Unable to keep a peristent login with the oauth2orize provider using ExpressJS

Question

I'm working on creating an app that will provide authentication using the OAuth2 protocol to serve known clients using the app's Strategy.

I have tried using both the oauth2orize, and node-oauth2-provider modules, and I keep getting the to same point:

1. User logs in through client, api key and api secret are verified, and the user can successfully log in through my provider app.
2. After the client app, and the user successfully authenticate, a token is sent back to the client app (user is logged in the client - yay!), but the user is immediately logged out on the Provider app. I cannot figure out where, and why this happens - is this a feature of the OAuth2 protocol?

Is this normal? If I use Facebook as a strategy (think passport-facebook), then if I log in to any app using Facebook, I am still logged into Facebook when I'm redirected back to the app - this is the behavior I want to provide clients accessing my app.

Both Provider modules are great at doing 90% of what I'm looking for, but neither provide the "persistent" login in their examples, oauth2orize, and node-oauth2-provider. Am I missing something?

Answer 1

Um, I think I got it.

I was running both the client and server on localhost, using different ports - and cookies/sessions were overwriting each other.

So if client express app was running on http://localhost:3000 and oauth provider was running on http://localhost:3001, logging into the oauth provider and creating a session on the client was overwriting the session on the provider.

Solution (for now):

# /etc/hosts
127.0.0.1 dev.client.com
127.0.0.1 dev.oauth-provider.com

Logging in to http://dev.client.com:3000 takes me to http://dev.oauth-provider.com:3001 and when a user successfully logs in and a session is created on client, provider is still logged in.