Facebook strategy for Passport.js

Easy to use Facebook strategy. It's just OAuth2 for Facebook implementation.

Installation

# pnpm:
pnpm add @md03/passport-facebook
# npm:
npm install @md03/passport-facebook
# yarn:
yarn add @md03/passport-facebook

Options

• appSecret (optional) - if provided, strategy will send request with appsecret_proof parameter. Enable Require App Secret in Advanced Settings if you want to secure your Graph API calls (more info: https://developers.facebook.com/docs/graph-api/securing-requests%20/).

• apiVersion (default: v16.0) - you can provide specific Graph API version. Strategy is tested by default on v16.0.

• tokenFromRequest (optional) - strategy will use provided function to extract access token from request.

// example:
function getAccessToken(req: Request) {
  return req.query.accessToken;
}

• rawUser (optional) - strategy will return raw result from Facebook's API instead of transformed user object.

Important things

1. Use HTTPS
2. Secure Graph API calls with appsecret_proof (https://developers.facebook.com/docs/graph-api/securing-requests%20/)
3. Never include your secrets directly in your code base - use environment variables instead.

Read: https://developers.facebook.com/docs/facebook-login/security/#checklist