In addition to authenticating with Google (with which the middleware works OK in my app) I would like to offer Facebook login as well.
I do not know whether the fault is the middleware but the Facebook authentication fails receiving an HTTP 400 when making the access token request (to https://graph.facebook.com/v17.0/oauth/access_token). The parameters to the request look fine to me but weirdly the Facebook docs says to make a GET request, though it is my understanding that the OAuth2 spec says it MUST be a POST request. Accordingly, IIUC the Facebook docs the parameters should be sent as query parameters instead of as a form-encoded request body.
So it looks like this is not the fault of the middleware code, but I wonder if anyone else have had success authenticating with Facebook using it, or if the code can be adapted to make it work? I understand it not desired to make work-arounds for specific authentication providers (however prominent), but I just think it's weird that one of the top two Oauth2 authentication providers seemingly don't adhere to the spec at all, so perhaps I'm missing something?
I think that officially Facebook recommends using their own JS SDK for oauth-authentication, though it woud be a nuisance to have to resort to it.
In addition to authenticating with Google (with which the middleware works OK in my app) I would like to offer Facebook login as well.
I do not know whether the fault is the middleware but the Facebook authentication fails receiving an HTTP 400 when making the access token request (to https://graph.facebook.com/v17.0/oauth/access_token). The parameters to the request look fine to me but weirdly the Facebook docs says to make a GET request, though it is my understanding that the OAuth2 spec says it MUST be a POST request. Accordingly, IIUC the Facebook docs the parameters should be sent as query parameters instead of as a form-encoded request body.
So it looks like this is not the fault of the middleware code, but I wonder if anyone else have had success authenticating with Facebook using it, or if the code can be adapted to make it work? I understand it not desired to make work-arounds for specific authentication providers (however prominent), but I just think it's weird that one of the top two Oauth2 authentication providers seemingly don't adhere to the spec at all, so perhaps I'm missing something?
I think that officially Facebook recommends using their own JS SDK for oauth-authentication, though it woud be a nuisance to have to resort to it.