sdob
commented
9 years ago Passport looks nice, actually. Looks like it has good OAuth 2 support, and considering the median age profile / level of tech proficiency of Irish divers I think that Facebook/Google authentication could drive user engagement.
No authorization should be necessary to make list/detail calls to the API but we presumably don't want to just open our db to anybody who wants to do a destructive edit. We'll almost certainly want to have some granularity of permissions as well. I don't know if this is a feature of Express or if we'll want to use something like Passport.