Application State in OAuth 1.0
Published in
Jul 2, 2021
Following up on yesterday’s release of passport-oauth2
version 1.6.0, which introduced application-level state storage, the same capability is now available in passport-oauth1
version 1.2.0.
Application-level state storage can be enabled in any OAuth 1.0-based strategy, such as Twitter, by setting store: true
as an option when constructing the strategy.
var TwitterStrategy = require('passport-twitter');
passport.use(new TwitterStrategy({
consumerKey: process.env['TWITTER_CONSUMER_KEY'],
consumerSecret: process.env['TWITTER_CONSUMER_SECRET'],
callbackURL: '/auth/twitter/callback',
store: true
},
function(token, tokenSecret, profile, cb) {
// ...
}
));
With the store
option enabled, it is possible to pass a state
object to passport.authenticate()
.
app.get('/auth/twitter',
passport.authenticate('twitter', { state: { beep: 'boop' } }));
This state will be automatically persisted and rehydrated when the user is returned to the callback URL. The state is made available onreq.authInfo
.
app.get('/auth/twitter/callback',
passport.authenticate('twitter', { failureRedirect: '/login' }),
function(req, res) {
var state = req.authInfo.state;
// resume state...
});