Facebook-passport with JWT

541
February 28, 2017, at 11:12 PM

I've been using Passport on my server for user authentication. When a user is signing in locally (using a username and password), the server sends them a JWT which is stored in localstorage, and is sent back to server for every api call that requires user authentication.

Now I want to support Facebook and Google login as well. Since I began with Passport I thought it would be best to continue with Passport strategies, using passport-facebook and passport-google-oauth.

I'll refer to Facebook, but both strategies behave the same. They both require redirection to a server route ('/auth/facebook' and '/auth/facebook/callback' for that matter). The process is successful to the point of saving users including their facebook\google ids and tokens on the DB.

When the user is created on the server, a JWT is created (without any reliance on the token received from facebook\google).

     ... // Passport facebook startegy
     var newUser = new User();
     newUser.facebook = {};
     newUser.facebook.id = profile.id; 
     newUser.facebook.token = token; // token received from facebook
     newUser.facebook.name  = profile.displayName;   
     newUser.save(function(err) {
          if (err)
               throw err;
          // if successful, return the new user
          newUser.jwtoken = newUser.generateJwt(); // JWT CREATION!
          return done(null, newUser);
     });

The problem is that after its creation, I don't find a proper way to send the JWT to the client, since I should also redirect to my app.

app.get('/auth/facebook/callback',
    passport.authenticate('facebook', {
        session: false,
        successRedirect : '/',
        failureRedirect : '/'
    }), (req, res) => {
        var token = req.user.jwtoken;
        res.json({token: token});
    });

The code above redirects me to my app main page, but I don't get the token. If I remove the successRedirect, I do get the token, but I'm not redirected to my app.

Any solution for that? Is my approach wrong? Any suggestions will do.

Rent Charter Buses Company
READ ALSO
Right way to connect to Google Cloud SQL from Node.JS

Right way to connect to Google Cloud SQL from Node.JS

I followed the example on how to set up NodeJS to work with Cloud SQL, and generally got it to work, but with some workarounds on how to connect to the SQL server

596
Upload files with Multer without using action, method, encrypt=“multipart/form-data” attributes on form tag

Upload files with Multer without using action, method, encrypt=“multipart/form-data” attributes on form tag

so I'm trying to upload an image with Multer but I want to use Angular's $httppost to upload the file

521
Ip address range for India

Ip address range for India

How can understand if the ip address is from India or not? Is there any particular range for India? Basically I want to check if the ip received is from India or not

403