GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → parse-community → parse-facebook-user-session

parse-community / parse-facebook-user-session

Licence: other
A Cloud Code module to facilitate logging into an express website with Facebook.

Programming Languages

javascript
184084 projects - #8 most used programming language

parse-facebook-user-session

A Cloud Code module to facilitate logging into an express website with Facebook.

If you'd like to require users to be logged into Facebook to access pages on your site, it's easy using the parseFacebookUserSession middleware module. First set up the parseExpressCookieSession as described in our express docs.

var parseExpressHttpsRedirect = require('parse-express-https-redirect');
var parseExpressCookieSession = require('parse-express-cookie-session');
var parseFacebookUserSession = require('cloud/parse-facebook-user-session');

// ... Configure the express app ...

app.use(parseExpressHttpsRedirect());  // Require user to be on HTTPS.
app.use(express.bodyParser());
app.use(express.cookieParser('YOUR_SIGNING_SECRET'));
app.use(parseExpressCookieSession({ cookie: { maxAge: 3600000 } }));

Then use the parseFacebookUserSession middleware on any page that you want to require Facebook login on. Whenever the page is visited, if the user has not logged into your app with Facebook, they will be redirected to Facebook's site to start an OAuth flow. Once they get a login token from Facebook, they will be redirected back to an endpoint on your site. In the example below, the endpoint is /login. The middleware module takes care of handling that endpoint for you, authenticating the user and redirecting them back to the original page they tried to visit. To enable this on every page, use the app.use express method.

app.use(parseFacebookUserSession({
  clientId: 'YOUR_FB_CLIENT_ID',
  appSecret: 'YOUR_FB_APP_SECRET',
  redirectUri: '/login',
  scope: 'user_friends',
}));

If you'd like to only require Facebook Login on certain pages, you can include the middleware in your routing commands.

var fbLogin = parseFacebookUserSession({
  clientId: 'YOUR_FB_CLIENT_ID',
  appSecret: 'YOUR_FB_APP_SECRET',
  redirectUri: '/login',
  scope: 'user_friends',
});

// To handle the login redirect.
app.get('/login', fbLogin, function(req, res) {});

app.get('/stuff', fbLogin, function(req, res) {
  // This page requires Facebook login.
});

You can access the user on any page with Parse.User.current.

app.get('/', function(req, res) {
  var user = Parse.User.current();

  res.render('hello', {
    message: 'Congrats, you are logged in, ' + user.get('username') + '!'
  });
});

You should also provide an endpoint to let the user log out. This is as simple as calling Parse.User.logOut().

app.get('/logout', function(req, res) {
  Parse.User.logOut();
  res.render('hello', { message: 'You are now logged out!' });
});

As a side effect of using this module, you will see objects created in your app's data for the ParseFacebookTokenRequest class. You can safely ignore this class. It is used to keep track of the CSRF protection tokens and redirect URLs of users who are currently in the process of logging in.

In order for the ParseFacebookTokenRequest to be created, you may need to enabled client class creation in your app's settings, if you've previously disabled it. Once the ParseFacebookTokenRequest class is created, you should go into the class-level permissions for the class and disable all permissions. This cloud module uses master key access to access the tables.

As of April 5, 2017, Parse, LLC has transferred this code to the parse-community organization, and will no longer be contributing to or distributing this code.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].