Using the --api flag for "buffalo new" prevents the buffalo-goth plugin from working after route generation

[astoicnick]

Description

Hello, I have discovered that by using the --api flag when generating a new buffalo app, it is adding an option to the buffalo.New() call in app.go(approximately line 46). The setting, "SessionStore: sessions.Null{}", prevents the buffalo-goth callback from working as expected. After generating the routes from the buffalo-goth plugin for Google, if you add your secret and clientId it will successfully redirect you to Google's consent screen. After gathering consent, Google is redirecting the user to /auth/google/callback. It is at this point that the error message "could not find a matching session for this request". If I remove the "SessionStore: sessions.Null{}" from app.go, the callback works as expected.

Additional details are below, but my question is this: should the "SessionStore: sessions.Null{}" still be there despite this issue? If it shouldn't be there, can I go try and fix it and submit a PR?

To Reproduce

What I did to get successful goth process on first try:

1. I created a new buffalo app by running "buffalo new google_goth_sample"
2. I installed the buffalo-goth plugin, and ran 'buffalo g goth google'
3. I added my secret and key to the .env file, as well as adding "ADDR=127.0.0.1"
4. I ran buffalo dev, and the callback worked right off the bat
   How to reproduce the issue I'm running into:
5. Create a buffalo app with the --api flag, "buffalo new google_goth_api_sample --api"
6. install the buffalo-goth plugin, and run 'buffalo g goth google'
7. Add the secret, key, and addr variables to the .env file, same as above
8. run buffalo dev, and after google redirects you from the constent screen, you should see the same error message I've seen, which is a 401 status code with the following JSON:

{ "error": "could not find a matching session for this request", "trace": "could not find a matching session for this request", "code": 401 }

Additional Context

Details

Paste the output of `buffalo info` here!

`Pwd C:\Users\nicho\go\src\github.com\astoicnick\goth_api
Root C:\Users\nicho\go\src\github.com\astoicnick\goth_api
GoPath C:\Users\nicho\go
PackagePkg goth_api
ActionsPkg goth_api/actions
ModelsPkg goth_api/models
GriftsPkg goth_api/grifts
WithModules true
Name goth_api
Bin bin\goth_api
VCS git
WithPop true
WithSQLite false
WithDep false
WithWebpack false
WithNodeJs false
WithYarn false
WithDocker true
WithGrifts true
AsWeb false
AsAPI true
InApp true
PackageJSON {map[]}

-> Buffalo: config/buffalo-app.toml
name = "goth_api"
bin = "bin\goth_api"
vcs = "git"
with_pop = true
with_sqlite = false
with_dep = false
with_webpack = false
with_nodejs = false
with_yarn = false
with_docker = true
with_grifts = true
as_web = false
as_api = true

-> Buffalo: config/buffalo-plugins.toml
[[plugin]]
binary = "buffalo-goth"
go_get = "github.com/gobuffalo/buffalo-goth@latest"

[[plugin]]
binary = "buffalo-pop"
go_get = "github.com/gobuffalo/buffalo-pop/v3@latest"

-> Buffalo: go.mod
module goth_api

go 1.19

require (
github.com/gobuffalo/buffalo v1.0.1
github.com/gobuffalo/buffalo-pop/v3 v3.0.6
github.com/gobuffalo/envy v1.10.2
github.com/gobuffalo/grift v1.5.2
github.com/gobuffalo/mw-contenttype v1.0.1
github.com/gobuffalo/mw-forcessl v1.0.1
github.com/gobuffalo/mw-i18n/v2 v2.0.2
github.com/gobuffalo/mw-paramlogger v1.0.1
github.com/gobuffalo/pop/v6 v6.0.8
github.com/gobuffalo/suite/v4 v4.0.3
github.com/gobuffalo/x v0.1.0
github.com/markbates/goth v1.74.1
github.com/rs/cors v1.8.2
github.com/unrolled/secure v1.13.0
)

require (
cloud.google.com/go v0.67.0 // indirect
github.com/BurntSushi/toml v1.2.0 // indirect
github.com/Masterminds/semver/v3 v3.1.1 // indirect
github.com/aymerick/douceur v0.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dustin/go-humanize v1.0.0 // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/fatih/structs v1.1.0 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/gobuffalo/events v1.4.3 // indirect
github.com/gobuffalo/fizz v1.14.4 // indirect
github.com/gobuffalo/flect v0.3.0 // indirect
github.com/gobuffalo/github_flavored_markdown v1.1.3 // indirect
github.com/gobuffalo/helpers v0.6.7 // indirect
github.com/gobuffalo/httptest v1.5.2 // indirect
github.com/gobuffalo/logger v1.0.7 // indirect
github.com/gobuffalo/meta v0.3.3 // indirect
github.com/gobuffalo/mw-csrf v1.0.1 // indirect
github.com/gobuffalo/nulls v0.4.2 // indirect
github.com/gobuffalo/plush/v4 v4.1.16 // indirect
github.com/gobuffalo/refresh v1.13.2 // indirect
github.com/gobuffalo/tags/v3 v3.1.4 // indirect
github.com/gobuffalo/validate/v3 v3.3.3 // indirect
github.com/gofrs/uuid v4.3.0+incompatible // indirect
github.com/golang/protobuf v1.4.2 // indirect
github.com/gorilla/css v1.0.0 // indirect
github.com/gorilla/handlers v1.5.1 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/sessions v1.2.1 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgconn v1.13.0 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.1 // indirect
github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
github.com/jackc/pgtype v1.12.0 // indirect
github.com/jackc/pgx/v4 v4.17.2 // indirect
github.com/jmoiron/sqlx v1.3.5 // indirect
github.com/joho/godotenv v1.4.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/luna-duclos/instrumentedsql v1.1.3 // indirect
github.com/mattn/go-colorable v0.1.9 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-sqlite3 v1.14.15 // indirect
github.com/microcosm-cc/bluemonday v1.0.20 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/monoculum/formam v3.5.5+incompatible // indirect
github.com/nicksnyder/go-i18n v1.10.1 // indirect
github.com/pelletier/go-toml v1.2.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect
github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect
github.com/spf13/cobra v1.5.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/testify v1.8.0 // indirect
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
golang.org/x/net v0.0.0-20221002022538-bcab6841153b // indirect
golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 // indirect
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 // indirect
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/appengine v1.6.6 // indirect
google.golang.org/protobuf v1.25.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)`

[sio4]

Questions for clarifying the situation:

1. What is the purpose of the app and why did you add --api?
2. If the app is an api service, how/why it works with OAuth social login that requires user interection and a session?

Or any additional information that could help us to understand the use case?

[astoicnick]

The purpose of the app is to be an authentication API. Ideally when a user logs into a website, they can choose from google sign in or our managed authentication. When they click the google sign in button, this authentication API will handle the callback and provide an access token that can be used to authenticate with any of the other web services we have.

I added --api because this application will need to return an access token to any client that calls it, and I don't want it to return an html page, I want it to return json.

After what you've said, I think you can close this out because it sounds like I don't fully understand how the social login will be used in the authentication API. Thank you