Skip to content

Instantly share code, notes, and snippets.

@jaredhanson
Created April 30, 2012 16:20
Show Gist options
  • Save jaredhanson/2559730 to your computer and use it in GitHub Desktop.
Save jaredhanson/2559730 to your computer and use it in GitHub Desktop.
Restify and Passport /cc Hal Robertson
// Based off example code from Hal Robertson
// https://github.com/halrobertson/test-restify-passport-facebook
// See discussion: https://groups.google.com/forum/?fromgroups#!topic/passportjs/zCz0nXB_gao
var restify = require('restify')
// config vars
var FB_LOGIN_PATH = '/api/facebook_login'
var FB_CALLBACK_PATH = '/api/facebook_callback'
var FB_APPID = '<<YOUR APPID HERE>>'
var FB_APPSECRET = '<<YOUR APPSECRET HERE>>'
var SERVER_PREFIX = 'http://localhost:3000'
// set up server
var server = restify.createServer()
server.use(restify.queryParser());
// set up passport-facebook
var passport = require('passport')
, FacebookStrategy = require('passport-facebook').Strategy;
// initialize passport
server.use(passport.initialize());
// Sessions aren't used in this example. To enabled sessions, enable the
// `session` option and implement session support with user serialization.
// See here for info: http://passportjs.org/guide/configuration.html
var fb_login_handler = passport.authenticate('facebook', { session: false })
var fb_callback_handler = passport.authenticate('facebook', { session: false })
var fb_callback_handler2 = function(req, res) {
console.log('we b logged in!')
console.dir(req.user)
// be sure to send a response
res.send('Welcome ' + req.user.displayName);
}
server.get(FB_LOGIN_PATH, fb_login_handler)
server.get(FB_CALLBACK_PATH, fb_callback_handler, fb_callback_handler2)
passport.use(new FacebookStrategy({
clientID: FB_APPID,
clientSecret: FB_APPSECRET,
callbackURL: SERVER_PREFIX + FB_CALLBACK_PATH
},
function(accessToken, refreshToken, profile, done) {
console.log('accessToken='+accessToken+' facebookId='+profile.id)
return done(null, profile)
})
)
// Start the app by listening on <port>
var port = process.env.PORT || 3000
server.listen(port)
console.log('App started on port ' + port)
@netpoetica
Copy link

@jaredhanson & @halrobertson - Im curious - for res.send, how do you send that user object to an actual web page? I am under the impression that restify is strictly for REST API functionality, and that the server does not have the capacity to serve up my index.html page or any html page for that matter.

I mean, if I go to /login on the port that is handling my REST API, then, it redirects me to another page - that page is really on the same port as my API - not on the port that serves static files. Restify assumes that you will have a purely JSON API. Combining it with Passport and having it pass data to your pages seems like it would best be left to another framework like Express

Furthermore, the user would never go to /login at the port on the rest API --- they would be on your main page with on the /login page. If you redirect the users to /login (at your API port, ie 9000) and then Facebook callback sends them back to your website (on your website port, ie 8000), restify will not have any way of managing sessions/tokens, etc? Unless you're implicity constructing JSON responses from all of these API endpoints which give you the values that you will then POST or send via GET when making your next AJAX call?

Just seems confusing!

@city41
Copy link

city41 commented Oct 27, 2013

I'm quite new to Restify, so maybe I'm being a little naive. But Restify has a static files plugin where it can serve up static files: http://mcavage.me/node-restify/#Bundled-Plugins

I am using Restify for a REST API backend of an AngularJS based website. I am having Restify serve up my html, css and js files and it's working pretty well so far.

@andy-polhill
Copy link

@jaredhanson @halrobertson any chance you guys could make a quick addition as to how you would authenticate against subsequent endpoints?

I have the login working and the request token (using passport-google), however after the initial authentication I am not sure how to check for a user any subsequent endpoint requests. from what I have read I was expecting a user object to be available in the req, however this doesn't seem to be the case. Not sure if I've missed something.

Being a REST service I obviously don't want to use sessions, so should I just be calling..

server.get('/my/path', passport.authenticate('facebook', { session: false }), function() {
    /* do some stuff */
})

@gfhuertac
Copy link

@thatguynamedandy the same happened to me, and I had to be explicit in the property that will hold the user object, due to some issue with passport.js:

server.get('/my/path', passport.authenticate('facebook', { session: false, assignedProperty:'user' }), function() {
    /* do some stuff */
})

With that change everything worked ok ^^

@qrpike
Copy link

qrpike commented Mar 27, 2015

Doing this just keeps redirecting me to log in each time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment