Created
February 4, 2014 20:28
-
-
Save anonymous/8811683 to your computer and use it in GitHub Desktop.
Use Passport.js to authenticate by access_token (the token generated and sent by client side)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is an example ment to demo how I managed to implement | |
| // passport login by given access token for both Google and FB. | |
| // I guess other oauth based logins will work as well. | |
| // It is usefull for Apps using their own client side oauth | |
| // for generating access token and then use the same token | |
| // to login into a web service. | |
| // Facebook has it's 'passport-facebook-token' package and | |
| // twitter as well but google doesn't have it's 'passport-google-token'. | |
| // That's why I needed this for my own project. | |
| var express = require('express'); | |
| var passport = require('passport'); | |
| var FacebookStrategy = require('passport-facebook').Strategy; | |
| var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy; | |
| var app = express(); | |
| app.use(passport.initialize()); | |
| passport.use(new GoogleStrategy({ | |
| clientID: config.passport.google.clientID, | |
| clientSecret: config.passport.google.clientSecret, | |
| callbackURL: "#" //not in use | |
| }, | |
| function(accessToken, refreshToken, profile, done) { | |
| User.findOrCreate({ googleId: profile.id }, function (err, user) { | |
| return done(err, user); | |
| }); | |
| } | |
| )); | |
| passport.use(new FacebookStrategy({ | |
| clientID: config.passport.facebook.clientID, | |
| clientSecret: config.passport.facebook.clientSecret, | |
| callbackURL: "#" //not in use | |
| }, | |
| function(accessToken, refreshToken, profile, done) { | |
| User.findOrCreate(..., function(err, user) { | |
| if (err) { return done(err); } | |
| done(null, user); | |
| }); | |
| } | |
| )); | |
| //Most of the following function is copied from passport-oauth2/lib/strategy.js::authenticate() | |
| var authenticate_by_token = function(req, options) { | |
| options = options || {}; | |
| var self = this; | |
| if (req.query && req.query.error) { | |
| return this.fail(); | |
| } | |
| if ((req.query && req.query.access_token) || (req.body && req.body.access_token)) { | |
| var accessToken = req.query.access_token || req.body.access_token; | |
| var refreshToken = req.query.refresh_token || req.body.refresh_token || ''; | |
| var params = {}; | |
| self._loadUserProfile(accessToken, function(err, profile) { | |
| if (err) { return self.error(err); }; | |
| function verified(err, user, info) { | |
| if (err) { return self.error(err); } | |
| if (!user) { return self.fail(info); } | |
| self.success(user, info); | |
| } | |
| if (self._passReqToCallback) { | |
| var arity = self._verify.length; | |
| if (arity == 6) { | |
| self._verify(req, accessToken, refreshToken, params, profile, verified); | |
| } else { // arity == 5 | |
| self._verify(req, accessToken, refreshToken, profile, verified); | |
| } | |
| } else { | |
| var arity = self._verify.length; | |
| if (arity == 5) { | |
| self._verify(accessToken, refreshToken, params, profile, verified); | |
| } else { // arity == 4 | |
| self._verify(accessToken, refreshToken, profile, verified); | |
| } | |
| } | |
| }); | |
| } | |
| } | |
| //override authenticate function with the new version | |
| FacebookStrategy.prototype.authenticate = authenticate_by_token; | |
| GoogleStrategy.prototype.authenticate = authenticate_by_token; | |
| //set routes | |
| app.post('login/fbtoken', passport.authenticate('facebook')); | |
| app.post('login/ggtoken', passport.authenticate('google')); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment