passport-facebook-token
passport-facebook-token copied to clipboard
drudge
Both strategy function and passport.authenticate are called on protected end point
Hi I wrote an example server and client for your library.
One thing I am trying to figure out is, I noticed that both the
passport.use(new FacebookTokenStrategy({
clientID: 'TBD',
clientSecret: 'TBD'
}, function (accessToken, refreshToken, profile, done) {
<function 1>
...
and
app.get(
"/protected",
(req, res) => {
// calling this so as to catch error and respond without 500 and pass all the details to the user.
passport.authenticate('facebook-token', {session: false}, function (err, user, info) {
<function 2>
...
are executed every time I do an HTTP GET for the "/protected" end point.
Is it the case that passport.authenticate() is what calls the strategy function?
Also under what conditions does the library ping facebook to validate the token? I should think that if it is a known user and the time to live isn't expired we shouldn't have to do a lookup.
OK I think I may have cracked the case. passport.authenticate('facebook-token') does call the strategy registered before.
Also if I want to optimize the facebook API hit out I referred to I would need to do that logic myself and not call passport.authenticate.
Does that sound correct?
Yeah... I was also thinking about that. This strategy is called everytime we try to access a protected data. So if a user is not registered and he calls this endpoint, it will create a new user. But I dont think I want to create a new user from all the calls. Also I want multiple providers in my server.
