moleculer-iam/dist/op/app/federation/facebook.js

Centralized IAM module for moleculer. Including a certified OIDC provider and an Identity provider for user profile, credentials, and custom claims management. Custom claims could be defined/updated by declarative schema which contains claims validation a

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.facebookProviderConfiguration = void 0;
const passport_facebook_1 = require("passport-facebook");
const error_1 = require("../../proxy/error");
// facebook is not a OIDC provider; openid scope not supported
// phone scope is not supported (seems only for the whatsapp platform apps)
exports.facebookProviderConfiguration = {
    clientID: "",
    clientSecret: "",
    scope: "public_profile email",
    profileFields: ["id", "name", "displayName", "photos", "email"],
    enableProof: true,
    strategy: (options, verify) => {
        return new passport_facebook_1.Strategy(options, verify);
    },
    callback: async (args) => {
        const { accessToken, refreshToken, profile, scope, idp, logger } = args;
        // gather federation metadata
        const metadata = { federation: { facebook: { id: profile.id } } };
        // gather claims
        const claims = {
            name: profile.displayName,
            picture: profile.photos[0] && profile.photos[0].value || null,
            email: profile.emails[0] && profile.emails[0].value || null,
            email_verified: true,
        };
        if (!claims.email) {
            throw new error_1.OIDCProviderProxyErrors.FederationRequestWithoutEmailPayload();
        }
        if (!claims.picture) {
            delete claims.picture;
        }
        // find existing account
        let identity = await idp.find({ metadata });
        // connect the identity which has same email address
        if (!identity && claims.email) {
            identity = await idp.find({ claims: { email: claims.email } });
            // if (identity) {
            //   const oldClaims = await identity.claims("userinfo", "email");
            //   if (!oldClaims.email_verified) {
            //     throw new IAMErrors.UnexpectedError("cannot federate an existing account with non-verified email address");
            //   }
            // }
        }
        // update or create
        const upsertScopes = idp.claims.mandatoryScopes;
        if (identity) {
            if (await identity.isSoftDeleted()) {
                throw new error_1.OIDCProviderProxyErrors.FederationRequestForDeletedAccount();
            }
            await identity.updateMetadata(metadata);
            await identity.updateClaims(claims, upsertScopes, undefined, true);
            return identity;
        }
        else {
            return idp.create({
                metadata,
                claims,
                credentials: {},
                scope: upsertScopes,
            }, undefined, true);
        }
    },
};
//# sourceMappingURL=facebook.js.map