Handling authentication in Nodejs Backend with Facebook SDK on frontend Unity3D

I am working on a Unity App. For login, there are two methods, one using Email and another using Facebook. In case of login separately, I do not have any problem. Registration and Login with Email works perfectly. And Login with Facebook works perfectly as well. Here's the workflow, I created just to make you clear.



There's another mongodb schema for account, which is used for login.

var Account = new Schema({
email: String,
password: String
});

Things to know about the backend API.

1. Passport is used for Authentication
2. Successful login returns email and token to the client through API.
3. On client, token is most to play game and use the overall features.

As I said, I have already covered the part when if a client registers and login using email, then client can use the app. But my confusion is handling the logins with Facebook. Facebook SDK is already integrated with the Unity App, and Login is success.

Now, how can I use the Facebook login information that is generated by the Facebook SDK onto my back end, so that I can authorize the user throughout the system, as done in email login.

Going through other questions in SO and Google, I came across passport-facebook-token, I also tried using the plugin but could not came up with the logic and flow for handling the data from SDK into the Nodejs API. Can someone help understand how it is done?

 

Once you've received a token through Facebook auth, you should be able to use that token to query the user information. So make another request to Facebook's API to retrieve the user information you need (making sure to send the auth token). Once that is done you can make a request to your server to register the user.

 

I think Auth code/token is unique for every request made by client. Say during registration we get the data and saved the data like Name, email, hobbies, and so on. But how is the login done next time when user tries to login in to the app.
Can you take some time to describe the flow? That would be very helpful.

 

It's been a while since I've worked with Facebook's API but if I remember correctly, once the user logs in successfully with Facebook they are given an auth token which has an expiry time on it (I think it is 30 days by default). You must pass this with the user details each time you make a call to the API.

Facebook should handle all the login requests but you can run a check to see if this is the first time the user has logged in before.

If they have logged in before and it was through Facebook, you would check to see if their registered email exists in your DB. If so, retrieve that user's information. Provided they successfully log in to Facebook you should receive a successful callback, in which you would handle the log in and retrieval of that user's data.

I would recommend looking here to aid your flow - https://developers.facebook.com/docs/games/gamesonfacebook/login

 

any new about this ?