Express OAuth strategies Login for Facebook

OAuth 2.0 is a delegation protocol, a means of letting someone who controls a resource allow a software application to access that resource on their behalf without impersonating them. Application using an external provider to register the web application, without the need to input their username and password. OAuth is mainly used by social platforms, such as Facebook, Twitter, and Google, to allow users to register with other websites using their social account.

Setting up OAuth strategies

Passport supports the basic OAuth strategy, which enables you to implement any OAuth-based authentication. However, it also supports a user authentication through major OAuth providers using wrapper strategies that help you avoid the need to implement a complex mechanism.

First, we have to create developer account from the OAuth provider, This application will have both an OAuth client ID and an OAuth client secret, which will allow you to verify your application against the OAuth provider.

Handling OAuth user creation

The OAuth user creation should be a bit different than the local signup() method. Since users are signing
up using their profile from other providers, the profile details are already present, which means you will
need to validate them differently. To do so, go back to your app/controllers/users.server.controller.js file, and add the following module method:







Using Passport’s Facebook strategy

Facebook is probably the world’s largest OAuth provider. Many modern web applications offer their users the ability to register with the web application using their Facebook profile. Passport supports Facebook OAuth authentication using the passport-facebook module.

Installing Passport’s Facebook strategy

npm install passport-facebook --save
npm install


Configuring Passport’s Facebook strategy

Before you begin configuring your Facebook strategy, you will have to go to Facebook’s developer home page at, create a new Facebook application, and set the local host as the application domain. After configuring your Facebook application, you will get a Facebook application ID and secret. You’ll need those to authenticate your users via Facebook, so let’s save them in our environment configuration file. Go to the config/env/development.js file and change it as follows: