Passport auth在本地工作，但不在远程服务器上

Question

我对这个问题感到疯狂。我刚刚使用Google oAuth 2.0策略设置Passport js，并且在我本地的Express 4服务器上运行完美。

但是，当我尝试我的亚马逊服务器调用req.isAuthenticated（）返回false每次和req.user上运行它是不确定的。我无法弄清楚什么是错的。

passport.serializeUser(function(user, done) { 
    console.log("serializeUser " + user.id); 
    done(null, user.id); 
}); 

passport.deserializeUser(function(id, done) { 
    console.log("deserializeUser: " + id); 
    User.find({_id: id}, function (error, user) { 
     if (error || !user) { 
      done(error, null); 
     } else { 
      done(null, user); 
     } 
    }); 
}); 

passport.use(new GoogleStrategy({ 
    clientID: config.google.clientID, 
    clientSecret: config.google.clientSecret, 
    callbackURL: config.google.callbackURL 
}, 
function(accessToken, refreshToken, profile, done) { 

    process.nextTick(function() { 

     if(profile._json.domain === 'xxx'){ 

      var query = {googleId: profile.id}; 
      var options = {upsert: true, new: true, setDefaultsOnInsert: true }; 

      // Find the document 
      User.findOneAndUpdate(query, query , options, function (error, user) { 
       if (error) { 
        return done(error); 
       } 
       return done(null, user); 
      }); 
     }else{ 
      return done(new Error("Invalid host domain")); 
     } 
    }); 

} 
)); 

router.get('/auth/google', 
    passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/plus.login', 'https://www.googleapis.com/auth/userinfo.email'] })); 

router.get('/auth/google/callback', 
    passport.authenticate('google', { failureRedirect: '/login' }), function(req, res) { 
     res.redirect('/'); 
}); 

router.get('/login', ensureAuthenticated, function(req, res){ 
    console.log("User is Authenticated"); 
}); 

function ensureAuthenticated(req, res, next) { 

    console.log("USER " + req.user); 

    if (req.isAuthenticated()) { 
     console.log("Authorized"); 
     return next(); 
    } else { 
     console.log("Not authorized"); 
     res.sendStatus(401); 
    } 

} 

而这是Express服务器的conf。

/ Express 
var app = express(); 
app.use(cookieParser('xxx')); 

app.use(bodyParser.json({limit: '100mb'})); 
app.use(bodyParser.urlencoded({limit: '100mb', extended: true})); 

// Used for production build 
app.use(express.static(path.join(__dirname, 'public'))); 

app.use(session({ 
    store: sessionStore, //var sessionStore = new MemoryStore(); 
    secret: 'xxx', 
    resave: true, 
    saveUninitialized: true, 
    cookie: { 
     secure: false, 
     path: '/', 
     httpOnly: true, 
     maxAge: new Date(Date.now() + 3600000), 
    } 
})); 

// Compress responses 
app.use(compression()); 

app.use(passport.initialize()); 
app.use(passport.session()); 

routes(app); 

Similar problem

请帮帮忙！

Answer 1

您是否将amazon服务器添加到授权重定向URI列表中？请参阅以下内容：https://developers.google.com/adwords/api/docs/guides/authentication#oauth2_playground

确保添加您的Amazon重定向URI谷歌的控制台，以验证

Answer 2

我想我的问题得到了解决，通过切换会话存储到MongoStore而不是MemoryStore的。我希望将来为你们中的一些人节省一些时间。

// Express 
var app = express(); 
app.use(cookieParser('xxx')); 

app.use(bodyParser.json({limit: '100mb'})); 
app.use(bodyParser.urlencoded({limit: '100mb', extended: true})); 

// Used for production build 
app.use(express.static(path.join(__dirname, 'public'))); 

app.use(session({ 
    cookieName: 'session', 
    duration: 30 * 60 * 1000, 
    activeDuration: 5 * 60 * 1000, 
    store: new MongoStore({ 
     mongooseConnection: mongoose.connection, 
     touchAfter: 24 * 3600 // time period in seconds 
    }), 
    secret: 'xxx', 
    saveUninitialized: false, // don't create session until something stored 
    resave: false, //don't save session if unmodified 
    cookie: { 
     secure: false, 
     path: '/', 
     httpOnly: true, 
     maxAge: new Date(Date.now() + 3600000), 
    } 
}));