I'm using Passport to allow user logins through Google. The session is being stored in Postgres. It looks to me like I've got all of those things configured correctly. However, isAuthenticated() is returning inconsistent values.
The inconsistency happens in the success callback of being authenticated. I've configured passport to redirect to /success when the user has successfully logged in.
If the server has just been booted up (meaning nobody has tried logging in yet), then isAuthenticated() returns true for the /success endpoint.
Once that user logs out, though, if they log back in, then isAuthenticated() returns false on the /success route. If they refresh the page, then it returns true.
The /logout endpoint is also acting inconsistently. Sometimes it works the first time, while at other times the user needs to refresh.
I've looked at similar problems folks are having. In particular, the two most common problems seem to not be the case here:
- CORS is set (SO answer / my code)
- the order of my middleware seems to be correct (SO answer / my code)
logInisn't relevant since I'm not putting a custom callback (SO Answer)- serialize working correctly; it's just not getting called in certain situations (SO question / explanation in here;
sessionisn't findingsu)
For the past few hours, I've been stepping through the Passport source code to try to figure this out. More information on what I've found can be read about here on the Passport repo.
The project that this is going in is open source. The middleware is being configured here:
https://github.com/jmeas/finance-app/blob/google-sign-in/server/app.js
and the Passport configuration can be seen here:
https://github.com/jmeas/finance-app/blob/google-sign-in/server/utils/configure-passport.js
Perhaps I'm missing something obvious?
