oauth2]$ node app.js

/home/cmorgan/bitsplash/noteapp/passport-google-oauth/examples/oauth2/app.js:53
var app = express.createServer();
^
TypeError: Object function createApplication() {
var app = function(req, res, next) {
app.handle(req, res, next);
};

mixin(app, proto);
mixin(app, EventEmitter.prototype);

app.request = { proto: req, app: app };
app.response = { proto: res, app: app };
app.init();
return app;
} has no method 'createServer'
at Object. (/home/cmorgan/bitsplash/noteapp/passport-google-oauth/examples/oauth2/app.js:53:19)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:906:3

I can't find any example on this page, but I guessed the scope:

router.get('/login/google',
  passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.email'] })
);

Is this the correct scope?

After trying it, I denied from google, and the error was:

error: [setup/errorHandler.js] failed to obtain access token (status: 400 data: The request token is invalid.
)
error: [setup/errorHandler.js] Error
    at /js/javascript-nodejs/node_modules/passport-google-oauth/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth.js:134:36
    at /js/javascript-nodejs/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/oauth/lib/oauth.js:465:22
    at passBackControl (/js/javascript-nodejs/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/oauth/lib/oauth.js:397:13)
    at IncomingMessage.<anonymous> (/js/javascript-nodejs/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/oauth/lib/oauth.js:409:9)
    at IncomingMessage.EventEmitter.emit (events.js:129:20)
    at _stream_readable.js:898:16
    at process._tickDomainCallback (node.js:372:11)

Is this module supposed to work or is abandoned (no offence please, just want to know)?
I just denied auth and the error was severe.
There were other issues too, so please tell me it it's worth to work them out.

If you're signed into google with multiple accounts during the redirect you are asked to choose which account you want to use and on the return successReturnToOrRedirect does not fire.

When used callbackURL : "postmessage" like this : passport.use(new GoogleStrategy({clientID: "abc", clientSecret: "def", callbackURL: "postmessage"
} , I am getting the response as { "error": "redirect_uri_mismatch" }. Had to include the following line : params.redirect_uri = "postmessage"; in getOAuthAccessToken() in node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\oauth\lib\oauth2.js. The library automatically adds in the request, the domain name before the redirect_uri, in my case it was https://localhost/postmessage in development server. Any solutions without modifying the library.

Oauth 1.0 example breaks with error if I choose 'Deny Access' in the Google's grant access page.

failed to obtain access token (status: 400 data: The request token is invalid.)

Why it is not handled by failureRedirect handler ?
How to handle this error in the app and properly redirect ?

I'm getting an error with OAuth 2.0 when Passport is trying to fetch the user profile.

500 failed to fetch user profile (status: 401 data: { "error": { "errors": [ { "domain": "global", "reason": "authError", "message": "Invalid Credentials", "locationType": "header", "location": "Authorization" } ], "code": 401, "message": "Invalid Credentials" } } )

I'm having a {"message":"failed to fetch user profile"} error while authenticating with passport-google-oauth v0.2.0.

v0.1.15 works fine.

Login/Logout within one browser session works fine. However when I close the browser and open it again I am again asked to grant access.

Is there a way to ask the user only once for permission?

Or should I consider https://github.com/shobhitsinghal624/passport-google-authcode ?

I'd receiving a valid accessToken, however the refreshToken is undefined!

I have no clue how to debug it. Any help? :)

As seen here:

https://developers.google.com/accounts/docs/OpenID

Google is deprecating OpenId in favor of OAuth2

So I tried to use the following Google strategy locally to use OAuth2:

google: {
name: 'Google',
protocol: 'oauth2',
scope: ["https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"],
strategy: require('passport-google-oauth').Strategy,
options: {
clientID: 'MY_CLIENT_ID',
clientSecret: 'MY_CLIENT_SECRET'
}
}

It didn't work at first because in passport-google-oauth / lib / passport-google-oauth / index.js
we see this:

/**

• Expose constructors.
  */
  exports.Strategy =
  exports.OAuthStrategy = OAuthStrategy;
  exports.OAuth2Strategy = OAuth2Strategy;

When Passport uses the Strategy object, it gets OAuthStrategy by default.

In order to make a quick and dirty patch to make it work locally, I just forced Strategy to use OAuth2 like so:

/**

• Expose constructors.
  */
  exports.Strategy = OAuth2Strategy;
  exports.OAuthStrategy = OAuthStrategy;
  exports.OAuth2Strategy = OAuth2Strategy;

Works great locally...

A week later, I tried to deploy to Heroku. My sails app wouldn't lift...

After a while, I remembered I had to change the Strategy to use OAuth2.

Since my app is rebuilt on Heroku from its dependencies, I now have the ORIGINAL passport-google-oauth, which doesn't work for OAuth2...

Maybe @jaredhanson could have a look at this. Everyone would benefit from this fix.

Thanks,

Luc

Why Passport uses Contacts ("https://www.google.com/m8/feeds") scope for getting user profile info instead of User Profile and Email (https://www.googleapis.com/auth/userinfo.profile and userinfo.email)?

Unless importing the passport module twice I suppose.

passport.authenticate("google")

is the only way to trigger both OAuth 1.0 and OAuth 2.0 authenticaion.

Passport-oauth2 is more in line with Google's expectations, and should be preferred over Oauth v1.

There is no indication in the README of how to choose between OAuth1 and 2.

I had to go into the examples before I found this:

GoogleStrategy = require('passport-google-oauth').OAuth2Strategy

User seems to get authenticated but I get this error before the GoogleStrategy() callback function is executed. Has anyone found a solution to this?

createCredentials() is deprecated, use tls.createSecureContext instead
InternalOAuthError: failed to fetch user profile
    at /home/sergei/projects/www/jobpact/jp-recruiter/node/node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28
    at passBackControl (/home/sergei/projects/www/jobpact/jp-recruiter/node/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9)
    at IncomingMessage.<anonymous> (/home/sergei/projects/www/jobpact/jp-recruiter/node/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
    at IncomingMessage.emit (events.js:129:20)
    at _stream_readable.js:908:16
    at process._tickCallback (node.js:355:11)

https://developers.google.com/+/api/auth-migration#oauth2login

It seems as if google has deprecated the use of the userinfo endpoint sooner than they had documented.

Any chance this can be fixed in the passport module?

Thanks!

Hi,

I am using passport in total.js application in which all other oath works well including facebook, twitter. But when I try to login using Google account, I got "TokenError" as error.

Please advise how to solve.

Getting below issue with OAuth 2.0 strategy.

500 failed to fetch user profile (status: 403 data: { "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } } )

Facebook and LinkedIn works with node 0.4.x, google doesn't.

As a last hope I upgraded my node on server and now it works, but you should set node dependecy ">=0.6.0" for google oauth.

Is there anyway to authenticate without having a callback url? In otherwords, to just obtain auth server side for a single account?

Using Passport really requires developers to read the code and understand it, which is somewhat frustrating because it's built in many different interconnected pieces. It would be nice if the examples were up-to-date regarding dependencies and also showcased all of the features of Passport.

It shows build failed on https://travis-ci.org/jaredhanson/passport-google-oauth
Any plans to migrate passport to Google+?

Hi,
I always get a 50x50 photo , is there a way to get an original quality photo?

Thanks!

Any chance the port number can be excluded in the URL generation process?

My sites runs on a different port than 80 (proxied to another port within nginx) and somehow your module is composing the the base URL with the port number the site is running (I am setting the port number through an env variable within a bash script ...)

For clarification, Google tells me this error:

The redirect URI in the request: https://dev.video.abc.org:6668/user/login/google/return did not match a registered redirect URI.

but I just want to use that URL

https://dev.video.abc.org/user/login/google/return

and I have this for the middleware

    app.get(settings.social.google.returnUrl,
        passport.authenticate('google', {
            successRedirect: "/user/login",
            failureRedirect: "/"
        }));

Let me know, thanks

It would be nice to set the login_hint based on the email when signing a user in.

The new endpoint is:

https://www.googleapis.com/oauth2/v3/userinfo

Current this module uses version 1:

https://www.googleapis.com/oauth2/v1/userinfo

Following sample code I get an error

failed to obtain access token (status: 401 data: {
"error" : "invalid_client"
})

• The callback URL is correctly set in my google account to a public URL www.domain.com
• The 'req' seems OK
• the nodejs is host on a virtualhost online

What I have missed ?

To accommodate for the recent dependency updates.

Hi, I only want to get the user's basic information an email, I tried all the below scopes:
'profile email'
'profile'
'email'

But the google authorization page keeps saying the application is requesting to "Have offline access". I don't understand why. Does anyone else ran into this?.

Thanks

passport.authenticate('google', { scope: 'https://www.google.com/m8/feeds' })

Unless I'm missing something, in addition to an access token, a refresh token, and a profile the verify function should also have expires_in as a parameter.

From https://developers.google.com/accounts/docs/OAuth2UserAgent#handlingtheresponse

"Other parameters included in the response include expires_in and token_type. These parameters describe the lifetime of the token in seconds, and the kind of token that is being returned."

Set express back to 3.x to get things working, updated the url like:

• callbackURL: "http://127.0.0.1:3000/auth/google/callback"
• callbackURL: "http://192.168.1.10:3000/auth/google/callback"

plugged in my client and secret values, and google is reporting an error:

"
400. That’s an error.

Error: invalid_request

device_id and device_name are required for private IP: http://192.168.1.10:3000/auth/google/callback

Learn more

Request Details
That’s all we know.
"

Does this library work fully with Google+? When I configure this to work with Google+ I do not seem to be getting back the information I would expect for the user profile. The reason I ask this is if I follow the examples from Google on implementing a Google+ Login Button (https://developers.google.com/+/quickstart/) I get my full profile sent back. When I use passport-google-oauth I do get some profile information back, it is just a subset of what I expect. I've been looking at the internals of both projects trying to figure out if they are doing the same thing under the covers but haven't been able to figure it out yet, so I figured I would post my question here.

For the code I am using for passport-google-oauth I am using the oAuth2 example from the readme. The only change I had to make to it other than adding my google credentials was to add a scope on the /auth/google get handler as follows:

app.get('/auth/google', passport.authenticate('google', {scope: 'https://www.googleapis.com/auth/plus.login'}));

I did this because Google raised an error back to me stating I needed a scope.

Thanks in advance for any guidance.

Ginny

Getting this on my production server randomly for some users.

What is the right strategy to handle this error? If I were to retry where should I insert the retry routine? I have Google+ APIs enabled. It works fine in most cases. But I think under load there is a chance of getting this error.

Express
500 InternalOAuthError: failed to fetch user profile (status: 403 data: {
 "error": {
 "errors": [
 {
 "domain": "usageLimits",
 "reason": "userRateLimitExceeded",
 "message": "User Rate Limit Exceeded"
 }
 ],
 "code": 403,
 "message": "User Rate Limit Exceeded"
 }
}
)
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "userRateLimitExceeded",
"message": "User Rate Limit Exceeded"
}
],
"code": 403,
"message": "User Rate Limit Exceeded"
}
}
)
at /node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28
at passBackControl (/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9)
at IncomingMessage.(/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
at IncomingMessage.emit (events.js:117:20)
at _stream_readable.js:944:16
at process._tickCallback (node.js:442:13)

Hi,

I use node v0.12 and i have this message in console :
createCredentials() is deprecated, use tls.createSecureContext instead

Title says it all.. I would like to limit login to a certain domain only - how can I add the parameter to the request?

I had a working app with passport-google-oauth v0.1.5 and passport v0.1.16 on node v0.8 with connect v2.27.1. The issue appeared since I updated to connect v3.3.5 on node v0.10.38 and passport-google-oauth v0.2.0 and passport v0.2.1.

The first request looks OK to me.

https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force&user_id=testaccount%40gmail.com&response_type=code&redirect_uri=http%3A%2F%2Fapp.testapp.com%3A5000%2Foauth2%2Fcallback&scope=profile%20email&client_id=XXXXXXXX.apps.googleusercontent.com

After click the Accept button at the permission page I see this problem.

400. That’s an error.
Error: invalid_request
Missing required parameter: scope
Request Details
response_type=code
redirect_uri=http://app.testapp.com:5000/oauth2/callback
client_id=XXXXXXXX.apps.googleusercontent.com
That’s all we know.

Here are the details, how I set up.

passport.use new GoogleStrategy(
  clientID: process.env.GOOGLE_CLIENT_ID || conf.GOOGLE_CLIENT_ID
  clientSecret: process.env.GOOGLE_CLIENT_SECRET || conf.GOOGLE_CLIENT_SECRET
  callbackURL: "https://" + process.env.HOST) + "/oauth2/callback"
  passReqToCallback: true
, (req, accessToken, refreshToken, profile, done) ->

server = connect()
  .use(cookieParser())
  .use(bodyParser.json())
  .use(bodyParser.urlencoded({extended: true}))
  .use(session(
    store: new RedisStore(
       pass: getRedisParams().pass
       host: getRedisParams().host
       port: getRedisParams().port
       ttl: 3600 #one hour
     )
    secret: "XXXXXXXX"
     saveUninitialized: true
     resave: true
     cookie:
       domain: process.env.HOST || conf.HOST
       maxAge: 604800000
  ))
  .use(passport.initialize())
  .use(passport.session())
  .use(connectRoute(routes))

(passport.authenticate('google',
    scope: [
      'profile'
      'email'
    ]
    accessType: 'offline'
    userID: email
    approvalPrompt: 'force'
  )) req, res, next

    (passport.authenticate('google',
      failureRedirect: '/oauth2/failed'
      successRedirect: '/oauth2/success'
    )) req, res, next

The accessToken comes together with a field named expires_in. This is needed to determine when the actual accessToken is not valid any more.
Is there a way to retrieve this somehow? Currently it does not seem to get passed on the method for user creation.

Hi,

Google has deprecated the end points used for OAuth 2.0. See https://developers.google.com/+/api/auth-migration#timetable

They suggest updating to new end points for OAuth 2.0 as well as changing some scope items for getting a profile. https://developers.google.com/+/api/auth-migration#oauth2login

My concern is that this library has had no commits for nearly a year. If I do a pull request to make these changes, can we can another deployment of this with those changes to NPM?

Thanks!

With { scope: 'https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'}, it works but returned profile doesn't contain youtube username.
Is it just google won't return the youtube username even you request youtube scope or it's something that we can configure?
I know there is a passport-youtube package but it'd be neat using a unified one.

Edit: On a second thought, it's not as convenient, but it's not really a issue to worth looking into. Please just close it. Thanks.

Attempted to find the code that produces the following:

createCredentials() is deprecated, use tls.createSecureContext instead

in this repository and the corresponding passport-oauth2 module. Not sure what is causing this but I'm 99% it's got something to do with passport.

Dependencies get messy with
passport -> passport-google-oauth -> passport-oauth 0.1.x -> passport ~0.1.1

Thanks !

I am doing everything as the guide says and I get to this Google error page which trying to connect with Google+. what's wrong?

I'm using a dynamic way to assign the callbackUrl for Google OAuth. Aka

    passport.authenticate( 'google',
    {
      scope: scope,
      accessType: 'offline',
      approvalPrompt: 'force',
      callbackURL: "http://" + req.host + "/authed/google"
    } );

where req.host can change dynamically. However, in my callbackURL, I'll need to re-authenticate again,

  app.get( '/authed/google', passport.authenticate( 'google',
  {
    callbackURL: 'Should be the same as the first call',
    failureRedirect: '/auth/failure',
    successRedirect: '/auth/success'
  } ) );

Is there a way to pass the callbackURL from the first passport.authenticate() to the callback, so the callback's passport.authenticate() can use the same one?

If the urls aren't matching, it'll cause a

failed to obtain access token (status: 400 data: {
  "error" : "redirect_uri_mismatch"
})
    at /Users/lukezheng/git/spoton/business/node_modules/passport-google-oauth/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth2.js:126:38
    at /Users/lukezheng/git/spoton/business/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:177:18
    at passBackControl (/Users/lukezheng/git/spoton/business/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:124:9)
    at IncomingMessage.<anonymous> (/Users/lukezheng/git/spoton/business/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:143:7)
    at IncomingMessage.emit (events.js:117:20)
    at _stream_readable.js:943:16
    at /Users/lukezheng/git/spoton/business/node_modules/newrelic/node_modules/continuation-local-storage/node_modules/async-listener/glue.js:188:31
    at process._tickDomainCallback [as _tickCallback] (node.js:463:13)

I would like to take advantage of the passReqToCallback attribute from the GoogleStrategy() object.
Fyi : passReqToCallback allow to get the request object from GoogleStrategy callback. Prototype become like this :

function( request, accessToken, refreshToken, profile, done )

However, and maybe this is b/c of the way google auth works, the session is regenerated between the verb /auth/google and /auth/google/callback which lead to lost the sessionID.

please note on facebook strategy it works like a charm.

As a example of the request.session coming from the GoogleStrategy callback :

 sessionStore: 
   { sessions: { nkCqHOvI7SLbBzaeWPCCWU4AOFmMA_Yx: '{"cookie":{"originalMaxAge":null,"expires":null,"httpOnly":true,"path":"/"},"passport":{},"client_id":"BASNnJDGFyn-dtXHAAAB"}' },
....
 sessionID: 'MW76gNUj17bEURYKztmfofH1HH6dhI8S',

Any idea ?

Everything seems to work fine except it doesn't return a name. Any idea why?

{ provider: 'google',
  id: '123456789',
  displayName: undefined,
  name: { familyName: undefined, givenName: undefined },
  emails: [ { value: '[email protected]' } ],
  _raw: '{\n "id": "123456789",\n "email": "tester.com",\n "verified_email": true\n}\n',
  _json: { id: '123456789, email: 'tester@gmail.com', verified_email: true } 
}

Hello,Can i import Google/Facebook contacts with respective user's online/offline status using passport authentication.?If any idea please share with some code code snippet or some useful links.

The passport-google-oauth module began failing earlier this month. The actual authentication seems to work, but the follow-up request for the user's profile fails with the following error:

failed to fetch user profile (status: 401 data:

{
  "error": {
    "errors": [
      {
        "domain": "global",
        "reason": "authError",
        "message": "Invalid Credentials",
        "locationType": "header",
        "location": "Authorization"
      }
    ],
    "code": 401,
    "message": "Invalid Credentials"
  }
}

)

I have recreated a new OAuth key/secret via the Google developer console, no change in the outcome.