passport and JWT

6
votes

So i managed to get passport-twitter working together with jsonwebtoken library, but in order for it to work properly I have to use express-session as the middleware. I don't want to add session because I'm using jsonwebtoken to return the token.

Here's the code autheticate.js

router.get('/twitter', function(req, res, next){

  passport.authenticate('twitter', {session: false}, function(err, user, info){
    if(err){ return next(err); }

    if(user){
      var token = createToken(user);
      console.log(token);
      return res.json({token: token});
    } else {
      return res.status(401).json(info);
    }
  })(req, res, next);
});

I already added session: false as the argument, but on server.js it keeps spitting error, that i need to use express-session.

server.js

var express       = require('express');
var path          = require('path');
var logger        = require('morgan');
var bodyParser    = require('body-parser');
var mongoose      = require('mongoose');
var passport      = require('passport');
var session       = require('express-session');
var config        = require('./config');

mongoose.connect('mongodb://localhost', function() {
  console.log("Connected to the database");
})

require('./passport')(passport);

var app = express();

var authenticate  = require('./routes/authenticate')(app, express, passport);
var api           = require('./routes/api') (app, express, passport);
// uncomment after placing your favicon in /public
//app.use(favicon(__dirname + '/public/favicon.ico'));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(session({

    secret: config.TOKEN_SECRET,
    resave: true,
    saveUninitialized: true,
}));
app.use(express.static(path.join(__dirname, 'public')));
app.use(passport.initialize());



app.use('/auth', authenticate);
app.use('/api', api);

app.get('*', function(req, res) {
    res.sendFile(__dirname + '/public/app/views/index.html');
});


app.listen(3000, function(err) {
  if(err) {
    return res.send(err);
  }
  console.log("Listening on port 3000");
});

So whenever i delete app.use(session()) and try to authenticate with passport-twitter. I will get this error

error Oauth Strategy requires app.use(express-session));

I know that the obvious solution is to add that line, but I dont want to use session. Does Oauth 0.1 really need to use session?

1
node.jssessionoauthpassport.js
any answer to this question yet? - Alexander Mills
I too want to know it's solution. - Nivesh

1 Answers

2
votes

Passports OAuth based strategies use the session middleware to keep track of the login process. You do not need to use the session middleware for anything else, just base your authentication on your token and ignore the session.