Closed chanon closed 5 years ago
+1
Thanks for the write-up @chanon - I added a PR which covers off most of your points.
+1
For current users that have v2.8 apps before this PR can be merged, this issue seems to be fixable by updating the strategy configuration to include profileURL
, authorizationURL
, and tokenURL
but it's not easy to find out that's what you're supposed to do.
passport.use(new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "http://localhost:3000/auth/facebook/callback",
profileURL: 'https://graph.facebook.com/v2.8/me',
authorizationURL: 'https://www.facebook.com/v2.8/dialog/oauth',
tokenURL: 'https://graph.facebook.com/v2.8/oauth/access_token'
},
function(accessToken, refreshToken, profile, cb) {
User.findOrCreate({ facebookId: profile.id }, function (err, user) {
return cb(err, user);
});
}
));
@chanon There is 3.0.0 out, which uses API 3.2. Can we close this?
I set up a new "facebook app" for login with facebook for my site today. The app got minimum api as v2.8. I didn't notice at first and using my old passport code that worked perfectly in a previous project caused an error on the facebook page.
I wasted hours trying to change a lot of options including the profileURL and tokenURL but it still didn't work.
Turns out that I had to also set authorizationURL to https://www.facebook.com/v2.8/dialog/oauth too! (I saw this url from https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/)
This is related to: https://github.com/jaredhanson/passport-facebook/issues/180 and https://github.com/jaredhanson/passport-facebook/pull/181 but that covers only the profileURL and tokenURL
I suggest updating the defaults to v2.8 and possibly adding a 'facebookAPIVersion' option which will select the correct urls according to api version specified.
And/or at least the requirement and ability of setting the profileURL, tokenURL and authorizationURL should be documented in the README