Failed to find request token in session

[rnikitin]

Hi, few days ago we started to receive error messages from our application, saying that some of our users encounter errors with Twitter OAuth authorization:

Error: Failed to find request token in session
    at Strategy.OAuthStrategy.authenticate 

But the app worked fine for past 2 month without any issues.

So, we started to investigate the issue and for that we made a new small clean node.js application (https://github.com/rnikitin/twitter-oauth-test) following step by step the passport.js instructions. And if will you go to localhost:3000/auth/twitter after callback you will see this error:

Error: Failed to find request token in session
    at Strategy.OAuthStrategy.authenticate (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/passport-twitter/node_modules/passport-oauth1/lib/strategy.js:142:54)
    at Strategy.authenticate (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/passport-twitter/lib/strategy.js:85:40)
    at attempt (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/passport/lib/middleware/authenticate.js:337:16)
    at Object.authenticate [as handle] (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/passport/lib/middleware/authenticate.js:338:7)
    at next_layer (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/express/lib/router/route.js:103:13)
    at Route.dispatch (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/express/lib/router/route.js:107:5)
    at c (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/express/lib/router/index.js:195:24)
    at Function.proto.process_params (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/express/lib/router/index.js:251:12)
    at next (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/express/lib/router/index.js:189:19)
    at next (/Users/rnikitin/dev/rnikitin/twitter-oauth-test/node_modules/express/lib/router/index.js:166:38)

I also deployed this test app to a hosting, so you can go there: http://twitter-oauth-test.azurewebsites.net/auth/twitter/

Unfortunately the hosting hides all error messages from the remote user, but you will see exact same error message.

We spend whole day playing around but we were unable to figure it out. We tried everything - changing callback urls, domains, digging into passport-twitter module. We only found, that session comes back, but the value in session is undefined with this key.

So, does anybody has similar issues last few days? Do you have any ideas how to fix this issue?

[chilts]

I have just seen this too. I'm not sure why, but if I change my session line to not use secure, it works fine:

// app.use(session({ secret: 'blah', name: 'id', cookie: { secure: true }}))
app.use(session({ secret: 'blah', name: 'id' }))

Not sure why, but it does.

[ryanrhee]

I saw this error happen when I was going to localhost:3000. If I instead navigated to 127.0.0.1:3000, it works fine. (This is probably because the twitter callback URL is also set to 127.0.0.1:3000/..., and I'm guessing the browser keeps different cookies for the two hostnames.)

[Deamon12]

This api is broke.

[pavankris]

localhost -> 127.0.0.1 & cookie : { secure: false } did the trick

[maxevilmind]

works fine if you use 127.0.0.1 instead of localhost

[JuanMsanchez]

I was having the same issue on a production site on HA the twitter callback was falling on a different instance and was unable to find the token because it got deleted from the session on passport-oauth1/lib/strategy.js

Now im passing a custom requestTokenStore here to avoid the tokens beeing deleted from the session.

I'ts that approach ok? What would you suggest? Thanks!

[Dyceman]

+1