I believe the best practice for RESTful API's is to be stateless. I read abit about stateless authentication but am not totally clear how to implement it (looks like a mess of tokens etc). PassportJS is a nice authentication library, but its not stateless? Is there some kind of library that helps me create stateless API's (with authentication)? I will want to use SSO (single sign on) like Google, Twitter etc. so it will be nice if the library handles that for me (like PassportJS does).
I am currently developing a REST API and using PassportJS Basic Auth (for dev purposes) with no sessions. You can tell the strategy to not use sessions:
passport.authenticate( 'basic', { 'session' : false } )
passport.authenticate( 'bearer', { 'session' : false } )
passport.authenticate( 'token', { 'session' : false } )
See here at the bottom.