jwt and social auth

server.js

app.get('/auth/facebook/callback',
  passport.authenticate('facebook', { failureRedirect: '/error', session: false }),
  function(req, res) {
    var token = jwt.sign(req.user, secret, { expiresInMinutes: 60*5 });
    res.redirect('/#jwt=' + jwt);
  });