Application State in OAuth 1.0

Following up on yesterday’s release of passport-oauth2 version 1.6.0, which introduced application-level state storage, the same capability is now available in passport-oauth1 version 1.2.0.

Application-level state storage can be enabled in any OAuth 1.0-based strategy, such as Twitter, by setting store: true as an option when constructing the strategy.

var TwitterStrategy = require('passport-twitter');

passport.use(new TwitterStrategy({
    consumerKey: process.env['TWITTER_CONSUMER_KEY'],
    consumerSecret: process.env['TWITTER_CONSUMER_SECRET'],
    callbackURL: '/auth/twitter/callback',
    store: true
  },
  function(token, tokenSecret, profile, cb) {
    // ...
  }
));

With the store option enabled, it is possible to pass a stateobject to passport.authenticate().

app.get('/auth/twitter',
  passport.authenticate('twitter', { state: { beep: 'boop' } }));

This state will be automatically persisted and rehydrated when the user is returned to the callback URL. The state is made available onreq.authInfo.

app.get('/auth/twitter/callback', 
  passport.authenticate('twitter', { failureRedirect: '/login' }),
  function(req, res) {
    var state = req.authInfo.state;
    // resume state...
  });