re-login user with passport.js twitter login

Question

In passport I have Twitter authentication. Everything is fine login wise. I have this code

app.get('/auth/twitter', function (req, res) {
    if (req.user) {
        return res.redirect('/');
    }
    return passport.authenticate('twitter')(req, res);
});

So if the user is already logged in to my site with twitter it just redirects back(probably give a message eventually). Once they logout of the site and they click login with twitter again it takes them to the Twitter authorize app page again. Which it shouldn't. When I look at other websites it never asks me to authorize the app again. If I look in the authorized app section of my twitter profile I see my application I'm developing.

Why does my application keep asking for authorization when I have already given it? How can I change this(I'm storing token and token_secret in db)? Thanks for the help.

Answer 1

I was recently having the same problem in my development system, but not in production.

The problem for me traced back to the application settings on Twitter. When I went to the Twitter Dev site and started to carefully compare the selections I made for my DEV and PROD systems, I noticed a difference on the Settings tab for My Applications where the checkbox for "Allow this application to be used to Sign in with Twitter" check-box was not selected for my DEV but was for my PROD system.

The tiny-print under the check box on the app Settings tab says:

When enabled your application can be used to "Sign in with Twitter". When disabled your application will not be able to use /oauth/authenticate and any request to it will instead redirect the user to /oauth/authorize

The difference between authorize vs authenticate isn't clear by the terminology, but authorize requires the confirmation every time while authenticate "remembers" the user's choice.

After I made this single change, my DEV system stopped asking me for the authorize-related confirmation every time I tested logging in via Twitter...