Created
December 4, 2018 20:06
-
-
Save saltukalakus/26dfe882fb3d8f60b751406e1459d820 to your computer and use it in GitHub Desktop.
Prevent Facebook users who doesn't give consent for email with an Auth0 rule.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function ( user, context, callback ) { | |
// Only execute for Facebook Logins | |
if ( context.connectionStrategy !== 'facebook' ) | |
return callback( null, user, context ); | |
// If User hasn't granted email permissions | |
if ( typeof user.email === 'undefined' ) { | |
// Load auth0 Management SDK | |
const ManagementClient = require( 'auth0@2.13.0' ).ManagementClient; | |
const management = new ManagementClient( { | |
domain: auth0.domain, | |
clientId: configuration.clientId, | |
clientSecret: configuration.clientSecret, | |
scope: 'delete:users' | |
} ); | |
// Get Facebook Identity Details | |
const facebookIdentity = _.find( user.identities, { connection: 'facebook' } ); | |
const fb_access_token = facebookIdentity.access_token; | |
const fb_user_id = facebookIdentity.user_id; | |
// throw error if no token has been found | |
if ( typeof fb_access_token === 'undefined' ) | |
return callback( new UnauthorizedError( 'facebook_token_not_found' ) ); | |
// throw error if no facebook user id is given | |
if ( typeof fb_user_id === 'undefined' ) | |
return callback( new UnauthorizedError( 'facebook_user_id_not_found' ) ); | |
// Make Delete App Request for the Facebook User so we can reauthorize it | |
// @see https://developers.facebook.com/docs/graph-api/reference/user/permissions/#Deleting | |
request.delete( `https://graph.facebook.com/v3.2/${ fb_user_id }/permissions`, { | |
headers: { | |
'Authorization': 'Bearer ' + fb_access_token | |
} | |
}, ( error, response, body ) => { | |
if ( error || response.statusCode !== 200 ) | |
return callback( new UnauthorizedError( 'facebook_permission_error' ) ); | |
// Delete Auth0 user | |
management.deleteUser( { id: user.user_id }, function( error ) { | |
if ( error ) | |
return callback( error ); | |
return callback( new UnauthorizedError( 'facebook_email_required' ) ); | |
} ); | |
} ); | |
} else { | |
// Proceed with login | |
return callback( null, user, context ); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment