Facebook的Passport身份验证无效

Question

我尝试使用Facebook在node.js应用中进行身份验证。这是我的认可路线：

app.get(urls.authFbUrl, passport.authenticate('facebook', {
    scope: ['email']
}));
app.get(urls.authFbCallbackUrl, passport.authenticate('facebook', {
    successRedirect: urls.homeUrl,
    failureRedirect: urls.authFbUrl
}));

这是我的Facebook策略配置：

passport.use(new FacebookStrategy({
        clientID: configAuth.facebookAuth.clientID,
        clientSecret: configAuth.facebookAuth.clientSecret,
        callbackURL: configAuth.facebookAuth.callbackURL,
        profileFields: ['emails', 'name']
    },
    function(token, refreshToken, profile, done) {
        process.nextTick(function() {
            console.log(token);
            console.log(refreshToken);
            console.log(profile);
            UserModel.findOne({
                'authentications.facebook.id': profile.id
            }, function(err, user) {
                if (err) {
                    return done(err);
                }
                if (user) {
                    logger.debug('User found');
                    return done(null, user);
                } else {
                    var newUser = new UserModel();
                    newUser.authentications.facebook.id = profile.id;
                    newUser.authentications.facebook.token = token;
                    newUser.authentications.facebook.name = profile.name.givenName + ' ' + profile.name.familyName;
                    newUser.authentications.facebook.email = profile.emails[0].value;
                    newUser.email = profile.emails[0].value;
                    newUser.name = profile.name.givenName;
                    newUser.surname = profile.name.familyName;
                    newUser.active = true;
                    newUser.save(function(err) {
                        if (err) {
                            return done(err);
                        }
                        return done(null, newUser);
                    });
                }
            });
        });
    }));

我已经验证了我的应用密码，应用ID和回调网址。同时将应用域设置为localhost。然而，一旦成功重定向到主页，用户仍然没有经过身份验证，我的ACL会抛出401.任何想法为什么会发生这种情况？