search

jaredhanson / passport-facebook

Facebook authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-facebook/?utm_source=github&utm_medium=referral&utm_campaign=passport-facebook&utm_content=about
MIT License
1.29k stars 446 forks source link

Question about FB documentation... needs an update? #292

Open armyofda12mnkeys opened 1 year ago

armyofda12mnkeys commented 1 year ago

Had a question about the FB passport README (which i guess also shows up on the docs here: https://www.passportjs.org/concepts/authentication/facebook/ )...

The docs/README insert a user if the user never signed in yet: db.run('INSERT INTO users (name) VALUES (?)', [profile.displayName]

Only thing inserted there is a displayName from FB (and implicitly a autoincremented ID). That autoincremented ID then gets inserted into federated_credentials along with their unique FB ID (profile.id).

db.run('INSERT INTO federated_credentials (user_id, provider, subject) VALUES (?, ?, ?)', [
            id,
            'https://www.facebook.com',
            profile.id
          ]

Later if the user is signing in and they already signed in be4 (and hence exist in the above 2 tables), it will try to get their info from the DB... the cred.user_id i assume is FB passing along their unique FB ID from the front-end to this back-end url ... db.get('SELECT * FROM users WHERE id = ?', [ cred.user_id ], function(err, user) { But that FB ID isn't inserted initially in the user table, its in the other federated_credentials table?

Should the docs be updated so the query to find the user searches the federated_credentials table (and then joins back to user to get other fields that may be in there like displayName/email ?

Thanks, Arian