4

After I successfully log in using a Google account, in the callback request, req.user is set to the right user and req.isAuthenticated() is true. Great!

However, any subsequent request will have req.user as undefined. No matter what I do.

The problem occurs with both passport-google-auth2 and passport-google-auth.

This is how my index.js looks like:

app.set('views', './src/express/views');
app.set('view engine', 'jsx');
app.engine('jsx', expressReactViews.createEngine({ beautify: true }));

app.use(express.static('./dist'));
app.use(cookieParser());
app.use(bodyParser.json());
app.use( bodyParser.urlencoded({
    extended: true
}));
app.use(session({
    secret: 'keyboard cat',
    proxy: true,
    resave: true,
    saveUninitialized: true,
    cookie: { secure: true }
}));
app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, done) {
    // user is passed here correctly
    done(null, user.id);
});
passport.deserializeUser(function(userId, done) {
    db.connect(function(error, connection) {
        if(error) {
            done(error);
        }
        else {
            users.find(connection, userId, function (user) {
                connection.close();
                // user is populated here, don't worry :)
                done(null, user);
            });
        }
    });
});

passport.use(googleStrategy);

And this is how googleStrategy looks like:

module.exports = new GoogleStrategy(
    {
        clientID: '[FAKE]',
        clientSecret: '[FAKE]',
        callbackURL: 'http://localhost:3000/auth/google/callback'
    },
    function(accessToken, refreshToken, profile, done) {
        db.connect((error, connection) => {
            if(error) {
                done(error);
            }
            else {
                users.findOrCreateFromGoogleProfile(connection, profile, (error, user) => {
                    connection.close();
                    done(error, user);
                });
            }
        });
    }
);

This is how my auth router looks like:

router.route('/google/callback').get(passport.authenticate('google', {
    failureRedirect: '/error'
}), function(req, res) {
    // here everything works. req.user is correctly set and req.isAuthenticated() is true
    res.redirect('/index');
});

router.route('/google').get(passport.authenticate('google', {
    scope: ['https://www.googleapis.com/auth/userinfo.profile',
    'https://www.googleapis.com/auth/userinfo.email']
}));

module.exports = router;

Am I doing anything wrong?

Andre Pena
  • 56,650
  • 48
  • 196
  • 243

2 Answers2

2

I wish I could comment instead of directly answer this question.

Can you try running this instead?

router.route('/google/callback').get(passport.authenticate('google', {
    failureRedirect: '/error'
}), function(req, res) {
    // here everything works. req.user is correctly set and req.isAuthenticated() is true

    req.session.save(function(err) {

        res.redirect('/index');
    });
});

Since everything seems to work until after the redirect, this might fix the issue.

eddyjs
  • 1,270
  • 10
  • 20
  • Thanks for taking the time.. but it didn't work. I'm tired of tweaking properties with no results :( sometimes Node doesn't help at all – Andre Pena Jul 28 '15 at 01:51
  • 1
    :( sorry to hear that, the code looks fine to me otherwise. Good luck! – eddyjs Jul 28 '15 at 01:54
  • 1
    I thought of something that might work. Since everything seems to work until after the redirect, I've updated my answer with another possible solution. – eddyjs Jul 28 '15 at 02:10
  • Thanks again @edwinlin1987. But still it doesn't work. At this particular point `req.user` is there, but it's not in future requests. I'm convinced it has something to do with my app not being able to persist session or cookies. If you know how can I check that I'd appreciate. – Andre Pena Jul 28 '15 at 02:15
  • `req.session.save` doesn't trigger any exception though. – Andre Pena Jul 28 '15 at 02:15
  • I'm really sorry. My deserialize method was returning null even for valid users. I'm so embarassed I didn't realize that before. I appreciate you taking your time. I upvoted you so you could at least get some points. – Andre Pena Jul 29 '15 at 03:58
  • :) thanks andrerpena! I'm glad you figured it out, I learned a bit trying to figure out your problem as well – eddyjs Jul 29 '15 at 04:00
0

I would guess that the user info isn't being saved to the db.

If you go to the following link and remove your app/site from the list of approved connected apps/sites, are you then able to log in once more?

https://myaccount.google.com/security#connectedapps

Bear
  • 31
  • 1
  • 7