My application uses this wonderful package. However I noticed that an alert message appears on Google's authorization page pointing to the following deprecation timetable:

https://developers.google.com/accounts/docs/OpenID#shutdown-timetable

Are there any plans for migrating this module to one of Google's new sign-in options before the deadline in a few months?

Hi,

In order to find out the user's Google email, I'm grabbing each req.sessionStore.sessions, then doing JSON.parse(session).passport.user.emails .

But, I'm finding that this returns the emails of all users who have authenticated since the server started, not just the user making the current request.

Is this a bug? Am I supposed to do something else to get only the session of the user for this request?

-G

This may be the same issue as: #6

I just want to make sure this gets exposure so we can figure it out.

Here is a detailed screencast showing the issue. I hope this helps get it resolved. I start off showing passport-google working great locally, then I publish to Azure Websites and show how it fails when google redirects back to root/auth/google/return.

http://www.youtube.com/watch?v=nZEBmvFb65k

Hello,

I'm using passport-google tu manage single sign on with Google. Upon clicking the SSO link, it takes about 1 second when I'm on my development machine but about 5 in production. I checked that it's not my database queries that are slow. The 5 seconds are spent before the callback in passport.use(new GoogleStrategy) is called.

Is this expected ?

Cheers,
Louis

Hi Jared.

I guess it is possible to use OAuth2 for google+ at the moment. But your passport-google looks like using OpenID2.
http://code.google.com/apis/accounts/docs/OAuth2.html

my application don't work on AWS with passport and Google strategy. This is error:

node_modules/passport-google/node_modules/passport-openid/node_modules/openid/lib/convert.js:33
if(i.charCodeAt(0) > 127)
^
TypeError: Object ��:
�9r���Ţ�17q~��q�v#sf��Z.'�����zc�?)XӲ�9��h7W}E���-�zv�ΧKH�߯���%�NE��f4�I��5̂�H;�v">]I
����"� has no method 'charCodeAt'
at Object.btwoc (/home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/lib/convert.js:33:8)
at _toBase64 (/home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:70:40)
at Object.openid.associate (/home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:637:35)
at successOrNext (/home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:844:16)
at /home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:860:5
at /home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:607:7
at /home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:485:16
at done (/home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:201:9)
at IncomingMessage. (/home/ec2-user/data/scrum/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:205:32)
at IncomingMessage.EventEmitter.emit (events.js:123:20)

Everything is ok on my local computer.

Hi all, I got the following error, and I'm not sure how to trap it, or what caused it. Any advice?

InternalOpenIDError: Failed to verify assertion
at Strategy.authenticate.identifier (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36)
at _verifyAssertionData (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1045:12)
at _verifyAssertionAgainstProvider (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1170:14)
at _checkSignatureUsingAssociation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1221:14)
at Object.openid.loadAssociation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:111:5)
at _checkSignatureUsingAssociation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1213:10)
at _checkSignature (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1203:5)
at _verifyAssertionAgainstProvider (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1166:3)
at _verifyDiscoveredInformation (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1137:16)
at openid.discover (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:660:7)
at _resolveXri (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:536:16)
at _get.get.done (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:246:9)
at IncomingMessage._get (/home/dotcloud/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:250:32)
at IncomingMessage.EventEmitter.emit (events.js:115:20)
at IncomingMessage._emitEnd (http.js:366:10)
at HTTPParser.parserOnMessageComplete as onMessageComplete
at CleartextStream.socketOnData as ondata
at CleartextStream.CryptoStream._push (tls.js:396:27)
at SecurePair.cycle (tls.js:750:20)
at EncryptedStream.CryptoStream.write (tls.js:131:13)
at Socket.ondata (stream.js:38:26)
at Socket.EventEmitter.emit (events.js:88:17)
at TCP.onread (net.js:397:14)

Hello there!

Google OpenID 2.0 will not be supported after April 20, 2015, as explained by the article hereby:
https://developers.google.com/accounts/docs/OpenID#shutdown-timetable

Have you any plan regarding passport-google module ?

Thanks.

grebett

On localhost this works, but not on Windows Azure.

var express = require('express')
, engine = require('ejs-locals')
, passport = require('passport')
, util = require('util')
, GoogleStrategy = require('passport-google').Strategy;

// Passport session setup.
// To support persistent login sessions, Passport needs to be able to
// serialize users into and deserialize users out of the session. Typically,
// this will be as simple as storing the user ID when serializing, and finding
// the user by ID when deserializing. However, since this example does not
// have a database of user records, the complete Google profile is serialized
// and deserialized.
passport.serializeUser(function(user, done) {
done(null, user);
});

passport.deserializeUser(function(obj, done) {
done(null, obj);
});

// Use the GoogleStrategy within Passport.
// Strategies in passport require a validate function, which accept
// credentials (in this case, an OpenID identifier and profile), and invoke a
// callback with a user object.
passport.use(new GoogleStrategy({
returnURL: 'http://nodejs-test.azurewebsites.net/auth/google/return',
realm: 'http://nodejs-test.azurewebsites.net/'
// returnURL: 'http://localhost:1337/auth/google/return',
// realm: 'http://localhost:1337/'
},
function(identifier, profile, done) {
// asynchronous verification, for effect...
process.nextTick(function () {

  // To keep the example simple, the user's Google profile is returned to
  // represent the logged-in user.  In a typical application, you would want
  // to associate the Google account with a user record in your database,
  // and return that user instead.
  profile.identifier = identifier;
  return done(null, profile);
});

}
));

var app = express();
// use ejs-locals
app.engine('ejs', engine);
// configure Express
app.configure(function() {
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.set('port', process.env.PORT || 1337);
app.use(express.logger());
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session({ secret: 'keyboard cat' }));
// Initialize Passport! Also use passport.session() middleware, to support
// persistent login sessions (recommended).
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(__dirname + '/../../public'));
});

app.get('/', function(req, res){
res.render('index', { user: req.user, title: 'AJONP - Login'});
});

app.get('/account', ensureAuthenticated, function(req, res){
res.render('account', { user: req.user });
});

app.get('/login', function(req, res){
res.render('login', { user: req.user });
});

// GET /auth/google
// Use passport.authenticate() as route middleware to authenticate the
// request. The first step in Google authentication will involve redirecting
// the user to google.com. After authenticating, Google will redirect the
// user back to this application at /auth/google/return
app.get('/auth/google',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});

// GET /auth/google/return
// Use passport.authenticate() as route middleware to authenticate the
// request. If authentication fails, the user will be redirected back to the
// login page. Otherwise, the primary route function function will be called,
// which, in this example, will redirect the user to the home page.
app.get('/auth/google/return',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});

app.get('/logout', function(req, res){
req.logout();
res.redirect('/');
});

// Simple route middleware to ensure user is authenticated.
// Use this route middleware on any resource that needs to be protected. If
// the request is authenticated (typically via a persistent login session),
// the request will proceed. Otherwise, the user will be redirected to the
// login page.
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}

While running the signon example from a host behind a proxy, (as well as other programs), authentication fails as the connection times out.
Here is the console log from the sigon example:

127.0.0.1 - - [Thu, 28 Feb 2013 01:56:12 GMT] "GET / HTTP/1.1" 200 224 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.12 Safari/537.31"
127.0.0.1 - - [Thu, 28 Feb 2013 01:56:13 GMT] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.12 Safari/537.31"
127.0.0.1 - - [Thu, 28 Feb 2013 01:56:15 GMT] "GET /login HTTP/1.1" 200 235 "http://localhost:3000/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.12 Safari/537.31"
127.0.0.1 - - [Thu, 28 Feb 2013 01:56:15 GMT] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.12 Safari/537.31"
Failed to discover OP endpoint URL (message: No providers found for the given identifier)
    at Strategy.authenticate (/home/dahal/temp/passport-google/examples/signon/node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:249:52)
    at openid.authenticate (/home/dahal/temp/passport-google/examples/signon/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:850:14)
    at openid.discover.i (/home/dahal/temp/passport-google/examples/signon/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:638:13)
    at _resolveHostMeta (/home/dahal/temp/passport-google/examples/signon/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:604:11)
    at ClientRequest._get (/home/dahal/temp/passport-google/examples/signon/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:254:12)
    at ClientRequest.EventEmitter.emit (events.js:96:17)
    at CleartextStream.socketErrorListener (http.js:1436:9)
    at CleartextStream.EventEmitter.emit (events.js:96:17)
    at Socket.onerror (tls.js:1336:17)
    at Socket.EventEmitter.emit (events.js:126:20)

events.js:71
        throw arguments[1]; // Unhandled 'error' event
                       ^
Error: socket hang up
    at createHangUpError (http.js:1360:15)
    at ServerResponse.OutgoingMessage._writeRaw (http.js:507:26)
    at ServerResponse.OutgoingMessage._send (http.js:476:15)
    at ServerResponse.OutgoingMessage.write (http.js:740:18)
    at ServerResponse.OutgoingMessage.end (http.js:882:16)
    at ServerResponse.module.exports.res.end (/home/dahal/temp/passport-google/examples/signon/node_modules/express/node_modules/connect/lib/middleware/logger.js:147:13)
    at res.end (/home/dahal/temp/passport-google/examples/signon/node_modules/express/node_modules/connect/lib/middleware/session.js:281:15)
    at /home/dahal/temp/passport-google/examples/signon/node_modules/express/node_modules/connect/lib/middleware/session/memory.js:75:11
    at process.startup.processNextTick.process._tickCallback (node.js:244:9)

The problem seems to caused by an upstream issue perhaps with on of the passport dependencies.

As described by the title, the Google strategy does not provide a profile object containing an identifier or provider name, as expected from http://passportjs.org/guide/profile/

Trying to figure out how to save associations, but I can't find any information anywhere on what the fields are. How do I know how long to keep the association around? I assume expiresIn tells me, but since I don't know what type that is... (string? numeric seconds? milliseconds? function returning the value? handle to top-secret API for getting the data?)

Would be awesome to see clarification somewhere =] in the mean time, I'll start digging through code...

This is what I am getting

InternalOAuthError: failed to fetch user profile
    at /mnt/data/1/node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28

Any ideas what might be wrong? I did not changed oauth at all... Does google changed something in the mean time? Should I upgrade the library??

Thank you for your help.

Cheers,
Andrej

Today the package.json file indicates Express 3.x, which doesn't work.

As stated here: https://developers.google.com/accounts/docs/OpenID
Google is deprecating OpenID and OAuth(early version). I think their plans is to migrate to Google+ sign in protocols. Are Google+ protocols supported yet by passportjs?

Here is a sample callback after a successful Google authentication:

Cannot GET /auth/google/callback?code=4/5jky5HVniFOxWH_7o3QtqXR92qer.4iLYz8A7frgRRJPr4JvC3x...

I presume the slash in the Google code response is used by Express for route matching? The docs should be updated with whatever ends up working.

Scenario:
I have 2 kind of login systems

1. Google - for Analytics
2. Google - for Youtube

And I have 2 config

1. for Analytics
2. for Youtube

youtube: {
  clientID          : 'xxx.apps.googleusercontent.companyname',
  clientSecret      : 'xxx-xxxxxxx',
  callbackURL       : '/auth/youtube/callback',
  passReqToCallback : true
},
analytics: {
  clientID          : 'yyy.apps.googleusercontent.com',
  clientSecret      : 'yyy-yyyyy',
  callbackURL       : '/auth/analytics/callback',
  passReqToCallback : true
 },

My passport.js

passport.use(new GoogleStrategy(**config.blabla**, function(req, accessToken, refreshToken, profile, done) {
  blablabla
}

I want my config.blabla to be flexible.

My current idea

I send req.session to this

.get('/auth/analytics',
  function(req, res, next) {
    req.session.authAnalytics = true;
    next();
  },
  passport.authenticate('google', { scope: ['profile', 'email', 'https://www.googleapis.com/auth/analytics'] }))

But we can't call req.session.authAnalytics in passport.js
I want to change config.blablabla to config.analytics if req.session.authAnalytics is not undefined.

Any idea?

I have discovered, when using simple Google Tutorial app, that if the user goes to Google, authenticate successfully and then my app cancels this log in (e.g. because this user was not found in the database) then the Passport flow is completely broken. The message raised (eg "Please Sign Up before using Google Auth") is not propagated and the user is just redirected with an empty request to Login page. This is the complete opposite of what the Local Strategy would do - pass the messages.

This issue can be seen here https://github.com/molt2020/broken-passport/blob/main/routes/auth.js (modified Passport Google tutorial)

All I have done to modify the tutorial is:

passport.use(new GoogleStrategy({
  clientID: process.env['GOOGLE_CLIENT_ID'],
  clientSecret: process.env['GOOGLE_CLIENT_SECRET'],
  callbackURL: '/oauth2/redirect/google',
  scope: [ 'profile' ]
}, function verify(issuer, profile, cb) 

{
return cb(null, false, {message : "Please Sign Up before using Google Login"});  // I replaced all logic from the Tutorial with a simple reject message
}

Is this intended behaviour? If so, it is very poor as it doesn't cover a basic scenario where federated authentication is successful but something else fails and we want to inform the customer.

Or, is there a workaround for this scenario??

I'm just setting up passport-google. The identifier after logging in looks like this:

"https://www.google.com/accounts/o8/id?id=SomeWeirdIDWithNumbersAndLetters"

The id however changes when I'm logging in from a different computer, so I can't use that as a unique identification. Can the user change his primary email address profile.emails[0], or can I use that one as identification?

Is it possible to retrieve the 'country' and 'language' profile parameters provided by Google? (See https://developers.google.com/accounts/docs/OpenID#Parameters)

The README documentation (wrongly) says to use

function(identifier, done) {
  ...
}

But the actual example code is

function(identifier, profile, done) {
  ...
}

Probably a good idea to fix to get new users on board easily.

My google auth is silently failing and just redirecting to the failureRedirect URL. But how to debug it? I get no output that shows me what the problem is.

Thanks!

I did not change the code for 5 months and now, suddenly I cannot log into my app through Google.

    Failed to verify assertion (message: Invalid association handle)
        at /home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36
        at /home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1069:12
        at /home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1193:16
        at /home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1247:14
        at openid.loadAssociation (/home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:111:5)
        at _checkSignatureUsingAssociation (/home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1239:10)
        at _checkSignature (/home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1229:5)
        at _verifyAssertionAgainstProviders (/home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1189:12)
        at /home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1154:7
        at /home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:686:7
    ---------------------------------------------
        at ClientRequest.<anonymous> (/home/michael.heuberger/binarykitchen/code/signdna/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:262:9)
        at g (events.js:180:16)
        at ClientRequest.emit (events.js:95:17)
        at parserOnIncomingClient (http.js:1692:21)
        at parserOnHeadersComplete (http.js:121:23)
        at socketOnData (http.js:1587:20)

part of the error in the URL is

GET /user/login/google/return?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2014-09-25T00%3A31%3A42ZOZ2dCyQr5pT66Q&openid.return_to=https%3A%2F%2Flocalhost%3A8080%2Fuser%2Flogin%2Fgoogle%2Freturn&openid.invalidate_handle=1.AFD_5tlhrZgoCozSrfzHDHGNqpWBJG6ywXuDlUhuqcXeTDOrpBlvffWPSZ6hAgFgeY3QfPTbPw0vdfPW9FMeM7VHQ5Y&openid.assoc_handle=1.AMlYA9V5PEydjlH2y0Yalx0gL2mQtia6tP0KbPwJbbmY8LqrpEY4wn8tFRWDaBO9&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.firstname%2Cext1.value.firstname%2Cext1.type.lastname%2Cext1.value.lastname%2Cext1.type.email%2Cext1.value.email&...

Any clues?

I tried an example described in README:

    function (identifier, done) {
        console.log(identifier);
        console.log(done);
        done(null, {id: identifier});
    }

And I've got:

https://www.google.com/accounts/o8/id?id=ID
{ displayName: 'Name Surname',
  emails: [ { value: '[email protected]' } ],
  name: { familyName: 'Surname', givenName: 'Name' } }

            done(null, {id: identifier});
            ^
TypeError: object is not a function

Note, that when I add an additional parameter, it works as expected:

    function (identifier, profile, done) {
        console.log(identifier);
        console.log(profile);
        console.log(done);
        done(null, profile);
    }

https://www.google.com/accounts/o8/id?id=ID
{ displayName: 'Name Surname',
  emails: [ { value: '[email protected]' } ],
  name: { familyName: 'Surname', givenName: 'Name' } }
[Function: verified]

My first try of this library is succeed, But always error after that.

Any suggestion?

thx

Express
500 Failed to discover OP endpoint URL (message: No providers found for the given identifier)

    at Strategy.authenticate (/Users/hfcorriez/Code/dashboard/node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:193:52)
    at openid.authenticate (/Users/hfcorriez/Code/dashboard/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:793:14)
    at openid.discover.i (/Users/hfcorriez/Code/dashboard/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:587:13)
    at _resolveHostMeta (/Users/hfcorriez/Code/dashboard/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:553:11)
    at _get.get.done (/Users/hfcorriez/Code/dashboard/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:201:9)
    at IncomingMessage._get (/Users/hfcorriez/Code/dashboard/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:205:32)
    at IncomingMessage.EventEmitter.emit (events.js:115:20)
    at IncomingMessage._emitEnd (http.js:366:10)
    at HTTPParser.parserOnMessageComplete [as onMessageComplete] (http.js:149:23)
    at CleartextStream.socketOnData [as ondata] (http.js:1366:20)

Hi I try to follow recommendation but adding Router.use(passport.initialize()) will override all my routes and prevent use of /

// I declare some Router.use() before ...

var IP = 'http://127.0.0.1:8080';
var Router = express.Router();

var passport = require('passport');
Router.use(passport.initialize());
Router.use(passport.session());

passport.serializeUser  (function(user, done) { done(null, user); });
passport.deserializeUser(function(obj, done)  { done(null, obj);  });

var GoogleStrategy = require('passport-google').Strategy;
passport.use(new GoogleStrategy({ returnURL: IP+'/auth/google/return', realm: IP },
  function(identifier, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {

      // To keep the example simple, the user's Google profile is returned to
      // represent the logged-in user.  In a typical application, you would want
      // to associate the Google account with a user record in your database,
      // and return that user instead.
      profile.identifier = identifier;
      return done(null, profile);
    });
  }
));

Router.get('/auth/google', 
  passport.authenticate('google', { failureRedirect: '/login' }), 
  function(req, res){ res.redirect('/'); }
);

Router.get('/auth/google/return', 
  passport.authenticate('google', { failureRedirect: '/login' }), 
  function(req, res) { res.redirect('/'); }
);

Router.get('/logout', function(req, res){
  req.logout();
  res.redirect('/');
});

Router.get('/login', function(req, res, next) {
  res.render('portal/login.ejs');
});

// I declare some Router.use() after ...

I use passport-google. It works fine if only one node process is used. As soon as the cluster module is used with 2 or more worker processes, sometimes I receive the following error upon authentication:

Failed to verify assertion (message: Invalid association handle)
   at Strategy.authenticate.identifier (/app/node_modules/passport-google/node_modules/passport-openid/lib/passport-openid/strategy.js:143:36)
   at _verifyAssertionData (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:992:12)
   at _verifyAssertionAgainstProvider (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1123:14)
   at _checkSignatureUsingAssociation (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1170:14)
   at Object.openid.loadAssociation (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:111:5)
   at _checkSignatureUsingAssociation (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1162:10)
   at _checkSignature (/app/node_modules/passport-google/node_modules/passport- openid/node_modules/openid/openid.js:1156:5)
   at _verifyAssertionAgainstProvider (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1119:3)
   at _verifyDiscoveredInformation (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:1084:16)
   at openid.discover (/app/node_modules/passport-google/node_modules/passport-openid/node_modules/openid/openid.js:607:7)

I have tried different session store, including cookie and redis, but the problem persists. Does anyone succeed in using passport-google in a setup involving multiple node processes?

I'd like to use a dynamic returnURL (see http://stackoverflow.com/questions/14111850/passport-facebook-how-to-dynamically-set-callbackurl for people doing this with passport-facebook)

Any ideas?

I have a scenario where I need the user to re-enter their password for a more sensitive part of an application. Is it possible to do this with passport-google? An alternative would be to log out completely and revoke all access to the application, then start again.

I might be reading the wrong article here but I think this is part of the developer policy?
https://developers.google.com/+/web/signin/disconnect

Google has officially stopped supporting OpenID as of April 20th, 2015, and all requests are redirected to a static error page.

The readme should be updated to reflect the current status of support, and a recommendation to use Passport-Google-OAuth instead.

https://developers.google.com/identity/protocols/OpenID2Migration#shutdown-timetable

Hey Jared,

I updated issue #14 but couldn't reopen it so I'm not sure you saw it. In short, throttling doesn't have an impact on the speed of signin. Even on my dev machine, it still takes about twice as much as what I saw on other websites.

To be clearer, here are the two places that take a lot of time. Both are in file passport-google/node_modules/passport-openid/lib/passport-openid/trategy.js, in the function defined by Strategy.prototype.authenticate (in my version its line 123). Here is what happens:

1. This function is called immediately upon click on the login button, and executes the else of the big if clause. It immediately arrives at this._relyingParty.authenticate (line 195 for me) which takes about 3s to call its callback
2. The call back calls my return url which in turns calls this function again, immediately. This time we are the big if condition is satisfied.
3. this._relyingParty.verifyAssertion is immediately called (line 144 for me) but takes a further 1.2s to call its callback.
4. Once the callback is called, the rest of the process is instantaneous (~10ms).

So I am interested in understanding what this._relyingParty.authenticate and this._relyingParty.verifyAssertion do that can take so much time.

Thanks again,
Louis