I'm using passport-twitter in my MEAN STACK App.
I have an endpoint twitter-login, when Angular app hit this point, passport-twitter module is used to authenticate the user.
on getting oaut_token it redirects the user to the this url :
https://api.twitter.com/oauth/authenticate?oauth_token=SOME_TOKEN
on redirect, app is throwing above mentioned error in the title.
using cors module or setting headers manually won't help.
This is my code :
app.ts
import express from 'express';
import mongoose from 'mongoose';
import bodyParser from 'body-parser';
import { DATABASE_URL, JWTSECRET } from './config/config';
import { Routes } from './routes/routes';
const passport = require('passport');
const cors = require('cors');
const cookieSession = require('cookie-session');
const cookieParser = require('cookie-parser');
const passportSetup = require('./config/passport-config');
class App {
public app : express.Application;
public routePrv: Routes = new Routes();
constructor(){
this.app = express();
this.config();
this.mongoSetup();
this.routePrv.routes(this.app);
}
private config(): void {
this.app.use( cors() );
this.app.use( cookieSession({
name: "VIP_Session",
keys: [JWTSECRET],
maxAge: 24 * 60 * 60 * 100
})
);
this.app.use(cookieParser());
this.app.use(bodyParser.json());
this.app.use(bodyParser.urlencoded({ extended: false }));
this.app.use(passport.initialize());
this.app.use(passport.session());
}
private mongoSetup(): void{
mongoose.connect(DATABASE_URL, {useCreateIndex: true, useNewUrlParser: true});
const connection = mongoose.connection;
connection.once('open', () => {
console.log('MongoDB connection established successfullly.');
});
}
}
export default new App().app;
server.ts
import app from './app';
import * as http from 'http';
import { PORT } from './config/config';
http.createServer(app).listen(PORT , () => {
console.log('Express server listening on port '+ PORT);
});
routes.ts
import {Request, Response, NextFunction} from "express";
const passport = require('passport');
export class Routes {
public routes(app: any): void {
app.route('/api/twitter-login').get(passport.authenticate('twitter'));
app.route('/api/twitter-callback').get(
passport.authenticate('twitter',
{ failureRedirect: 'http://localhost:4200/login?isAuthenticated=false',
successRedirect : 'http://localhost:4200/login?isAuthenticated=true'
}));
}
passport-config.ts
const TwitterStrategy = require('passport-twitter');
import * as mongoose from 'mongoose';
import passport from 'passport';
import { TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET } from '../config/config';
import { userSchema } from '../models/';
let User = mongoose.model('User' , userSchema);
passport.serializeUser((user : any, done) => {
done(null, user._id);
});
// deserialize the cookieUserId to user in the database
passport.deserializeUser((id, done) => {
User.findById(id)
.then(user => {
done(null, user);
})
.catch(e => {
done(new Error("Failed to deserialize an user"));
});
});
passport.use('twitter', new TwitterStrategy({
consumerKey: TWITTER_CONSUMER_KEY,
consumerSecret: TWITTER_CONSUMER_SECRET,
includeEmail: true,
callbackURL: '/api/twitter-callback'
},
async (token : any, tokenSecret : any, profile : any, done : any) => {
console.log(profile.emails);
// find current user in UserModel
const currentUser = await User.findOne({
user_name: profile.username
});
// create new user if the database doesn't have this user
if (!currentUser) {
const newUser = await new User({
first_name : profile.displayName.split(' ')[0],
last_name : profile.displayName.split(' ')[1],
user_name : profile.username,
email : profile.emails[0].value ,
avatar : profile.photos[0].value ? profile.photos[0].value : '',
twitterId : profile.id
}).save();
if (newUser) {
done(null, newUser);
}
}
done(null, currentUser);
}
));
After doing some research I found out that api call from Angular7 app should be using one of the following approaches.
Using anchor tag:
<a class="btn btn-twitter" href='http://SERVER_URL/api/twitter-login'> Sign Up / Login with Twitter</a>
Or
window.location.href = 'http://SERVER_URL/api/twitter-login'.
Using this approach, origin will not be null and all the callbacks of passport-twitter will work perfectly fine.