search

drudge / passport-facebook-token

Passport strategy for authenticating with Facebook access tokens using the OAuth 2.0 API.
MIT License
390 stars 79 forks source link

Custom JWT token #86

Open brenwell opened 6 years ago

brenwell commented 6 years ago

Hey there guys. First thanks for the awesome library!

I was wondering if you had the time to push me in right direction. I would like user's to be able to login via the FB SDK and then send the accessToken to my server for authentication. Which works. But if I understood it correctly the FB accessToken is then used as the token to authorize every other call. I would like to have more than just FB login so I think I need a standard JWT token to use across all strategies. The question is how can I do this?

this is what I have so far

passport.use(new FacebookTokenStrategy(opts,
    function(accessToken, refreshToken, profile, done) {
        const user = {
            name: profile.displayName,
            email: profile.emails[0].value,
            facebookId: profile.id,
            facebookEmail: profile.emails[0].value,
            facebookUsername: profile.displayName,
            facebookFirstName: profile.name.givenName,
            facebookLastName: profile.name.familyName,
        }

        getOrCreateUser(user, (err, resp) => {
            const userWithToken = {
                ...profile,
                token: Token(user)
            }
            done(err, userWithToken)
        })

    }))

passport.serializeUser(function(user, done) {
    console.log('serializeUser',user)
    done(null, user._id);
});

passport.deserializeUser(function(id, done) {
    console.log('deserializeUser',id)
    getUserById(id, done)
});

auth.get('/facebook/token',
    passport.authenticate('facebook-token', { session: false }),
    function (req, res) {
        if (req.user)
        {
            res.status(200).json( {
                success : true,
                message : "User logged in",
                token: req.user.token,
                user: req.user
            });
        }
        else
        {
            res.status(401).json( {
                success : false,
                message : "User not logged in",
            });
        }
    }
);

The client would then send a request with accessToken and it will swap that for my custom JWT in all future requests.

I hope that made sense and thanks for any help

nabati commented 5 years ago

Not sure what the question is here really, but this sounds like the correct approach;

The client would then send a request with accessToken and it will swap that for my custom JWT in all future requests.

kanodianeha commented 3 years ago

I have a similar problem, is there a way I can use this library at server end along with other login mechanism like Twitter. For that, if I could send in a JWT token along with each request.