passport-twitter icon indicating copy to clipboard operation
passport-twitter copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Passport-twitter fails when used with cookieSession and signed cookies

Open jc-tzn opened this issue 11 years ago • 4 comments

Hi all,

here is the configuration of my app:

var app = express();

app.configure(function(){
    app.use(express.compress());
    app.use(express.static(path.join(__dirname, 'public')));
    app.set('views', __dirname + '/views');
    app.set('view engine', 'ejs');
    app.set('port', process.env.PORT || 8000);
    app.use(express.favicon(__dirname + '/public/img/favicon.ico'));
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(express.cookieParser('keyboard cat'));
    app.use(express.cookieSession({ secret: 'keyboard cat', cookie: { maxAge: 1000*60*60*24*30, httpOnly: true } }));
    app.use(flash());
    app.use(passport.initialize());
    app.use(passport.session());

    app.use(function (req, res, next) {
        console.log(req.signedCookies['connect.sess']);
        next();
    });

    app.use(app.router);
});

When I get rid of the secret in cookieParser, everything works as expected but with the secret this is what happens:

GET /auth/twitter 302 696ms

{ 
  passport: {},
  'oauth:twitter':
   { oauth_token: 'LKRBq2FP02cZhESVQT7vPoKoRAXS6Mon8Lm83P0Q',
     oauth_token_secret: 'SehbNP1rruTadMySb0b4UFwNJtAv3SQXysEijNjc' 
   } 
}

Error: Failed to find request token in session
    at Strategy.OAuthStrategy.authenticate (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport-twitter/node_modules/passport-oauth1/lib/strategy.js:142:54)
    at Strategy.authenticate (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport-twitter/lib/strategy.js:85:40)
    at attempt (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport/lib/passport/middleware/authenticate.js:243:16)
    at Passport.authenticate (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/passport/lib/passport/middleware/authenticate.js:244:7)
    at callbacks (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:161:37)
    at param (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:135:11)
    at pass (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:142:5)
    at Router._dispatch (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:170:5)
    at Object.router (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/lib/router/index.js:33:10)
    at next (/home/ec2-user/Dropbox/Work/Web Dev/RunningHeroes/node_modules/express/node_modules/connect/lib/proto.js:199:15)

GET /auth/twitter/callback?oauth_token=LKRBq2FP02cZhESVQT7vPoKoRAXS6Mon8Lm83P0Q&oauth_verifier=Yg5mHTVBCKR6F0Y092aY3rtlRnLcZpIy1t9lz9TuWA 500 8ms

So the token is present apparently, since it gets logged, but passport-twitter can't read it, is it because the value is signed?

I've read that thread which is why I tried without the secret in cookieParser but the thing is I need to sign cookie later on in the app so I need to keep the secret...

I've also read this similar issue but it doesn't seem to apply here. Any ideas?

jc-tzn avatar Dec 26 '13 17:12 jc-tzn

+1.

It's been 5 years since this was opened so I'm wondering if there has been progress here.

TejasQ avatar Dec 30 '18 18:12 TejasQ

+1

Dyceman avatar Mar 15 '19 14:03 Dyceman

  • 1

Mokin711 avatar Jun 19 '21 04:06 Mokin711

Anyone found solution for this? @jc-tzn ?

ashishdocforce avatar Jul 08 '21 15:07 ashishdocforce