So basically when I use passport, no matter what oauth2 provider, when the provider redirects back to my callback to log in, so /auth/google/callback or something, the user then gets assigned a new session token for some reason. This is making it impossible to authenticate the state parameter in oauth2 due to a completely new session being assigned when accessing the callback. If I go to the callback myself in the url bar with a code parameter then it does not assign this new session. Why would this issue be occurring and how could i solve it? Is it a common issue?
An example of the code segment causing this:
`const session = require('express-session');
app.use(session({ secret: 'session_secret', resave: false, saveUninitialized: true,cookie: {maxAge: 172800000}}));
function discord_oauth2(route, clientId, clientSecret) {
app.get(/auth/discord/callback,passport.authenticate('discord', { failureRedirect: '/error_route' }),
function(req, res) {
console.log(req.session) //this is where I can see that a new session is being assigned, when redirected to this route.
So basically when I use passport, no matter what oauth2 provider, when the provider redirects back to my callback to log in, so /auth/google/callback or something, the user then gets assigned a new session token for some reason. This is making it impossible to authenticate the state parameter in oauth2 due to a completely new session being assigned when accessing the callback. If I go to the callback myself in the url bar with a code parameter then it does not assign this new session. Why would this issue be occurring and how could i solve it? Is it a common issue?
An example of the code segment causing this: `const session = require('express-session'); app.use(session({ secret: 'session_secret', resave: false, saveUninitialized: true,cookie: {maxAge: 172800000}}));
function discord_oauth2(route, clientId, clientSecret) {
const DiscordStrategy = require('passport-discord').Strategy;
passport.use(new DiscordStrategy({ clientID: clientId, clientSecret: clientSecret, callbackURL: url+route+'/callback', scope: ['identify', 'email'], }, (accessToken, refreshToken, profile, done) => { return done(null, profile); } )); serializeAndDeserializeUser('discord') app.get(route, function(req, res){ console.log(req.session) req.session.oauthState = Math.random().toString(36).substring(2, 15); passport.authenticate("discord", { scope: ["identify","email"], state: req.session.oauthState })(req, res); });
app.get(
/auth/discord/callback,passport.authenticate('discord', { failureRedirect: '/error_route' }), function(req, res) { console.log(req.session) //this is where I can see that a new session is being assigned, when redirected to this route.}`