Himmators Himmators - 5 months ago 36
Node.js Question

Can I use Passport.js and client-side facebook-authentification?

I'm building a REST-api that uses facebook for authentication, I think the best solution to be platform agnostic is to let the client deal with retrieving an auth-token from facebook and then use that to authenticate, to keep the API as clean as possible.

Is this at all possible?

Answer

You can use passport-facebook-token passport strategy instead of passport-facebook.

In this way you would get the token on the client-side and send it to the application using:

app.post('/auth/facebook/token',
    passport.authenticate('facebook-token'),
    function(req, res) {
        // do something with req.user
        res.send(req.user ? 200 : 401);
    }
);

The code above tries to find the token in GET /auth/facebook/token?access_token=<TOKEN_HERE>, in the HTTP header access_token and in the request body.

Comments