OAuth 2.0 is a delegation protocol, a means of letting someone who controls a resource allow a software application to access that resource on their behalf without impersonating them. Application using an external provider to register the web application, without the need to input their username and password. OAuth is mainly used by social platforms, such as Facebook, Twitter, and Google, to allow users to register with other websites using their social account.
Setting up OAuth strategies
Passport supports the basic OAuth strategy, which enables you to implement any OAuth-based authentication. However, it also supports a user authentication through major OAuth providers using wrapper strategies that help you avoid the need to implement a complex mechanism.
First, we have to create developer account from the OAuth provider, This application will have both an OAuth client ID and an OAuth client secret, which will allow you to verify your application against the OAuth provider.
Handling OAuth user creation
The OAuth user creation should be a bit different than the local signup() method. Since users are signing
up using their profile from other providers, the profile details are already present, which means you will
need to validate them differently. To do so, go back to your app/controllers/users.server.controller.js file, and add the following module method:
Using Passport’s Facebook strategy
Facebook is probably the world’s largest OAuth provider. Many modern web applications offer their users the ability to register with the web application using their Facebook profile. Passport supports Facebook OAuth authentication using the passport-facebook module.
Installing Passport’s Facebook strategy
Configuring Passport’s Facebook strategy
Before you begin configuring your Facebook strategy, you will have to go to Facebook’s developer home page at https://developers.facebook.com/, create a new Facebook application, and set the local host as the application domain. After configuring your Facebook application, you will get a Facebook application ID and secret. You’ll need those to authenticate your users via Facebook, so let’s save them in our environment configuration file. Go to the config/env/development.js file and change it as follows: