I am using passportjs for facebook authentication. Here is my facebook strategy:
passport.use(new FacebookStrategy({
clientID: config.facebook.clientID,
clientSecret: config.facebook.clientSecret,
callbackURL: config.facebook.callbackURL
}, function(accessToken, refreshToken, profile, done) {
User.findOne({ 'facebook.id': profile.id }, function (err, user) {
if (err) { return done(err); }
if (!user) {
user = new User({
name: profile.displayName,
email: profile.emails[0].value,
username: profile.username,
provider: 'facebook',
facebook: profile._json
});
user.save(function (err) {
if (err) {
console.log(err);
}
return done(err, user);
});
} else {
return done(err, user);
}
});
}));
I added the following routes:
app.get('/facebook/auth', passport.authenticate('facebook', { scope: [ 'email', 'user_about_me', 'publish_actions']}), function(req, res) { });
// I need the following fix due to this: http://stackoverflow.com/a/17015836/289246
app.get('/facebook/auth/callback', function(req, res, next) {
if (req.query && !req.query.error && req.query.error_code) {
req.query.error = true;
}
next();
},
passport.authenticate('facebook', { failureRedirect: '/facebook-auth-failure', successRedirect: '/auth-success', failureFlash: true })
);
app.get('/facebook-auth-failure', users.authFailure);
app.get('/auth-success', users.authSuccess);
My users.authFailure method is:
exports.authFailure = function (req, res) {
var error = ???
// How can I get here the error message??
res.render('auth-failure', {
error: error || 'An error has accured'
});
};
In case of facebook authentication failure, how can I get the error message (I want to display it to the user)?
Since you're using failureFlash, this should do it:
var error = req.flash('error');
I experienced many many problems and bugs and configurations issues during working with Passport. My solution was to move to Everyauth.
I don't know if this will be any use to you but I got access to flash messages this way.
When you are defining the FacebookStrategy use the passReqToCallback parameter.
passport.use(new FacebookStrategy({
clientID: facebook.getClientID(),
clientSecret: facebook.getClientSecret(),
callbackURL: facebook.getCallback(),
passReqToCallback: true
this will allow you to add the req.flash() as a parameter to the done() like so
return done(false, user, reg.flash('success', 'Sign in successfull'));
Hope that sheds some light on the situation for you or anybody else looking for help
Related
I'm working with nodejs+express+mongo and angularjs(MEAN). I'm login in with Facebook strategy for passport but I can't seem to find the way to access the user info(req.user) from my angular client.
It should be noted that the angular front is on another app and web server, apart from the node express mongo side.
This is my nodejs code:
passport.serializeUser(function(user, done){
done(null, user._id);
});
passport.deserializeUser(function(id, done){
UserModel.findById(id, function(err, user){
done(err, user);
});
});
passport.use(new FacebookStrategy({
clientID: config.facebook.appId,
clientSecret: config.facebook.appSecret,
callbackURL: config.facebook.redirectUri,
scope: config.facebook.scope,
profileFields: ['name','displayName','gender','profileUrl','email']
},
function(accessToken, refreshToken, profile, done) {
UserModel.findOne( {$or:[{'facebook_profile.id': profile.id},{'email':profile.emails[0].value}]}, function(err, user){
var newuser = new UserModel();
if(err){
return done(err);
}
if(user){
return done(null, user);
}
else {
newuser.facebook_profile.id = profile.id;
newuser.facebook_profile.name = profile.displayName
return done(null, newuser);
}
});
})
);
app.get('/auth/is_auth', function(req, res){
if (req.isAuthenticated()){
res.json(req.user);
}
})
After this, from Postman I call
http://localhost:3000/auth/is_auth
But req.isAuthenticated() is always FALSE
What can it be, I can't never get the user info
req.isAuthenticated() is false, if you use CORS and in your ajax request you didn't set withCredentials to true. Be sure withCredentials is set to true.
I have a sails app. I was trying to implement Facebook Login. When I click on the Login with facebook button i am getting this error:
error: A server error occurred in a request:
error: FacebookTokenError: This authorization code has been used.
Full error log looks like this:
error: A server error occurred in a request:
error: FacebookTokenError: This authorization code has been used.
at Strategy.parseErrorResponse (/home/node_modules/passport-facebook/lib/strategy.js:198:12)
at Strategy.OAuth2Strategy._createOAuthError (/home/node_modules/passport-facebook/node_modules/passport-oauth2/lib/strategy.js:341:16)
at /home/node_modules/passport-facebook/node_modules/passport-oauth2/lib/strategy.js:166:45
at /home/node_modules/passport-facebook/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:177:18
at passBackControl (/home/node_modules/passport-facebook/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:123:9)
at IncomingMessage.<anonymous> (/home/node_modules/passport-facebook/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
at IncomingMessage.emit (events.js:117:20)
at _stream_readable.js:944:16
at process._tickDomainCallback (node.js:492:13) { [FacebookTokenError: This authorization code has been used.]
name: 'FacebookTokenError',
message: 'This authorization code has been used.',
type: 'OAuthException',
code: 100,
subcode: undefined,
status: 500 }
Middleware code looks like this:
var passport = require('passport')
, FacebookStrategy = require('passport-facebook').Strategy
, moment= require('moment')
, momentTimeZone=require('moment-timezone')
, inflection = require('inflection')
, markdown = require('markdown').markdown
, URL =require('url')
, LocalStrategy=require('passport-local').Strategy
, config= require('./local')
, device = require('express-device')
var createUser = function (token, tokenSecret, profile, done) {
process.nextTick(function () {
User.findOne({
or: [
{uid: parseInt(profile.id)},
{uid: profile.id}
]
}
).exec(function (err, user) {
if (user) {
return done(null, user);
} else {
var data = {
provider: profile.provider,
uid: profile.id,
name: profile.displayName,
email: profile.email
};
if(profile.emails && profile.emails[0] && profile.emails[0].value) {
data.email = profile.emails[0].value;
}
if(profile.name && profile.name.givenName) {
data.firstname = profile.name.givenName;
}
if(profile.name && profile.name.familyName) {
data.lastname = profile.name.familyName;
}
User.create(data).exec(function (err, user) {
sails.log.info("Error",JSON.stringify(err))
return done(err, user);
});
}
});
});
};
module.exports = {
passport.use(new FacebookStrategy({
clientID: config.facebook.clientID,
clientSecret: config.facebook.clientSecret,
callbackURL: config.facebook.callbackURL,
profileFields: ['name', 'emails' ],
enableProof: true
},
function (accessToken, refreshToken, email, done)
{
//console.log("Auth done");
//done(null, email);
createUser
}
//createUser
//}
))
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
/*app.get("/auth/facebook", passport.authenticate("facebook", { scope: ['email', 'public_profile'] }));*/
app.get('/auth/facebook',
passport.authenticate('facebook', { scope: ['email', 'public_profile'] }));
app.get("/auth/facebook/callback",
passport.authenticate("facebook", {
successRedirect: "/",
failureRedirect: "/login"
}),
function(req, res) {
res.redirect('/');
});
app.get('/logout', function(req, res){
req.logout();
res.redirect('/');
});
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
app.use(passport.initialize());
app.use(passport.session());
app.use(device.capture());
device.enableDeviceHelpers(app)
}
}
};
Can anyone suggest why I am getting this error and any possible solution.
This error occurs when you logged using facebook login, after that delete the user record in your database. You must delete your APP in your facebook account and try again.
Another posibility is that you already are logged in, and your middleware is trying to login again. In your code, you are not checking if the user is already logged in before send the request to "auth/facebook. There is a simple way to prove this: Open a Chrome window in private mode, so no cookie is used, and try again your facebook login. Good Luck!
Probabily not exist some attributes of profile data. Try:
console.log(profile)
For verify all attributes of profile. In my case:
{ id: 'nnnnnnnn',
username: undefined,
displayName: 'My Name',
name:
{ familyName: undefined,
givenName: undefined,
middleName: undefined },
gender: undefined,
profileUrl: undefined,
provider: 'facebook',
_raw: '{"name":"My name","id":"nnnnnnnn"}',
_json: { name: 'My name', id: 'nnnnnnnn' } }
Not exist any attribute "email" or similar, this generate the error and not complete the cicle life of the authenticate:
error: FacebookTokenError: This authorization code has been used.
The attribute email not get because I hidden this in my account Facebook.
In your code:
...
var data = {
provider: profile.provider,
uid: profile.id,
name: profile.displayName,
email: profile.email
};
...
The line:
email: profile.email
You are already assuming that the attribute email is already exist.
Try:
email: (profile.emails && profile.emails[0]) ? profile.emails[0].value : ''
I saw this very nice article from Scotch.io:
https://scotch.io/tutorials/easy-node-authentication-linking-all-accounts-together
It is from January 2014, so it's getting a bit old :) but Chris shows us how we might check the value of req.user inside the passport.authenticate('linkedin') callback, like so:
passport.use(new LinkedInStrategy({
consumerKey: linkedinConfig.clientId,
consumerSecret: linkedinConfig.clientSecret,
callbackURL: serverBaseUrl + '/auth/linkedin/callback'
},
function (req, token, tokenSecret, profile, done) {
if (req.user) {
var user = req.user;
user.linkedin.id = profile.id;
user.linkedin.token = token;
user.save(function (err) {
if (err) {
done(err);
}
else {
done(null, user);
}
});
}
else{
User.findOne({'linkedin.id': profile.id}, function (err, user) {
if (err) {
done(err);
}
else if (user) {
done(null, user);
}
else {
done(null, null);
}
});
}
}
));
my question is - how did Chris get the req value passed to this callback?
in other words the callback signature is supposed to be this:
function (token, tokenSecret, profile, done)
not this
function (req, token, tokenSecret, profile, done)
...now passport appears to be standard Express middleware, with the signature of
module.exports = function(req,res,next){};
but I don't see how to access the req variable with Passport the way Chris does. Am I missing something from his article somehow?
Looking at tutorial , try this :
passport.use(new LinkedInStrategy({
consumerKey: linkedinConfig.clientId,
consumerSecret: linkedinConfig.clientSecret,
callbackURL: serverBaseUrl + '/auth/linkedin/callback',
passReqToCallback : true
}
LinkedIn strategy inherits from Oauth1 strategy in this line explains how works , this should be sufficient. hope it helps.
I know variations of this questions have been asked multiple times. My understanding is that you basically have to watch your if/else logic and make sure that done isn't being called multiple times.
Twitter and Google work fine. Facebook is giving me this error though:
Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
at ServerResponse.header (/Users/azerner/code/mean-starter/node_modules/express/lib/response.js:718:10)
at ServerResponse.location (/Users/azerner/code/mean-starter/node_modules/express/lib/response.js:835:8)
at ServerResponse.redirect (/Users/azerner/code/mean-starter/node_modules/express/lib/response.js:874:8)
at complete (/Users/azerner/code/mean-starter/node_modules/passport/lib/middleware/authenticate.js:241:26)
at /Users/azerner/code/mean-starter/node_modules/passport/lib/middleware/authenticate.js:250:15
at pass (/Users/azerner/code/mean-starter/node_modules/passport/lib/authenticator.js:427:14)
at Authenticator.transformAuthInfo (/Users/azerner/code/mean-starter/node_modules/passport/lib/authenticator.js:449:5)
at /Users/azerner/code/mean-starter/node_modules/passport/lib/middleware/authenticate.js:247:22
at /Users/azerner/code/mean-starter/node_modules/passport/lib/http/request.js:51:7
at pass (/Users/azerner/code/mean-starter/node_modules/passport/lib/authenticator.js:273:43)
at serialized (/Users/azerner/code/mean-starter/node_modules/passport/lib/authenticator.js:282:7)
at /Users/azerner/code/mean-starter/server/passport.js:17:5
at pass (/Users/azerner/code/mean-starter/node_modules/passport/lib/authenticator.js:290:9)
at Authenticator.serializeUser (/Users/azerner/code/mean-starter/node_modules/passport/lib/authenticator.js:295:5)
at IncomingMessage.req.login.req.logIn (/Users/azerner/code/mean-starter/node_modules/passport/lib/http/request.js:48:29)
passport.js
var LocalStrategy = require('passport-local').Strategy;
var FacebookStrategy = require('passport-facebook').Strategy;
var TwitterStrategy = require('passport-twitter').Strategy;
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
var mongoose = require('mongoose');
var User = mongoose.model('User');
var Local = mongoose.model('Local');
var Facebook = mongoose.model('Facebook');
var Twitter = mongoose.model('Twitter');
var Google = mongoose.model('Google');
var bcrypt = require('bcrypt');
var config = require('./config.json');
module.exports = function(passport) {
passport.serializeUser(function(user, done) {
done(null, user._id);
});
passport.deserializeUser(function(id, done) {
User
.findById(id).populate('local').exec()
.then(function(user) {
console.log('deserializeUser found user: ', user);
done(null, user);
}, done)
;
});
// LOCAL
passport.use(new LocalStrategy(function(username, password, done) {
Local
.findOne({ username: username })
.select('username role hashedPassword')
.exec()
.then(function(local) {
if (!local) {
return done(null, false);
}
var validPassword = bcrypt.compareSync(password, local.hashedPassword);
if (!validPassword) {
return done(null, false);
}
else {
User
.findOne({ local: local })
.populate('local')
.exec()
.then(function(user) {
return done(null, user);
})
;
}
})
;
}));
// FACEBOOK
passport.use(new FacebookStrategy({
clientID: config.facebookAuth.clientID,
clientSecret: config.facebookAuth.clientSecret,
callbackURL: config.facebookAuth.callbackURL
}, function(token, refreshToken, profile, done) {
// asynchronous
process.nextTick(function() {
Facebook
.findOne({ id: profile.id })
.select('id token')
.exec()
.then(function(facebook) {
if (facebook) {
User
.findOne({ facebook: facebook._id }).exec()
.then(function(user) {
return done(null, user);
})
;
}
else {
Facebook
.create({ id: profile.id, token: token })
.then(function(createdFacebook) {
User
.create({ facebook: createdFacebook })
.then(function(user) {
return done(null, user);
})
;
})
;
}
})
.then(function(err) {
return done(err);
})
;
});
}));
// TWITTER
passport.use(new TwitterStrategy({
consumerKey: config.twitterAuth.consumerKey,
consumerSecret: config.twitterAuth.consumerSecret,
callbackURL: config.twitterAuth.callbackURL
}, function(token, tokenSecret, profile, done) {
process.nextTick(function() {
Twitter
.findOne({ id: profile.id })
.select('id token')
.exec()
.then(function(twitter) {
if (twitter) {
User
.findOne({ twitter: twitter._id }).exec()
.then(function(user) {
return done(null, user);
})
;
}
else {
Twitter
.create({ id: profile.id, token: token })
.then(function(createdTwitter) {
User
.create({ twitter: createdTwitter })
.then(function(user) {
return done(null, user);
})
;
})
;
}
})
.then(null, function(err) {
return done(err);
})
;
});
}));
// GOOGLE
passport.use(new GoogleStrategy({
clientID: config.googleAuth.clientID,
clientSecret: config.googleAuth.clientSecret,
callbackURL: config.googleAuth.callbackURL
}, function(token, refreshToken, profile, done) {
process.nextTick(function() {
Google
.findOne({ id: profile.id })
.select('id token')
.exec()
.then(function(google) {
if (google) {
User
.findOne({ google: google._id }).exec()
.then(function(user) {
return done(null, user);
})
;
}
else {
Google
.create({ id: profile.id, token: token })
.then(function(createdGoogle) {
User
.create({ google: createdGoogle })
.then(function(user) {
return done(null, user);
})
;
})
;
}
})
.then(null, function(err) {
return done(err);
})
;
});
}));
};
auth.routes.js
var mongoose = require('mongoose');
var express = require('express');
var passport = require('passport');
var Auth = require('./auth.service.js');
try {
var User = mongoose.model('User');
}
catch(e) {
var User = mongoose.model('User', require('../users/user.model.js').UserSchema);
}
var router = express.Router();
// LOCAL
router.post('/login', passport.authenticate('local'), function(req, res) {
res.status(200).json(req.user);
});
router.get('/logout', Auth.isLoggedIn, function(req, res) {
req.logout();
res.status(204).end();
});
router.get('/current-user', Auth.isLoggedIn, function(req, res) {
res.status(200).json(req.user);
});
// FACEBOOK
router.get('/auth/facebook', passport.authenticate('facebook'));
router.get('/auth/facebook/callback',
passport.authenticate('facebook', {
successRedirect: '/',
failureRedirect: '/login'
})
);
// TWITTER
router.get('/auth/twitter', passport.authenticate('twitter'));
router.get('/auth/twitter/callback',
passport.authenticate('twitter', {
successRedirect: '/',
failureRedirect: '/login'
})
);
// GOOGLE
router.get('/auth/google', passport.authenticate('google', { scope: ['profile'] }));
router.get('/auth/google/callback',
passport.authenticate('google', {
successRedirect: '/',
failureRedirect: '/login'
})
);
module.exports = router;
It's also worth noting that I have been using this to block Facebook, but I unblocked it to work on this. I did the commands, force quit Chrome and reopened it, and now I can log into facebook.com fine.
Edit: Oh, and I checked MongoHub and it shows that the User (and Facebook subdocument) have been created.
I have set up my facebook login with passport-facebook like this
passport.use(new FacebookStrategy(secrets.facebook, function(req, accessToken, refreshToken, profile, done) {
if (req.user) {
User.findOne({ facebook: profile.id }, function(err, existingUser) {
if (existingUser) {
...bla bla
user.save(function(err) {
req.flash('info', { msg: 'Facebook account has been linked.' });
done(err, user);
});
});
}
});
} else {
User.findOne({ facebook: profile.id }, function(err, existingUser) {
if (existingUser) return done(null, existingUser);
User.findOne({ email: profile._json.email }, function(err, existingEmailUser) {
if (existingEmailUser) {
...bla bla
user.save(function(err) {
done(err, user);
});
}
});
});
}
}));
and my routes are like so :
router.get(namespace + '/auth/facebook', passport.authenticate('facebook', { scope: ['email', 'user_location'] }));
router.get(namespace + '/auth/facebook/callback', passport.authenticate('facebook', { failureRedirect: '/login' }), function(req, res) {
res.json({})
});
The thing is, I have more then one app running on this service and I want all of them to authenticate using facebook, but I want each one to query and save to a different db , meaning a different User model.
Can I pass it (the User) via the route call? Can I initiate several 'facebook logins' and use a different one for every app?