I'm using Passport-google to login users in example.com:3000. It works great. But if I put the Node.js server behind a proxy (IIS7; don't ask why, I had to), and access to my site in example.com (not in example.com:3000), I can't login with Passport-google. My RewriteRule in IIS:
Pattern (.*)
{HTTP_HOST} Matches myserver.com
{SERVER_PORT} Does not match 3000
Rewrite URL: http://127.0.0.1:3000/{R:1}
The error I got:
Cannot GET /accounts/o8/ud?
Also I have the same problem with Passport-twitter, and Passport-facebook.
I think I should set some other rule in IIS, or set some proxy settings in Passport.js, or OpenID, but haven't figured out yet. Any ideas?
The IIS proxy had a bad configuration. under Application Request Routing (ARR) / Server proxy settings Reverse rewrite host in response headers was switched on, so when passport sent a 302 with a location in header set to https://www.google.com/accounts/o8/... the IIS proxy replaced it to http://myserver.com/accounts/o8/... . which of course was an invalid link.