search

jaredhanson / passport-google-openidconnect

Google authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-google-oidc/?utm_source=github&utm_medium=referral&utm_campaign=passport-google-oidc&utm_content=about
MIT License
14 stars 1 forks source link

Chrome 97.0.4692.70 version on Android results in req.user being undefined #1

Open imseppl opened 2 years ago

imseppl commented 2 years ago

I have tried various web browsers on Android and found the latest version of Chrome 97.0.4692.70 results in req.user being undefined. This breaks all log in functionality with this web browser version.

req.user is called in the home page after res.redirect('/');

jaredhanson commented 2 years ago

To confirm: it does work on other browsers? Is there any information about changes specific to Chrome on Android that would cause this issue?

imseppl commented 2 years ago

Good questions. When upgrading to Chrome version from 96 to 97, on both Android and Windows desktop the req.user is undefined. The issue is not appearing on Firefox version 95. Same issue occurs with passport-google-oauth20. The issue is caused by the Chrome version 97, but maybe the node module such as winston are involved.

My Nodejs version v14.18.2

My Node modules "dependencies": { "body-parser": "^1.19.1", "chai": "^3.5.0", "cookie-session": "^2.0.0", "email-validator": "^2.0.4", "express": "^4.17.2", "express-handlebars": "^3.1.0", "express-limiter": "^1.6.1", "express-session": "^1.17.2", "express-socket.io-session": "^1.3.5", "geo-tz": "^4.0.2", "gulp": "^4.0.2", "gulp-autoprefixer": "^2.3.1", "gulp-minify-css": "^1.2.1", "gulp-sass": "^4.1.1", "helmet": "^3.23.3", "http-request": "^0.7.0", "http.min": "^1.3.2", "jquery": "^3.6.0", "jquery-easy-loading": "^1.3.0", "jsonwebtoken": "^8.5.1", "mocha": "^5.2.0", "moment-timezone": "^0.5.34", "mongoose": "^4.13.21", "multer": "^1.4.4", "node-restful": "^0.2.1", "nodemailer": "^4.7.0", "normalize.css": "^3.0.3", "passport": "^0.4.1", "passport-facebook": "^2.1.1", "passport-google-oauth": "^1.0.0", "passport-google-oauth20": "^2.0.0", "passport-google-oidc": "^0.1.0", "passport-local": "^1.0.0", "passport-twitter": "^1.0.4", "paypal-rest-sdk": "^1.8.1", "redis": "^2.8.0", "rookout": "^0.1.130", "sharp": "^0.26.3", "socket.io": "^2.4.1", "stripe": "^6.36.0", "svg-captcha": "^1.4.0", "tropo-webapi": "^15.13.0", "tz-lookup": "^6.1.25", "user-management": "^1.0.6", "validator": "^10.11.0", "winston": "^3.3.3" }

imseppl commented 2 years ago

What happens when you try it on Chrome version 97? Do you get the same issue?

jaredhanson commented 2 years ago

Have you taken any steps to pinpoint the issue to passport (or a strategy) in particular? Is it possible that the root cause is in another subsystem, such as session handling?

imseppl commented 2 years ago

I did try a work around with sessions, but gave up because I prefer to use req.user. It difficult to diagnose because of the google redirects. I could look at the change log for Chrome and what has changed in 97 version