How to use passport-twitter without using session

Question

How to use passport-twitter without using session

quocson1 opened this issue 7 years ago · 10 comments

quocson1 commented 7 years ago

Error: OAuth authentication requires session support. Did you forget to use express-session middleware?

Is there a way to fix without using session ????

Answer 1 · 2018-01-25T10:55:00.000Z

Have you installed the express-session package?

Answer 2 · 2018-03-09T06:30:37.000Z

@quocson1 - I am also getting the same error. @Adetona - After installation express-session I am not getting that error.

Answer 3 · 2018-07-03T07:55:50.000Z

I have to use passport-twitter without session. Is there a way?

Answer 4 · 2019-04-11T14:43:45.000Z

oauth1 requires a session, we need oauth2
#57

Answer 5 · 2019-06-26T19:05:56.000Z

Also wondering about this. It looks like the session is just used to store the OAuth request token -- I'm considering looking into using a custom session strategy that leverages a JWT token. Would this be a bad idea @jaredhanson? Feel like I must be overlooking something obvious...

Answer 6 · 2019-06-26T23:54:38.000Z

@delantai - Either way, you are going to end up with a cookie and a session. If you are just trying to avoid a backend store, in order to be fully stateless, there are already solutions like client-sessions. No need to roll your own with JWTs.

Answer 7 · 2019-06-27T00:45:52.000Z

Oh perfect, thanks Jared. Yep, was just to avoid setting up a session store for now. Appreciate the quick response :-).

Answer 8 · 2021-10-18T22:02:05.000Z

umm right now i think not is more required the session for twitter auth process, according the twitter docs only needed do three request:

1- Request Token (https://developer.twitter.com/en/docs/authentication/api-reference/request_token) -> Use Consumer Key, Secret and CallbackUrl (oauth headers) and return oauth_token and oauth_token_secret on body

2- Auth on Twitter (https://developer.twitter.com/en/docs/authentication/api-reference/authenticate) -> Use oauth_token by query params to Twitter API -> send callback to callbackUrl with oauth_token & oauth_verifier in queryparams or just get the PIN if not use callback

3- Access Token (https://developer.twitter.com/en/docs/authentication/api-reference/access_token) -> Use oauth_token & oauth_verifier (or PIN)-> receive new oauth_token, oauth_token_secret and user_id in Body

Answer 9 · 2022-04-28T09:30:16.000Z

Error: OAuth authentication requires session support. Did you forget to use express-session middleware?

Is there a way to fix without using session ????

What solution do you get when there should be no express-session package involved. Because I am stuck in there too

Answer 10 · 2022-07-06T16:25:46.000Z

Hey,

I have built several restful APIs that don't want to add session support, so I am sharing the way I am using a simple redis store to store the token:tokenSecret pair. Unfortunately, it's undocumented how the store is supposed to be implemented (or I couldn't find any documentation out there), but it's pretty straightforward if you see the usage of the store in passport-oauth1. Here is the store for example: https://gist.github.com/raxityo/f3872a4caeaa11f79921c3c252ceccc6

Our goal is to store the token:tokenSecret pair in some storage that can be retrieved later and it would be destroyed once the token has been used at step 3 above.

Hope it helps someone who runs into this situation.