search

jaredhanson / passport-twitter

Twitter authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-twitter/?utm_source=github&utm_medium=referral&utm_campaign=passport-twitter&utm_content=about
MIT License
469 stars 130 forks source link

Passport-twitter fails when used with cookieSession and signed cookies #40

Open jc-tzn opened 10 years ago

jc-tzn commented 10 years ago

Hi all,

here is the configuration of my app:

var app = express();

app.configure(function(){
    app.use(express.compress());
    app.use(express.static(path.join(__dirname, 'public')));
    app.set('views', __dirname + '/views');
    app.set('view engine', 'ejs');
    app.set('port', process.env.PORT || 8000);
    app.use(express.favicon(__dirname + '/public/img/favicon.ico'));
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(express.cookieParser('keyboard cat'));
    app.use(express.cookieSession({ secret: 'keyboard cat', cookie: { maxAge: 1000*60*60*24*30, httpOnly: true } }));
    app.use(flash());
    app.use(passport.initialize());
    app.use(passport.session());

    app.use(function (req, res, next) {
        console.log(req.signedCookies['connect.sess']);
        next();
    });

    app.use(app.router);
});

When I get rid of the secret in cookieParser, everything works as expected but with the secret this is what happens: 

GET /auth/twitter 302 696ms

{ 
  passport: {},
  'oauth:twitter':
   { oauth_token: 'LKRBq2FP02cZhESVQT7vPoKoRAXS6Mon8Lm83P0Q',
     oauth_token_secret: 'SehbNP1rruTadMySb0b4UFwNJtAv3SQXysEijNjc' 
   } 
}

Error: Failed to find request token in session
    at Strategy.OAuthStrategy.authenticate (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport-twitter/node_modules/passport-oauth1/lib/strategy.js:142:54)
    at Strategy.authenticate (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport-twitter/lib/strategy.js:85:40)
    at attempt (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport/lib/passport/middleware/authenticate.js:243:16)
    at Passport.authenticate (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport/lib/passport/middleware/authenticate.js:244:7)
    at callbacks (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:161:37)
    at param (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:135:11)
    at pass (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:142:5)
    at Router._dispatch (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:170:5)
    at Object.router (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:33:10)
    at next (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/node_modules/connect/lib/proto.js:199:15)

GET /auth/twitter/callback?oauth_token=LKRBq2FP02cZhESVQT7vPoKoRAXS6Mon8Lm83P0Q&oauth_verifier=Yg5mHTVBCKR6F0Y092aY3rtlRnLcZpIy1t9lz9TuWA 500 8ms

So the token is present apparently, since it gets logged, but passport-twitter can't read it, is it because the value is signed?

I've read that thread which is why I tried without the secret in cookieParser but the thing is I need to sign cookie later on in the app so I need to keep the secret...

I've also read this similar issue but it doesn't seem to apply here. Any ideas?

TejasQ commented 5 years ago

+1.

It's been 5 years since this was opened so I'm wondering if there has been progress here.

Dyceman commented 5 years ago

+1

Mokin711 commented 3 years ago
ashishdocforce commented 3 years ago

Anyone found solution for this? @jc-tzn ?