nodejs/passport - Error: OAuthStrategy requires session support

Question

I am trying to set up a twitter connect on my web app using the passport module

I have implemented it as follow:

App.js file:

 /**
 * Module dependencies.
 */
var express     = require('express');
var user        = require('./server/routes/user');
var http        = require('http');
var path        = require('path');
var app         = express();
var passport    = require('passport');
var flash       = require('connect-flash');

require('./server/config/passport')(passport); // pass passport for configuration

// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

app.configure(function() {

    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.json());
    app.use(express.urlencoded());
    app.use(express.methodOverride());
    app.use(app.router);
    app.use(require('stylus').middleware(path.join(__dirname, 'public')));
    app.use(express.static(path.join(__dirname, 'public')));

    // set up our express application
    app.use(express.logger('dev')); // log every request to the console
    app.use(express.cookieParser()); // read cookies (needed for auth)
    app.use(express.bodyParser()); // get information from html forms

    app.set('view engine', 'ejs'); // set up ejs for templating

    // required for passport
    app.use(express.session({ secret: 'SECRET' })); // session secret
    app.use(passport.initialize());
    app.use(passport.session()); // persistent login sessions
    app.use(flash()); // use connect-flash for flash messages stored in session

});


// // routes ======================================================================
require('./server/routes/index')(app, passport); // load our routes and pass in our app and fully configured passport

I am using express.session but i get the following error message when trying to authenticate:

Error: OAuthStrategy requires session support. Did you forget app.use(express.session(...))?

Does anyone has an idea why I get this?

Answer 1

The order of loaded Express middlewares is not right. Try this:

// ...

app.configure(function() {
  app.use(express.favicon());
  app.use(express.logger('dev'));
  // The following two middlwares are NOT necessary because bodyParser includes them.
  // app.use(express.json());
  // app.use(express.urlencoded());
  app.use(express.methodOverride());

  app.use(express.cookieParser()); // read cookies (needed for auth)
  app.use(express.bodyParser()); // get information from html forms
  // required for passport
  app.use(express.session({ secret: 'SECRET' })); // session secret
  app.use(passport.initialize());
  app.use(passport.session()); // persistent login sessions
  app.use(flash()); // use connect-flash for flash messages stored in session

  app.use(app.router);
  app.use(require('stylus').middleware(path.join(__dirname, 'public')));
  app.use(express.static(path.join(__dirname, 'public')));
});

// ...

Answer 2

For 4.0 this changes a bit.

First, you'll need to install express-session and then, before you define your routes:

// Authentication configuration
app.use(session({
  resave: false,
  saveUninitialized: true,
  secret: 'bla bla bla' 
}));

You can latter you do the OAuth thing:

// Passport
app.use(passport.initialize());
app.use(passport.session());

passport.use(new TwitterStrategy({
   ...
));

Answer 3

Just add express-session to your main js file.

const session = require('express-session');
// After you declare "app"
app.use(session({ secret: 'melody hensley is my spirit animal' }));

Just like these guys do it for the LinkedIn commit.

Obviously don't forget to install express-session, so npm install express-session or add "express-session": "^1.15.3" to your package.json

Answer 4

If you are using the latest express (3.0) replace the cookie parser line with the following:

app.use(express.cookieParser("thissecretrocks"));

Worked for me for same error !!