Adetona
commented
6 years ago Have you installed the express-session package?
Closed quocson1 closed 2 years ago
Adetona
commented
6 years ago Have you installed the express-session package?
kantharia
commented
6 years ago @quocson1 - I am also getting the same error. @Adetona - After installation express-session I am not getting that error.
dalbodeule
commented
6 years ago I have to use passport-twitter without session. Is there a way?
akhoury
commented
5 years ago oauth1 requires a session, we need oauth2 https://github.com/jaredhanson/passport-twitter/issues/57
delantai
commented
5 years ago Also wondering about this. It looks like the session is just used to store the OAuth request token -- I'm considering looking into using a custom session strategy that leverages a JWT token. Would this be a bad idea @jaredhanson? Feel like I must be overlooking something obvious...
jaredhanson
commented
5 years ago @delantai - Either way, you are going to end up with a cookie and a session. If you are just trying to avoid a backend store, in order to be fully stateless, there are already solutions like client-sessions. No need to roll your own with JWTs.
delantai
commented
5 years ago Oh perfect, thanks Jared. Yep, was just to avoid setting up a session store for now. Appreciate the quick response :-).
jmtt89
commented
2 years ago umm right now i think not is more required the session for twitter auth process, according the twitter docs only needed do three request:
1- Request Token (https://developer.twitter.com/en/docs/authentication/api-reference/request_token) -> Use Consumer Key, Secret and CallbackUrl (oauth headers) and return oauth_token and oauth_token_secret on body
2- Auth on Twitter (https://developer.twitter.com/en/docs/authentication/api-reference/authenticate) -> Use oauth_token by query params to Twitter API -> send callback to callbackUrl with oauth_token & oauth_verifier in queryparams or just get the PIN if not use callback
3- Access Token (https://developer.twitter.com/en/docs/authentication/api-reference/access_token) -> Use oauth_token & oauth_verifier (or PIN)-> receive new oauth_token, oauth_token_secret and user_id in Body
ghost
commented
2 years ago Error: OAuth authentication requires session support. Did you forget to use express-session middleware?
Is there a way to fix without using session ????
What solution do you get when there should be no express-session package involved. Because I am stuck in there too
raxityo
commented
2 years ago Hey,
I have built several restful APIs that don't want to add session support, so I am sharing the way I am using a simple redis store to store the token:tokenSecret pair. Unfortunately, it's undocumented how the store is supposed to be implemented (or I couldn't find any documentation out there), but it's pretty straightforward if you see the usage of the store in passport-oauth1. Here is the store for example: https://gist.github.com/raxityo/f3872a4caeaa11f79921c3c252ceccc6
Our goal is to store the token:tokenSecret pair in some storage that can be retrieved later and it would be destroyed once the token has been used at step 3 above.
Hope it helps someone who runs into this situation.
Error: OAuth authentication requires session support. Did you forget to use express-session middleware?
Is there a way to fix without using session ????