Passport.js strategy fails when not using session

Question

I'm trying to figure out how to integrate a Oauth strategy(github) to my application which uses express and websockets.

I'm following this guide which explains how to use JWT tokens instead of using the default passport sessions

https://blog.hyphe.me/token-based-authentication-with-node/

this is the code i have so far

  app.use(passport.initialize())
  app.get('/auth/github',passport.authenticate('github',{session:false}),serialize, generateToken, respond)

  app.get('/auth/github/callback',passport.authenticate('github',{failureRedirect:'/'}),
    function(req,res){
      res.redirect('/')
    }
  )

When i try to login via github - i get the below error

Error: Failed to serialize user into session
    at pass (/home/avernus/Desktop/experiments/oauth/node_modules/passport/lib/authenticator.js:271:19)
    at Authenticator.serializeUser (/home/avernus/Desktop/experiments/oauth/node_modules/passport/lib/authenticator.js:289:5)
    at IncomingMessage.req.login.req.logIn (/home/avernus/Desktop/experiments/oauth/node_modules/passport/lib/http/request.js:50:29)
    at Strategy.strategy.success (/home/avernus/Desktop/experiments/oauth/node_modules/passport/lib/middleware/authenticate.js:235:13)
    at verified (/home/avernus/Desktop/experiments/oauth/node_modules/passport-oauth2/lib/strategy.js:177:20)
    at Strategy._verify (/home/avernus/Desktop/experiments/oauth/passport.js:13:12)
    at /home/avernus/Desktop/experiments/oauth/node_modules/passport-oauth2/lib/strategy.js:193:24
    at /home/avernus/Desktop/experiments/oauth/node_modules/passport-github/lib/strategy.js:174:7
    at passBackControl (/home/avernus/Desktop/experiments/oauth/node_modules/oauth/lib/oauth2.js:125:9)
    at IncomingMessage.<anonymous> (/home/avernus/Desktop/experiments/oauth/node_modules/oauth/lib/oauth2.js:143:7)

I'm not sure where exactly the problem is

this is my github strategy

passport.use(new githubStrategy({
  clientID:'********',
  clientSecret:'*******',
  callbackURL:'http://localhost:3000/auth/github/callback'
  },
  function(accessToken,refreshToken,profile,done){
    console.log('accessToken: ',accessToken,' refreshToken: ',refreshToken,' profile: ',profile)
    return done(null,profile)
  }
))

I'm able to successfully get the profile from github

the serialize function

function serialize(req, res, next) {  
  db.updateOrCreate(req.user, function(err, user){
    if(err) {return next(err);}
    // we store the updated information in req.user again
    req.user = {
      id: user.id
    };
    next();
  });
}

Answer 1

from my experience passportjs with oauth always requires sessions to operate, despite the session: false option.

i believe the underlying oauth library dependencies look for sessions no matter what. its quite frustrating.

edit: to add more detail to this, the example you are linking to uses the default strategy, which is not oauth based. in this instance you could opt out of using sessions. you are using the github strategy which uses oauth thus requires sessions

Answer 2

Aren't you missing the {session:false} option in your callback?

app.get('/auth/github/callback',passport.authenticate('github',{failureRedirect:'/', session: false}),
function(req,res){
  res.redirect('/')
})

Im guessing right here because I've never worked with Strategies that requires a callback. But i would imagine that passport tries to serialize the user in the callback as thats the point where you receive the profile from Github.