After installing and having the passport authentication working properly for a while (something like a year in 2017) I run again this project in 2019 and I got the following error message when authenticating with Steam and passport
{
"name": "InternalOpenIDError",
"message": "Failed to verify assertion",
"openidError": {
"message": "Invalid signature"
}
}
This is the configuration I had, and it's always returning the URL /#/404, since it's giving an error and redirecting
app.get(/^\/auth\/steam(\/return)?$/,
passport.authenticate('steam', { failureRedirect: '/#/404' }), (req, res) => {
res.redirect('/');
});
Seems like the authentication that was implemented by steam changed in April 2018 and they included HTTPS in the protocol.
The library passport-steam has adapted this in order to work, but of course, I was runnning in the old version (1.0.8) when I was building and installing node_modules in my app.
Bumping the version in my packaje.json to "passport-steam": "^1.0.10", fixed it for me with exactly the same code running in the application.