Facebook Passport- Case when User logged out facebook
I am using passport-facebook to handle facebook login for my site. Here's the relevant code:
Less Important:
passport.use(new FacebookStrategy({
// pull in our app id and secret from our auth.js file
clientID: configAuth.facebookAuth.clientID,
clientSecret: configAuth.facebookAuth.clientSecret,
callbackURL: configAuth.facebookAuth.callbackURL
},
// facebook will send back the token and profile
function (token, refreshToken, profile, done) {
// asynchronous
process.nextTick(function () {
//check for the user in db
...
if(user found..){
return done(null, user); // user found, return that user
}
else{
// if there is no user found with that email id, create them
var newUser = {};
............
return done(null, newUser);
}
Deserialise serialization:
// used to serialize the user for the session
passport.serializeUser(function (user, done) {
console.log('serializing user.');
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function (id, done) {
getDBHandle(function (db) {
db.collection('users').findOne({'id':id}, function (err, user) {
console.log('deserialize user.',id,user);
done(err, user);
});
});
});
Subscriber: // route for authentication and facebook login
app.get('/auth/facebook', passport.authenticate('facebook', { scope : 'email' }));
// handle the callback after facebook has authenticated the user
app.get('/auth/facebook/callback',
passport.authenticate('facebook', {
successRedirect : '/profile',
failureRedirect : '/'
}));
Tone sets : As soon as the user logs in, the user's loggedin information is saved req.user
in accordance with the passport.
app.get('/isAuthenticated',function(req,res){
...
res.send(req.user);
});
Now let's say a user logs out of their facebook account like passport knows that a logout event has occurred.
Basically, if a user logs out of fb, then even our application should take into account that the user is not logged in.
I tried calling isAuthenticated
after fb logout, passport still returns the same user information.
How should I handle this situation?
Do I need to call each time /auth/facebook
to check if the user is verified and not depending on req.user
?
source to share
No one has answered this question yet
Check out similar questions: