Configure Strategy

In the previous section, you registered the app with Facebook. In this section, you'll configure Passport with the information obtained during registration.

First, create a .env file to store the client ID and secret that were obtained from Facebook.

$ touch .env

Then, add the client ID and secret. The contents of .env should look as follows.


The client ID and secret obtained from Facebook should be inserted where noted.

Open routes/auth.js and add the following code at line 6 to configure the FacebookStrategy.

passport.use(new FacebookStrategy({
  clientID: process.env['FACEBOOK_CLIENT_ID'],
  clientSecret: process.env['FACEBOOK_CLIENT_SECRET'],
  callbackURL: '/oauth2/redirect/facebook',
  state: true
}, function verify(accessToken, refreshToken, profile, cb) {
  db.get('SELECT * FROM federated_credentials WHERE provider = ? AND subject = ?', [
  ], function(err, row) {
    if (err) { return cb(err); }
    if (!row) {'INSERT INTO users (name) VALUES (?)', [
      ], function(err) {
        if (err) { return cb(err); }

        var id = this.lastID;'INSERT INTO federated_credentials (user_id, provider, subject) VALUES (?, ?, ?)', [

        ], function(err) {
          if (err) { return cb(err); }
          var user = {
            id: id,
            name: profile.displayName
          return cb(null, user);
    } else {
      db.get('SELECT * FROM users WHERE id = ?', [ row.user_id ], function(err, row) {
        if (err) { return cb(err); }
        if (!row) { return cb(null, false); }
        return cb(null, row);

This configures the FacebookStrategy to fetch the user record associated with the Facebook account. If a user record does not exist, one is created the first time someone signs in. In either case, the user is authenticated.

The strategy is now configured. Next you will add session support to the app in order to maintain state when redirecting to Facebook.