Facebook Passport Strategy:

AccessToken is returned with the profile.

Suppose you installed the following:

 // .: Passport Strategy :. const Strategy = require('passport-facebook').Strategy; passport.use(new Strategy({ clientID:"IDxxxxxxxxxxxxxxxxxxx", clientSecret:"SECRETxxxxxxxxxxxxxxxxxxx", profileFields: ['id', 'displayName', 'name', 'picture.type(large)', 'emails'], callbackURL:"http://localhost:1337/login/facebook/return" }, FacebookAccess ) ) function FacebookAccess(accessToken, refreshToken, profile, cb){ // accessToken : valid FB.GraphAPI token // refreshToken : undefined for Facebook profile.token = accessToken return cb(null, profile); } 

The token is included in the profile object, which is passed along with pass.serializeUser , which you decide, for example:

 passport.serializeUser(function(user, cb){ var platform_user = { fbid:user.id, name:user.displayName, mail:user.emails[0].value, token:user.token, avtr:user.photos[0].value } cb(null, platform_user) })