All geek questions in one place

PassportJs. How can I get facebook redirects without redirecting the user after calling passport.authenticate ('facebook')

I have a NodeJs REST service by calling him - NodeRest on my side and AngularJs on my side of the interface.

NodeRest is supposed to be used with mobile applications, as well as with web applications, in my case it is an AngularJs application.

The NodeRest architecture should solve the following problem when using PassportJs:

The server should not redirect the user to facebook for authorization when

app.get('/auth/facebook', passport.authenticate('facebook'));

.

In case he redirects it, the client will not receive anything, because the callback URL is associated with NodeRest httpL // noderest / facebook / callback. Instead, it should provide uri redirection, so I can send it back to the client (angularJs, mobile, etc.). Smth like this:

 app.get('/auth/facebook', passport.authenticate('facebook', function(redirectUri){ //emit socket event to the client with redirect uri as a response data. }));

I decided to use socket.io as a communication channel in the authorization process.

Customer:

 var socket = io.connect(baseUrl); socket.on('auth:facebook:callback:getCalled', function (data) { // callback get called on server side. // user has been authenicated. // so now, user can talk with our NodeRest server to get and post data. var firstName = data.firstName; var lastName = data.lastName; }); $http.get(baseUrl + '/login/facebook').success(function(data, status, headers, config){ redirectUriToAuthenticate = data; $location.path(data); });

The client will be responsible for redirecting to facebook / twitter, etc., in order to obtain user authorization. Immediately after this, the user will be redirected to the callback URL.

Server:

 app.get('/auth/facebook/callback', function(){ passport.authenticate('facebook', { successRedirect: '/', failureRedirect: '/login' }) //socket.io emit event to the client with user data. io.sockets.on('connection', function (socket) { socket.emit('auth:facebook:callback:getCalled', { data: User }); });

The general idea of ​​all this is to get permission from various client applications (mobile, web applications, desktop computers, etc.). The client should only be able to redirect uri to oauth2 providers (facebook, twitter, etc.) and redirect it to this uri by itself. NodeRest will take care of the next steps (i.e., it will handle the callback and notify the client).

I don't know if this is a good solution I'm working on, so any feedback would be more than helpful. I would appreciate any feedback.

Thanks in advance, Julian

+4
source share
1 answer

The passport is poorly documented on this issue - I also struggled with it for a long time. I found that you can call passport.authenticate (type, fn) (req, res, next) and inside fn, you can distinguish between a user who can log in and a user who cannot. It is up to you to call req.logIn.

Just FYI, I assume you are using sessions:

 module.exports.createSession = function(req, res, next) { passport.authenticate('local', function(err, user, info) { if (err) { res.json(500, {ok: false}); } else if(!user) { // you would probably want to do more work here // for example distinguishing between bad login credentials, // canceling, users not ready to log in (pending), etc. res.json(401, {ok: false}); } else { req.logIn(user, function(err) { if (err) { res.json(500,{ok: false}); } else { res.json(200, { ok:req.isAuthenticated(), username: req.user.username, email: req.user.email }); } }); } })(req, res, next); };

This is configured for local authentication, but I believe that it should work with the file system unchanged.

+1
source

Source: https://habr.com/ru/post/1500043/

More articles:


All Articles