With Passport configured, we can now set up the passport-local strategy for authenticating with a username and password.

First, we can configure the local strategy by creating a new instance of it and passing it as middleware into passport:

passport.use(new LocalStrategy( function(username, password, done) { // … } ));

The new LocalStrategy object will take in an anonymous function with the following parameters:

  • username
  • password
  • A callback function called done.

The purpose of the done callback is to supply an authenticated user to Passport if a user is authenticated. The logic within the anonymous function follows this order:

  1. Verify login details in the callback function.
  2. If login details are valid, the done callback function is invoked and the user is authenticated.
  3. If the user is not authenticated, pass false into the callback function.

The done callback function takes in two arguments:

  • An error or null if no error is found.
  • A user or false if no user is found.

With those steps implemented our updated strategy should look like:

passport.use(new LocalStrategy( function (username, password, done) { // Look up user in the db db.users.findByUsername(username, (err, user) => { // If there's an error in db lookup, // return err callback function if(err) return done(err); // If user not found, // return null and false in callback if(!user) return done(null, false); // If user found, but password not valid, // return err and false in callback if(user.password != password) return done(null, false); // If user found and password valid, // return the user object in callback return done(null, user) }); }) );

We’re looking for potential errors during the authentication process and addressing them before the next request handler is reached.

Once the local strategy is configured, the Express application will have user authentication implemented!



Add a new LocalStrategy instance with an anonymous callback function using username, password, and done as its parameters.

Type node app.js into the Terminal to start the node app.

Press the Check Work button to check your work for each checkpoint.


A db lookup function has been provided.

Within the LocalStrategy function, make a call to db.users.findByUsername(). Provide username as the first argument. For the second argument, give it an arrow callback function using err and user as its parameters.


Within the db lookup function, add an if statement that checks if an error is found.

In that if statement, return the done() callback with one argument showing that an error was found.


Add another if statement if NO user is found.

Return the done() callback with arguments showing that there was NO error and NO user was found.


Add one last if statement that checks if a user was found but the password was invalid. You can do this by comparing user.password to password.

Return the done() callback with arguments showing that there was NO error and NO user was found.


Return the done() callback function with arguments showing that there was NO error and a user was found.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?