passport.js - facebook策略注销问题 [英] passport.js - facebook strategy logout issue

问题描述

我正在尝试使用此登录示例。示例工作，但是当我注销并尝试再次登录时，护照自动允许我在没有给我一个选项来更改Facebook用户。关于如何改变这种行为的任何想法？

I'm trying to set up facebook authentication using this login example. Example works but when I log out and try to log in again passport automatically lets me in without giving me an option to change facebook user. Any idea on how to change this behaviour?

推荐答案

默认情况下，如果您已经授权使用Facebook登录，则后续的身份验证请求将自动进行，不会提示用户再次授权。有三个选项可以改变这种行为：

By default, if you have already authorized login with Facebook, subsequent requests to authenticate will be automatic and won't prompt the user to authorize again. There are three options to change this behavior:

这是不可取的，因为您只想将用户从您的应用程序登录，而不是完全登录Facebook。

This is undesirable, since you only want to log the user out of your application and not Facebook entirely.

这是您最好的选择。为此，请将 HTTP DELETE 调用 https://graph.facebook.com/me/permissions 与一个有效的Facebook访问令牌。请阅读 https://developers.facebook.com/docs/reference/api / user /＃权限。

This is your best bet. To do this, make an HTTP DELETE call to https://graph.facebook.com/me/permissions with a valid Facebook access token. Read more at https://developers.facebook.com/docs/reference/api/user/#permissions.

时，重新验证。Facebook支持 auth_type 参数，这将提示每次当用户登录时设置为重新认证。请阅读 https://developers.facebook.com/docs / howtos / login / client-side-re-auth / 。

Facebook supports an auth_type parameter, which will prompt the user to login each time when set to reauthenticate. Read more at https://developers.facebook.com/docs/howtos/login/client-side-re-auth/.

Passport.js不支持将此参数开箱即可，因此您可以必须做一些小黑客攻击，使其在您的应用程序中工作，或提交拉扯请求到护照 - Facebook GitHub项目。

Passport.js does not support passing this parameter out of the box, so you might have to do a little hacking to get it working in your application, or submit a pull request to the passport-facebook GitHub project.

但是，您可以选择提示用户每次通过使用特定参数来重新认证。工作，但黑客和不推荐的方法如下：

However, you can optionally prompt the user to reauthenticate each time by using a specific parameter. Working but hacky and not-recommended way of doing this below:

FacebookStrategy.prototype.authorizationParams = function (options) {
  var params = {},
      display = options.display,
      auth_type = options.auth_type;
  if (display) params['display'] = display;
  if (auth_type) params['auth_type'] = auth_type;
  return params;
};
passport.use(new FacebookStrategy({
    clientID: FACEBOOK_APP_ID,
    clientSecret: FACEBOOK_APP_SECRET,
    callbackURL: "http://localhost:3000/auth/facebook/callback",
    auth_type: "reauthenticate"
  },
  function(accessToken, refreshToken, profile, done) {
    process.nextTick(function () {
      return done(null, profile);
    });
  }
));

这篇关于passport.js - facebook策略注销问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！