy of use with express: https://dev.to/deepakshisood/authentication-using-firebase-for-expressjs-2l48
Keycloak:
Keycloak is an open-source identity and access management solution that provides authentication, authorization, and user management capabilities. It offers features like Single Sign-On (SSO), social logins, and support for various authentication protocols such as OAuth2 and OpenID Connect. Keycloak can be self-hosted, giving us more control over our authentication system. However, it might have a steeper learning curve compared to the other options, and setting it up may require additional infrastructure. I would only recommend this if we want to be Independent from Google, need high safety, but don't want to integrate authentication ourselves.
Considering our requirements for simplicity, moderate security, and Angular-Express compatibility, I would suggest Firebase Authentication.
Firebase Authentication offers a comprehensive solution and requires minimal setup. On the other hand Passport.js gives us more flexibility in terms of authentication strategies and integrates well with Express, but I don't think the added complexity and self management is worth it.
Popular alternatives to consider:
Okta:
I myself have no experience with this, but it also popped up on my research as an alternative to Firebase Authentication. Okta is an identity management platform that provides authentication, authorization, and user management as a service. It supports various authentication methods, including social logins, SAML, and OIDC. Okta offers robust security features, SSO capabilities, and user management options. It has good support for Angular applications and provides easy integration with Express.
Auth0:
Auth0 is a popular authentication-as-a-service provider that offers secure authentication and authorization features. It supports multiple authentication methods, including social logins, enterprise connections, and passwordless authentication. Auth0 provides comprehensive security features, user management, and extensibility options through hooks and rules. It offers a seamless integration experience with Angular and Express. But I consider this overkill as this is an authentication is designed for big products with a big scope and user base, which also want to offer integration into other services.
I considered three options to choose from. Passport.js, Firebase Authentication, and Keycloak are all viable choices, each with its own strengths and downsides:
Passport.js: Passport.js is a widely adopted authentication middleware for Node.js. It provides a flexible and modular approach, allowing us to choose from numerous authentication strategies such as local username/password, social logins (OAuth), JSON Web Tokens (JWT), and more. Passport.js integrates well with Express. However, it primarily handles authentication and not other aspects like session management or authorization, which we would have to implement ourselves. I have some experience working with this library and would suggest, to use JWTs with this approach.
Firebase Authentication: Firebase Authentication is a service provided by Google that offers a complete authentication solution for web and mobile applications. It supports multiple authentication methods, including email/password, social logins, and phone number authentication. Firebase Authentication is easy to integrate with Angular and provides robust security features out of the box. It handles authentication, session management, and even provides additional features like user management, user roles, and analytics. It also is integrable into express applications. Simple guide to demonstrate easy of use with express: https://dev.to/deepakshisood/authentication-using-firebase-for-expressjs-2l48
Keycloak: Keycloak is an open-source identity and access management solution that provides authentication, authorization, and user management capabilities. It offers features like Single Sign-On (SSO), social logins, and support for various authentication protocols such as OAuth2 and OpenID Connect. Keycloak can be self-hosted, giving us more control over our authentication system. However, it might have a steeper learning curve compared to the other options, and setting it up may require additional infrastructure. I would only recommend this if we want to be Independent from Google, need high safety, but don't want to integrate authentication ourselves.
Considering our requirements for simplicity, moderate security, and Angular-Express compatibility, I would suggest Firebase Authentication. Firebase Authentication offers a comprehensive solution and requires minimal setup. On the other hand Passport.js gives us more flexibility in terms of authentication strategies and integrates well with Express, but I don't think the added complexity and self management is worth it.
Popular alternatives to consider:
Okta: I myself have no experience with this, but it also popped up on my research as an alternative to Firebase Authentication. Okta is an identity management platform that provides authentication, authorization, and user management as a service. It supports various authentication methods, including social logins, SAML, and OIDC. Okta offers robust security features, SSO capabilities, and user management options. It has good support for Angular applications and provides easy integration with Express.
Auth0: Auth0 is a popular authentication-as-a-service provider that offers secure authentication and authorization features. It supports multiple authentication methods, including social logins, enterprise connections, and passwordless authentication. Auth0 provides comprehensive security features, user management, and extensibility options through hooks and rules. It offers a seamless integration experience with Angular and Express. But I consider this overkill as this is an authentication is designed for big products with a big scope and user base, which also want to offer integration into other services.