Authentication using Facebook with Passportjs: what is accessToken for, what should I store after registration?
I am using Passport to register/authenticate using Facebook. When oAuth is successful, I am returned:
Now... when a user successfully registers using Facebook, I store
accessToken and the
When somebody wants to login, and goes through the oauth motions again, my app once more gets
accessToken is different. I actually expected the accessToken to be the same after the first authentication...
At this point, I am connecting my own local user with the facebook's
id field from the profile. But... how would I actually use accessToken? Does it even make sense to keep it? If so, why would I actually keep it?
I actually expect accessToken to be the same, and use that to match a successful login. I obviously can't do that... so I am confused!
You should store facebook Id. It should be in the
profile object. Access token will change according to facebooks policy of authorization. What you should be doing is
- Get the user to login through facebook
- Check his facebook id against the facebook id in your database.
Access tokens expire frequently as described here
This recipe can be found in it's original form on Stack Over Flow.