I have an angular app running on separate domain than my api/auth server. For a local example: my angular app is on localhost:9000, and my api/auth server is on localhost:3000. Or if this was public and angular was on a CDN for example.
I would like to authenticate with Google and Facebook using a server/code flow. The examples I have seen either use window popups or cookies. Cookies are out of the question because of CORS issues and I would like this Web API to be usable in mobile apps as well.
I have found Sattelizer, which works good, but I am looking for a solution that works with Passport. Essentially a passport strategy that is used for exchanging the authorization code (passed from the angular app) for an access token, instead of just requesting the access token directly from the back-end.
If this doesn't exist, I might attempt to make one.
The Passport plugins I have looked at for Facebook and Google seemed to be geared towards having your sever request the authorization code, where as I was looking for a solution that has the client request the authorization code that gets passed back to your auth/api server for exchange.
I ended up creating a script to do this, though its not intended for production use, I created a video course around this subject since there wasn't much on it online.
http://www.pluralsight.com/courses/creating-apps-angular-node-token-authentication