Search code examples
node.jsnginxexpresseveryauth

Everyauth.js fails on first Auth Request

Background: I am using nginx as a reverse proxy to my express server to handle SSL. I use the everyauth package to handle facebook oauth. Redis is used for session store.

Problem: On the first auth request everyauth will timeout on the getAccessToken auth step. On the second auth request it will complete all auth steps and return.

Specifically: I have followed the execution to a point where everyauth uses the request package during the getAccessToken step. Request uses the https module to make a request which never returns (callback is never executed).

Code

var express = require('express')
  , RedisStore = require('connect-redis')(express)
  , everyauth = require('everyauth')
  , Promise = everyauth.Promise
  , app = express.createServer()
  , authConfig = require('./auth_config');

// Configure server to allow reverse proxy (nginx) to handle SSL requests
app.enable('trust proxy');
app.set('env', process.env.npm_package_config_env);

//everyauth config
everyauth.facebook
    .appId(authConfig.facebook.appId)
    .appSecret(authConfig.facebook.appSecret)
    .redirectPath(authConfig.facebook.redirectPath)
    .scope(authConfig.facebook.scope)
    .popup(true)
    .findOrCreateUser(function(session, accessToken, accessTokExtra, fbUserMetadata){
        ...
    });

app.configure(function(){
    // Check if behind secure reverse-proxy
    app.use(require('./middleware/secureProxyCheck')());
    app.set('views', __dirname + '/views');
    app.set('view engine', 'jade');
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(express.cookieParser());
    app.use(express.session({
        secret: 'imnottelling', 
        store: new RedisStore({ host: "127.0.0.1", port: "6379" }),
        cookie: { secure: true }
    }));
    //WARNING: do not change the order of everyauth and router
    app.use(everyauth.middleware());
    app.use(app.router);
    app.use(require("./middleware/dynamicCacheHeaders")("sha256"));
});

/*app.get app.listen beyond this point*/

Versions

  • Node: 0.8.8
  • Express: 2.5.10
  • connect-redis: 1.4.4
  • Everyauth: 0.3.0
Solution

  • This problem was actually not related to anything mentioned above. The problem is caused because I did not read the documentation on daemon.node carefully enough. Nothing works on the first time around because they are all tied to the previous process which node is no longer running in. Hard to debug but very easy to fix (READ THE DOCUMENTATION).