I want to create service that let you login only with password. You type a password and if this password exists - you are logged in and if it's not - username is generated and password is encrypted. I'm having some misunderstandings and hope someone would help me to show where I'm mistaken. I guess, it would look somewhat like this in agularjs First we receive a password in login controller. $scope.signup = function() { var user = { password: $scope.password, }; $http.post('/auth/signup', user); }; Send it via http.post and get in in our node server file. We are provided with a compare password bcrypt function userSchema.methods.comparePassword = function(candidatePassword, cb) { bcrypt.compare(candidatePassword, this.password, function(err, isMatch) { if (err) return cb(err); cb(null, isMatch); }); }; So right now we are creating function to catch our http request app.post('/auth/signup', function(req, res, next) { Inside we use a compair password function to realize if such password exists or not yet. So we have to encrypt a password with bcrypt to make a comparison First we hash it same way as in .pre var encPass; bcrypt.genSalt(10, function(err, salt) { if (err) return next(err); bcrypt.hash(req.body.password, salt, function(err, hash) { if (err) return next(err); encPass=hash; )}; )}; We have encrypted password stored in encPass so now we follow to finding a user in database with this password User.findOne({ password: encPass }, function(err, user) { if (user) { //user exists, it means we should pass an ID of this user to a controller to display it in a view. I don't know how. res.send({user.name}) //like this? How should controller receive this? With $http.post? } else { and now if user doesn't exist - we should create it with user ID generated by my function var nUser = new User({ name: generId(), password: req.body.password }); nUser.save(function(err) { if (err) return next(err); )}; )}; )}; Am I doing anything right? I'm pretty new to js and angular. If so - how do I throw a username back at controller? If someone is interested - this service exists for 100+ symbol passphrases so possibility of entering same passphrase as someone else is miserable. And yeah, If someone logged in under 123 password - the other guy will log in as same user if he entered 123 password, but hey, you are warned to make a big passphrase. So I'm confident about the idea and I only need a help with understanding and realization.