Comments (11)
www-chique
commented on May 8, 2024
16
Is string state supports still?
My scenario is to pass some encoded JSON to /auth/facebook/callback with these extra parameters.
I need to avoid usage of session.
I had the very same situation.
However, I found a workaround
passport.authenticate("facebook", { scope: ["email"], state: "FOOBAR" }, async (err, user, info)=> {
console.log(req.query.state); //Receives here "FOOBAR"
})(req, res);
And
passport.use(
"facebook",
new FacebookStrategy(
{
clientID: ...,
clientSecret: ...,
callbackURL: ...,
profileFields: ...,
passReqToCallback: true,
},
async (req: Request, accessToken: string, refreshToken: string, profile: any, done: any) => {
console.log("state: " + req.query.state); //Works here too "FOOBAR"
}
)
);
So, instead of "FOOBAR", you can pass json string as well.
from passport-facebook.
wzup
commented on May 8, 2024
10
It is not documented, isn't it?
There is no any state word in a whole README.md.
1 . Why? Does it work whatsoever?
2. Where can I read ALL parameters that may be passed to strategy config? In one place, please. Now I have to search them all over the internet, one by one. passReqToCallback isn't mentioned in README.md as well. Now state. I'm curious how many good options are hidden? not documented properly.
from passport-facebook.
veeramarni
commented on May 8, 2024
6
any luck with custom state string?
from passport-facebook.
jaredhanson
commented on May 8, 2024
3
This is implemented in passport-oauth2 v1.0.0 (which passport-facebook v1.0.0 uses). To use it, enable state when creating your strategy:
var strategy = new FacebookStrategy({
clientID: 'ABC123',
clientSecret: 'secret',
state: true
}, function() {...});
from passport-facebook.
jayarjo
commented on May 8, 2024
2
I receive:
OAuth 2.0 authentication requires session support when using state. Did you forget to use express-session middleware
It's and API host so I'm not using sessions, am I obligated to? Can I switch this requirement off @jaredhanson, since I'm validating state manually in a different way?
from passport-facebook.
jaredhanson
commented on May 8, 2024
1
For those who stumble upon this issue looking for how to handle state in OAuth 2.0, [email protected] adds support for automatically persisting application-level state. More information is available on the blog: Application State in OAuth 2.0
from passport-facebook.
jaredhanson
commented on May 8, 2024
In this commit to passport-oauth, I've added support for a state option, which can be used like so:
passport.authenticate('facebook', { state: 'foo' })
Thinking this through a bit more though, it seems like it might be a better option to implement a boolean version of the option:
passport.authenticate('facebook', { state: true })
In that case, Passport would generate a unique nonce before redirecting, save it to the session, and then verify it on the callback route. The string-only option doesn't seem entirely useful, since the verification is more easily done inside Passport.
What do you think?
from passport-facebook.
arius25
commented on May 8, 2024
I think the second option (nonce generated and verified by Passport) is the better solution.
Thanks for getting to it so quickly!
On Thursday, June 7, 2012 at 7:44 PM, Jared Hanson wrote:
In this commit to passport-oauth, I've added support for a state option, which can be used like so:
passport.authenticate('facebook', { state: 'foo' })
Thinking this through a bit more though, it seems like it might be a better option to implement a boolean version of the option:
passport.authenticate('facebook', { state: true })
In that case, Passport would generate a unique nonce before redirecting, save it to the session, and then verify it on the callback route. The string-only option doesn't seem entirely useful, since the verification is more easily done inside Passport.
What do you think?
Reply to this email directly or view it on GitHub:
#14 (comment)
from passport-facebook.
jaredhanson
commented on May 8, 2024
Agreed. I'll get this option implemented in the next couple of days.
from passport-facebook.
koteisaev
commented on May 8, 2024
Is string state supports still?
My scenario is to pass some encoded JSON to /auth/facebook/callback with these extra parameters.
I need to avoid usage of session.
from passport-facebook.
CLClark
commented on May 8, 2024
Passing "state: true" causes the Strategy object, upon instantiation, to write itself a "_stateStore" property with the value coming from ('passport-oauth2/state/session').SessionStore. Look up that module to see how the "state" field is handled... There does not appear to be a way to modify the state constructor without editing the SessionStore code. SessionStore is referred to as SessionStateStore in the passport-oauth2 constructor (from which passport-facebook strategy inherits).
from passport-facebook.
Related Issues (20)
- Does passport-facebook work with https://github.com/facebook/react-native-fbsdk to retrieve refresh token?
- Logout_issue
- what if the user has multiple accounts on facebook and wanna switch to another account
- Hello HOT 1
- The re authenticate not working HOT 6
- i am getting an error of status code 500 from facebook
- Session Expired when using Passportjs Facebook from Facebook App in IOS HOT 1
- Hello
- Passport Facebook not redirecting correctly (Error Code 500) HOT 2
- instagram_basic permission getting ignored
- Warning Can't Load URL: HOT 2
- I am facing such issue anyone help me
- Facebook has detected that Secret isn't using a secure connection to transfer information.
- facebook login error : Sorry, something went wrong. We're working on getting this fixed as soon as we can. HOT 1
- FacebookToken Error via localhost HOT 2
- E11000 duplicate key error collection HOT 1
- Facebook allow Email scope not working, It's not return "email" ? HOT 4
- Lastest Facebook Version HOT 1
- Question about FB documentation... needs an update?
- https://www.facebook.com/login/Traci Cener
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-facebook.