Passport facebook token Oauth2 throwing Internal Server Errors when the token is good but works fine when token is wrong

Question

What am I missing here? I've been through all the threads here and googled it for a while:

• Whitelisted my machine's IP under the apps advanced settings.
• Double-checked the token and when it's expired I can see that error on the console.
• Double checked client + secret + origins in the app
• Tried things with a google oauth token and I get 'unauthorized' as intended.

But when all is good and I send a request with that good token either from Postman or from my frontend I get Internal Server Error telling me User is not defined at that line. What am I missing?

Route code:

app.get(
  '/user',
  passport.authenticate('facebook-token', { session: false }),
  function(req, res) {
    res.send('SUCCESS');
  }
);

All other code without imports:

app.use(cors());
app.use(express.json());
app.use(helmet());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(passport.initialize());
passport.use(
  new FacebookTokenStrategy(
    {
      clientID: config.get('facebook.clientID'),
      clientSecret: config.get('facebook.clientSecret')
    },
    function(accessToken, refreshToken, profile, done) {
      User.findOrCreate({ facebookId: profile.id }, function(error, user) {
        return done(error, user);
      });
    }
  )
);

and I'm importing the npm package exactly as in the docs:

const FacebookTokenStrategy = require('passport-facebook-token');

I'm all out of ideas on this one.

Answer 1

app.use(cors());
app.use(express.json());
app.use(helmet());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(passport.initialize());
passport.use(
  new FacebookTokenStrategy(
    {
      clientID: config.get('facebook.clientID'),
      clientSecret: config.get('facebook.clientSecret')
    },
    function(accessToken, refreshToken, profile, done) {
      return done(null, profile);
    }
  )
);

Try this