jaredhanson / passport-twitter

Twitter authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-twitter/?utm_source=github&utm_medium=referral&utm_campaign=passport-twitter&utm_content=about
MIT License
469 stars 130 forks source link

How to use passport-twitter without using session #96

Closed quocson1 closed 3 years ago

quocson1 commented 6 years ago

Error: OAuth authentication requires session support. Did you forget to use express-session middleware?

Is there a way to fix without using session ????

Adetona commented 6 years ago

Have you installed the express-session package?

kantharia commented 6 years ago

@quocson1 - I am also getting the same error. @Adetona - After installation express-session I am not getting that error.

dalbodeule commented 6 years ago

I have to use passport-twitter without session. Is there a way?

akhoury commented 5 years ago

oauth1 requires a session, we need oauth2 https://github.com/jaredhanson/passport-twitter/issues/57

delantai commented 5 years ago

Also wondering about this. It looks like the session is just used to store the OAuth request token -- I'm considering looking into using a custom session strategy that leverages a JWT token. Would this be a bad idea @jaredhanson? Feel like I must be overlooking something obvious...

jaredhanson commented 5 years ago

@delantai - Either way, you are going to end up with a cookie and a session. If you are just trying to avoid a backend store, in order to be fully stateless, there are already solutions like client-sessions. No need to roll your own with JWTs.

delantai commented 5 years ago

Oh perfect, thanks Jared. Yep, was just to avoid setting up a session store for now. Appreciate the quick response :-).

jmtt89 commented 3 years ago

umm right now i think not is more required the session for twitter auth process, according the twitter docs only needed do three request:

1- Request Token (https://developer.twitter.com/en/docs/authentication/api-reference/request_token) -> Use Consumer Key, Secret and CallbackUrl (oauth headers) and return oauth_token and oauth_token_secret on body

2- Auth on Twitter (https://developer.twitter.com/en/docs/authentication/api-reference/authenticate) -> Use oauth_token by query params to Twitter API -> send callback to callbackUrl with oauth_token & oauth_verifier in queryparams or just get the PIN if not use callback

3- Access Token (https://developer.twitter.com/en/docs/authentication/api-reference/access_token) -> Use oauth_token & oauth_verifier (or PIN)-> receive new oauth_token, oauth_token_secret and user_id in Body

ghost commented 2 years ago

Error: OAuth authentication requires session support. Did you forget to use express-session middleware?

Is there a way to fix without using session ????

What solution do you get when there should be no express-session package involved. Because I am stuck in there too

raxityo commented 2 years ago

Hey,

I have built several restful APIs that don't want to add session support, so I am sharing the way I am using a simple redis store to store the token:tokenSecret pair. Unfortunately, it's undocumented how the store is supposed to be implemented (or I couldn't find any documentation out there), but it's pretty straightforward if you see the usage of the store in passport-oauth1. Here is the store for example: https://gist.github.com/raxityo/f3872a4caeaa11f79921c3c252ceccc6

Our goal is to store the token:tokenSecret pair in some storage that can be retrieved later and it would be destroyed once the token has been used at step 3 above.

Hope it helps someone who runs into this situation.