Passport.js github strategy callback always returns "TypeError: Cannot set property 'user' of undefined"

Question

I am new to passport authentication generally, and am trying to create a simple Express app for using the github strategy passport-github. I have had success using essentially this same code below for both google and twitter strategies, but every time I try to incorporate the github strategy I get a 500 response with this error whenever I hit the callback route:

Cannot set property 'user' of undefined

TypeError: Cannot set property 'user' of undefined
    at /Users/dan/Repos/passport-github-portal/node_modules/passport-github/node_modules/passport-oauth/node_modules/passport/lib/passport/http/request.js:45:35
    at pass (/Users/dan/Repos/passport-github-portal/node_modules/passport/lib/authenticator.js:267:43)
    at serialized (/Users/dan/Repos/passport-github-portal/node_modules/passport/lib/authenticator.js:276:7)
    at /Users/dan/Repos/passport-github-portal/app.js:49:7
    at pass (/Users/dan/Repos/passport-github-portal/node_modules/passport/lib/authenticator.js:284:9)
    at Authenticator.serializeUser (/Users/dan/Repos/passport-github-portal/node_modules/passport/lib/authenticator.js:289:5)
    at IncomingMessage.req.login.req.logIn (/Users/dan/Repos/passport-github-portal/node_modules/passport-github/node_modules/passport-oauth/node_modules/passport/lib/passport/http/request.js:43:29)
    at Strategy.strategy.success (/Users/dan/Repos/passport-github-portal/node_modules/passport/lib/middleware/authenticate.js:228:13)
    at verified (/Users/dan/Repos/passport-github-portal/node_modules/passport-github/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth2.js:133:18)
    at /Users/dan/Repos/passport-github-portal/app.js:25:9

My app.js is as follows:

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var passport = require('passport');
var session = require('express-session');

var routes = require('./routes/index');
var users = require('./routes/users');
var auth = require('./routes/auth');


var app = express();

var GithubStrategy = require('passport-github').Strategy;

passport.use(new GithubStrategy({
  clientID: process.env.GITHUB_CLIENT_ID,
  clientSecret: process.env.GITHUB_CLIENT_SECRET,
  callbackURL: 'http://localhost:3000/auth/github/callback'
}, function(accessToken, refreshToken, profile, done) {
  process.nextTick(function() {
    done(null, profile);
  });
}));

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

// uncomment after placing your favicon in /public
//app.use(favicon(__dirname + '/public/favicon.ico'));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use(session({
  secret: 'wordswordswords'
}));

app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, done) {
  done(null, user.id);
});

passport.deserializeUser(function(user, done) {
  done(null, user);
});

app.use('/', routes);
app.use('/users', users);
app.use('/auth', auth);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});

// error handlers

// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
  app.use(function(err, req, res, next) {
    res.status(err.status || 500);
    res.render('error', {
      message: err.message,
      error: err
    });
  });
}

// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
});


module.exports = app;

And my /routes/auth.js:

var express = require('express');
var passport = require('passport');
var router = express.Router();


router.route('/github/callback')
  .get(passport.authenticate('github', {
    failureRedirect: '/error'
}), function(req, res) {
  res.redirect('/users');
});

router.route('/github')
  .get(passport.authenticate('github'));

module.exports = router;

In a previous project I implemented both google and twitter strategies within the same app without trouble, but when I attempted to add passport-github, it broke all three strategies, giving me the exact same "Cannot set property 'user' of undefined" error whenever I hit any of the three callback routes.

Any help would be greatly appreciated!

Answer 1

This looks like a compatibility issue, for a quick fix set passport version to:

"passport": "0.2.2"

Long term fix probably involves more work: updating your code so it works with latest version, and/or creating an issue in the repo, or sending a PR with a fix (if you can add backward compatibily on this part to the lib).

How we guessed this was the problem?: tests started to fail when there was no changes related to authentication + the stacktrace + "latest" in packages.json

This Issue on Github