Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

passport authentication failure leads to redirect loop

I am using node, express and passport with facebook authentication.
I have the following routes (when /facebook/auth/callback is the callback url):

function render(page, req, res) {
    var user = null;
    if (req.user) {
        user = req.user.toObject();
        user.isLoggedIn = true;
    }
    res.render(page, { user: user });
}
app.get('/auth-failure', function (req, res) {
    res.render('auth-failure');
});
app.get('/auth-success', function (req, res) {
    render('auth-success', req, res);
});
app.get('/facebook/auth', passport.authenticate('facebook', { scope: [ 'email', 'user_about_me', 'publish_actions']}));
app.get('/facebook/auth/callback', passport.authenticate('facebook', { failureRedirect: '/auth-failure', successRedirect: '/auth-success' }));

When the authentication succeeded I got the page auth-success view as I expected. But when the authentication failed and facebook returns to: http://localhost:3000/facebook/auth/callback?error_code=2102&error_message=User+is+not+a+test+user+owned+by+the+application#=

I don't get the auth-failure view! Instead, firefox returns me the page:

enter image description here

When running in chrome, I get the message: enter image description here

I try to check things and I replace the failure router to:

app.get('/facebook/auth/callback', function (req, res) {
    res.redirect('/auth-failure');
});

And this rendered the auth-failure view successfully.
What is the problem with the passport.js facebook failure authentication?
Why does it returns me that error page?

Regarding to @Matt Bakaitis comment:
Here is me serialize and deserialize functions:

// serialize sessions
passport.serializeUser(function(user, done) {
    done(null, user.id);
});

passport.deserializeUser(function(id, done) {
    User.findOne({ _id: id }, function (err, user) {
        done(err, user);
    });
});
like image 732
Naor Avatar asked May 31 '13 16:05

Naor


2 Answers

I believe it is because you are using a custom callback and need to provide a res object like....

 app.get('/facebook/auth/callback', function(req, res, next) { 
         passport.authenticate('facebook',..............
like image 152
Four_lo Avatar answered Sep 27 '22 17:09

Four_lo


I would fire up Fiddler to see what exactly is sent over the wire.

like image 23
Mark Leighton Fisher Avatar answered Sep 27 '22 15:09

Mark Leighton Fisher