spolepal
commented
12 years ago I have the same problem with twitter strategy as well. The authorization screen ("Authorize [app name] to use your account?" )appears every time user logs in after logging out. This is the sample code I am using,
everyauth.twitter .consumerKey('key') .consumerSecret('secret') .findOrCreateUser( function (session, accessToken, accessTokenSecret, twitUser) { console.log(util.inspect(twitUser)); return usersByTwitId[twitUser.id] || (usersByTwitId[twitUser.id] = addUser('twitter', twitUser)); }) .redirectPath('/ts');
app.configure(function(){ app.set('views', dirname + '/views'); app.set('view engine', 'jade'); app.use(express.bodyParser()); app.use(express.cookieParser()); app.use(express.session({ secret: 'supersecretkeygoeshere', store: new MySQLStore({ client: mysql }) })); app.use(express.methodOverride()); app.use(everyauth.middleware()); app.use(app.router); app.use(express.static(dirname + '/public')); everyauth.helpExpress(app); });
npm list output
├── connect-mysql@0.2.5 ├─┬ everyauth@0.2.34 │ ├─┬ connect@2.3.9 │ │ ├── bytes@0.1.0 │ │ ├── cookie@0.0.4 │ │ ├── crc@0.2.0 │ │ ├── formidable@1.0.11 │ │ ├── fresh@0.1.0 │ │ ├── qs@0.4.2 │ │ └─┬ send@0.0.3 │ │ ├── mime@1.2.6 │ │ └── range-parser@0.0.4 │ ├── debug@0.5.0 │ ├── node-swt@0.1.1 │ ├── node-wsfederation@0.1.1 │ ├── oauth@0.9.8 │ ├── openid@0.4.2 │ ├── request@2.9.203 │ └─┬ xml2js@0.1.14 │ └── sax@0.4.2 ─┬ express@3.0.0rc3 │ ├── commander@0.6.1 │ ├─┬ connect@2.4.3 │ │ ├── bytes@0.1.0 │ │ ├── formidable@1.0.11 │ │ ├── pause@0.0.1 │ │ └── qs@0.4.2 │ ├── cookie@0.0.4 │ ├── crc@0.2.0 │ ├── debug@0.7.0 │ ├── fresh@0.1.0 │ ├── methods@0.0.1 │ ├── mkdirp@0.3.3 │ ├── range-parser@0.0.4 │ └─┬ send@0.0.3 │ └── mime@1.2.6 ├─┬ jade@0.27.2 │ ├── commander@0.6.1 │ └── mkdirp@0.3.0 ├─┬ mysql@0.9.6 │ └─┬ hashish@0.0.4 │ └── traverse@0.6.3 ├── request@2.10.0 ├─┬ sequelize@1.5.0 │ ├── commander@0.6.1 │ ├── generic-pool@1.0.9 │ ├── lingo@0.0.5 │ ├── moment@1.1.1 │ ├─┬ mysql@0.9.6 │ │ └─┬ hashish@0.0.4 │ │ └── traverse@0.6.3 │ ├── underscore@1.2.4 │ ├── underscore.string@2.0.0 │ └── validator@0.3.9 └─┬ xml2js@0.1.14 └── sax@0.4.2
yocontra
I am using everyauth with 37signals auth strategy. For a first time user, the oauth flow works fine i.e user is directed to /auth/37signals which starts the oauth flow. The callback in my app gets invoked, and then a new user is created with the refresh token and access token. I have couple of questions,
1) When the user logs out and tries to login, he is forced to do authorization again. This does not seem right. Ideally, the authorization must be skipped if the user is already logged into 37signals site. Is there something I am missing in configuring everyauth?
2) How is refresh flow handled in everyauth? If the access token expires, does everyauth make a backchannel request to 37signals site to get an access token without user intervention?
I would really appreciate if you can answer these questions.