Facebook canvas authentication strategy for Passport.
Use this strategy to log users in to your Facebook Canvas app automatically.
Note: This strategy simply augments passport-facebook. If you don't need Canvas support you should use that instead.
Configuring Secure Canvas Url
As far as I know, Facebook has deprecated
Canvas Url in favour of
Secure Canvas Url and so requires setting up an SSL cert. You can produce a
self-signed certificate with a command such as this: (don't set a password for a testing cert)
# Ubuntusudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout self_signed_ssl.key -out self_signed_ssl.crt
Then you must tell
express to listen on another port, something like this:
var certificate =key: fsreadFileSyncpathresolve__dirname './self_signed_ssl.key' 'utf8'cert: fsreadFileSyncpathresolve__dirname './self_signed_ssl.crt' 'utf8'httpcreateServerapplisten3000;httpscreateServercertificate applisten3001;
This is the
Secure Canvas Url route that Facebook will POST data to.
Note If this is the first time the app has seen this user then redirect to
apppost'/auth/facebook/canvas'passportauthenticate'facebook' successRedirect: '/'failureRedirect: '/auth/facebook/canvas/autologin' ;
We cannot forward the user to another URL via HTTP redirect so we have to use a client-side js hack instead.
Please suggest a better solution: https://developers.facebook.com/docs/appsonfacebook/tutorial/#canvas
Now you should be able to navigate to your app page: https://apps.facebook.com/myapp/ and be prompted to approve the app. On subsequent visits you should be logged in automatically.