{"id":13493766,"url":"https://github.com/jaredhanson/passport-facebook","last_synced_at":"2025-05-14T02:07:18.829Z","repository":{"id":1757353,"uuid":"2596658","full_name":"jaredhanson/passport-facebook","owner":"jaredhanson","description":"Facebook authentication strategy for Passport and Node.js.","archived":false,"fork":false,"pushed_at":"2024-04-21T10:14:29.000Z","size":169,"stargazers_count":1301,"open_issues_count":129,"forks_count":443,"subscribers_count":44,"default_branch":"master","last_synced_at":"2025-05-10T01:03:14.095Z","etag":null,"topics":["facebook","oauth2","passport"],"latest_commit_sha":null,"homepage":"https://www.passportjs.org/packages/passport-facebook/?utm_source=github\u0026utm_medium=referral\u0026utm_campaign=passport-facebook\u0026utm_content=about","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaredhanson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"jaredhanson"}},"created_at":"2011-10-18T03:44:47.000Z","updated_at":"2025-05-04T08:14:14.000Z","dependencies_parsed_at":"2024-06-18T11:14:03.408Z","dependency_job_id":null,"html_url":"https://github.com/jaredhanson/passport-facebook","commit_stats":{"total_commits":153,"total_committers":24,"mean_commits":6.375,"dds":"0.16993464052287577","last_synced_commit":"22aaab2a5c8b036e68287aa32ebe8f2bb68afb5c"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport-facebook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport-facebook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport-facebook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaredhanson%2Fpassport-facebook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaredhanson","download_url":"https://codeload.github.com/jaredhanson/passport-facebook/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253419594,"owners_count":21905431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["facebook","oauth2","passport"],"created_at":"2024-07-31T19:01:18.627Z","updated_at":"2025-05-14T02:07:13.811Z","avatar_url":"https://github.com/jaredhanson.png","language":"JavaScript","funding_links":["https://github.com/sponsors/jaredhanson"],"categories":["JavaScript"],"sub_categories":[],"readme":"# passport-facebook\n\n[Passport](https://www.passportjs.org/) strategy for authenticating with [Facebook](https://www.facebook.com/)\nusing [OAuth 2.0](https://www.passportjs.org/features/oauth2/).\n\nThis module lets you authenticate using Facebook in your Node.js applications.\nBy plugging into Passport, Facebook Login can be easily and unobtrusively\nintegrated into any application or framework that supports\n[Connect](https://github.com/senchalabs/connect#readme)-style middleware,\nincluding [Express](https://expressjs.com/).\n\n\u003cdiv align=\"center\"\u003e\n\n:seedling: [Tutorial](https://www.passportjs.org/tutorials/facebook/?utm_source=github\u0026utm_medium=referral\u0026utm_campaign=passport-facebook\u0026utm_content=nav-tutorial) •\n:brain: [Understanding OAuth 2.0](https://www.passportjs.org/concepts/oauth2/?utm_source=github\u0026utm_medium=referral\u0026utm_campaign=passport-facebook\u0026utm_content=nav-concept) •\n:heart: [Sponsors](https://www.passportjs.org/sponsors/?utm_source=github\u0026utm_medium=referral\u0026utm_campaign=passport-facebook\u0026utm_content=nav-sponsors)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"right\"\u003e\n  \u003csup\u003eDeveloped by \u003ca href=\"#authors\"\u003eJared Hanson\u003c/a\u003e.\u003c/sub\u003e\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003csup\u003eAdvertisement\u003c/sup\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://click.linksynergy.com/link?id=D*o7yui4/NM\u0026offerid=507388.922484\u0026type=2\u0026murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Fthe-complete-nodejs-developer-course-2%2F\u0026u1=1zlZ1AkoVQjosKoeCqb9osAgjkpQyUiZEQGmEc4SfB4OV\"\u003eThe Complete Node.js Developer Course\u003c/a\u003e\u003cbr\u003eLearn Node. js by building real-world applications with Node, Express, MongoDB, Jest, and more!\n\u003c/div\u003e\n\n---\n\n## Install\n\n```sh\n$ npm install passport-facebook\n```\n\n## Usage\n\n#### Register Application\n\nThe Facebook strategy authenticates users using their Facebook account.  Before\nyour application can make use of Facebook's authentication system, you must\nfirst [register](https://developers.facebook.com/docs/development/create-an-app)\nyour app.  Once registered, an app ID and secret will be issued which are used\nby Facebook to identify your app.  You will also need to configure a redirect\nURI which matches the route in your application.\n\n#### Configure Strategy\n\nOnce you've [registered your application](#register-application), the strategy\nneeds to be configured with your application's app ID and secret, along with\nits OAuth 2.0 redirect endpoint.\n\nThe strategy takes a `verify` function as an argument, which accepts\n`accessToken`, `refreshToken`, and `profile` as arguments.  `accessToken` and\n`refreshToken` are used for API access, and are not needed for authentication.\n`profile` contains the user's [profile information](https://www.passportjs.org/reference/normalized-profile/)\nstored in their Facebook account.  When authenticating a user, this strategy\nuses the OAuth 2.0 protocol to obtain this information via a sequence of\nredirects and API requests to Facebook.\n\nThe `verify` function is responsible for determining the user to which the\nFacebook account belongs.  In cases where the account is logging in for the\nfirst time, a new user record is typically created automatically.  On subsequent\nlogins, the existing user record will be found via its relation to the Facebook\naccount.\n\nBecause the `verify` function is supplied by the application, the app is free to\nuse any database of its choosing.  The example below illustrates usage of a SQL\ndatabase.\n\n```js\nvar FacebookStrategy = require('passport-facebook');\n\npassport.use(new FacebookStrategy({\n    clientID: process.env['FACEBOOK_APP_ID'],\n    clientSecret: process.env['FACEBOOK_APP_SECRET'],\n    callbackURL: 'https://www.example.com/oauth2/redirect/facebook',\n    state: true\n  },\n  function verify(accessToken, refreshToken, profile, cb) {\n    db.get('SELECT * FROM federated_credentials WHERE provider = ? AND subject = ?', [\n      'https://www.facebook.com',\n      profile.id\n    ], function(err, cred) {\n      if (err) { return cb(err); }\n      \n      if (!cred) {\n        // The account at Facebook has not logged in to this app before.  Create\n        // a new user record and associate it with the Facebook account.\n        db.run('INSERT INTO users (name) VALUES (?)', [\n          profile.displayName\n        ], function(err) {\n          if (err) { return cb(err); }\n          \n          var id = this.lastID;\n          db.run('INSERT INTO federated_credentials (user_id, provider, subject) VALUES (?, ?, ?)', [\n            id,\n            'https://www.facebook.com',\n            profile.id\n          ], function(err) {\n            if (err) { return cb(err); }\n            \n            var user = {\n              id: id,\n              name: profile.displayName\n            };\n            return cb(null, user);\n          });\n        });\n      } else {\n        // The account at Facebook has previously logged in to the app.  Get the\n        // user record associated with the Facebook account and log the user in.\n        db.get('SELECT * FROM users WHERE id = ?', [ cred.user_id ], function(err, user) {\n          if (err) { return cb(err); }\n          if (!user) { return cb(null, false); }\n          return cb(null, user);\n        });\n      }\n    });\n  }\n));\n```\n\n#### Define Routes\n\nTwo routes are needed in order to allow users to log in with their Facebook\naccount.  The first route redirects the user to the Facebook, where they will\nauthenticate:\n\n```js\napp.get('/login/facebook', passport.authenticate('facebook'));\n```\n\nThe second route processes the authentication response and logs the user in,\nafter Facebook redirects the user back to the app:\n\n```js\napp.get('/oauth2/redirect/facebook',\n  passport.authenticate('facebook', { failureRedirect: '/login', failureMessage: true }),\n  function(req, res) {\n    res.redirect('/');\n  });\n```\n\n## Examples\n\n* [todos-express-facebook](https://github.com/passport/todos-express-facebook)\n\n  Illustrates how to use the Facebook strategy within an Express application.  For\n  developers new to Passport and getting started, a [tutorial](https://www.passportjs.org/tutorials/facebook/)\n  is available.\n\n* [todos-express-facebook-popup](https://github.com/passport/todos-express-facebook-popup)\n\n  Illustrates how to use progressive enhancement to display the the Facebook\n  login dialog in a popup window.  State is kept during the OAuth 2.0 flow and\n  used to close the window for requests using that display mode.\n\n## FAQ\n\n##### How do I ask a user for additional permissions?\n\nIf you need additional permissions from the user, the permissions can be\nrequested via the `scope` option to `passport.authenticate()`.\n\n```js\napp.get('/auth/facebook',\n  passport.authenticate('facebook', { scope: ['user_friends', 'manage_pages'] }));\n```\n\nRefer to [permissions with Facebook Login](https://developers.facebook.com/docs/facebook-login/permissions/overview)\nfor further details.\n\n##### How do I re-ask for for declined permissions?\n\nSet the `authType` option to `reauthenticate` when authenticating.\n\n```js\napp.get('/auth/facebook',\n  passport.authenticate('facebook', { authType: 'reauthenticate', scope: ['user_friends', 'manage_pages'] }));\n```\n\nRefer to [re-asking for declined permissions](https://developers.facebook.com/docs/facebook-login/web#re-asking-declined-permissions)\nfor further details.\n\n##### How do I obtain a user profile with specific fields?\n\nThe Facebook profile contains a lot of information about a user.  By default,\nnot all the fields in a profile are returned.  The fields needed by an application\ncan be indicated by setting the `profileFields` option.\n\n```js\nnew FacebookStrategy({\n  clientID: FACEBOOK_APP_ID,\n  clientSecret: FACEBOOK_APP_SECRET,\n  callbackURL: \"http://localhost:3000/auth/facebook/callback\",\n  profileFields: ['id', 'displayName', 'photos', 'email']\n}), ...)\n```\n\nRefer to the [User](https://developers.facebook.com/docs/graph-api/reference/v2.5/user)\nsection of the Graph API Reference for the complete set of available fields.\n\n##### How do I include app secret proof in API requests?\n\nSet the `enableProof` option when creating the strategy.\n\n```js\nnew FacebookStrategy({\n  clientID: FACEBOOK_APP_ID,\n  clientSecret: FACEBOOK_APP_SECRET,\n  callbackURL: \"http://localhost:3000/auth/facebook/callback\",\n  enableProof: true\n}, ...)\n```\n\nAs detailed in [securing graph API requests](https://developers.facebook.com/docs/graph-api/securing-requests#appsecret_proof),\nrequiring the app secret for server API requests helps prevent use of tokens\nstolen by malicous software or man in the middle attacks.\n\n##### Why is #\\_=\\_ appended to the redirect URI?\n\nThis behavior is \"by design\" according to Facebook's response to a [bug](https://developers.facebook.com/bugs/318390728250352)\nfiled regarding this issue.\n\nFragment identifiers are not supplied in requests made to a server, and as such\nthis strategy is not aware that this behavior is exhibited and is not affected\nby it.  If desired, this fragment can be removed on the client side.  Refer to\nthis [discussion](http://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url) on\nStack Overflow for recommendations on how to accomplish such removal.\n\n## Authors\n\n- [Jared Hanson](https://www.jaredhanson.me/) { [![WWW](https://raw.githubusercontent.com/jaredhanson/jaredhanson/master/images/globe-12x12.svg)](https://www.jaredhanson.me/) [![Facebook](https://raw.githubusercontent.com/jaredhanson/jaredhanson/master/images/facebook-12x12.svg)](https://www.facebook.com/jaredhanson) [![LinkedIn](https://raw.githubusercontent.com/jaredhanson/jaredhanson/master/images/linkedin-12x12.svg)](https://www.linkedin.com/in/jaredhanson) [![Twitter](https://raw.githubusercontent.com/jaredhanson/jaredhanson/master/images/twitter-12x12.svg)](https://twitter.com/jaredhanson) [![GitHub](https://raw.githubusercontent.com/jaredhanson/jaredhanson/master/images/github-12x12.svg)](https://github.com/jaredhanson) }\n\n## License\n\n[The MIT License](http://opensource.org/licenses/MIT)\n\nCopyright (c) 2011-2023 Jared Hanson\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaredhanson%2Fpassport-facebook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaredhanson%2Fpassport-facebook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaredhanson%2Fpassport-facebook/lists"}