Passport-twitter: failed to find request token in session

Question

just yesterday on Heroku I started to have this error on twitter login in express

Error: failed to find request token in session
    at Strategy.<anonymous> (/app/node_modules/passport-twitter/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth.js:120:54)
    at Strategy.authenticate (/app/node_modules/passport-twitter/lib/passport-twitter/strategy.js:82:40)
    at Passport.authenticate (/app/node_modules/passport/lib/passport/middleware/authenticate.js:153:14)
    at callbacks (/app/node_modules/express/lib/router/index.js:272:11)
    at param (/app/node_modules/express/lib/router/index.js:246:11)
    at pass (/app/node_modules/express/lib/router/index.js:253:5)
    at Router._dispatch (/app/node_modules/express/lib/router/index.js:280:4)
    at Object.handle (/app/node_modules/express/lib/router/index.js:45:10)
    at Context.next (/app/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at Context.<anonymous> (/app/node_modules/passport/lib/passport/context/http/actions.js:64:8)

any suggestion?

Answer 1

Same symptom for me (no request token), but trying the other solutions here didn't help (secure: false, localhost vs 127.0.0.1, etc.)

Turns out the problem was caused by an incorrect cookie configuration while using cookie-session. In my case, I was passing a number for the expires option, but that option expects a Date. Switched to using maxAge instead, which expects a number.

Answer 2

This is totally random, and I'm a Node newb... so apply salt liberally.

I was seeing this error and a very similar stack trace tonight, actually. It turned out that I had just changed my auth callback route to look like this:

app.use('/auth/twitter/callback', twitterCallback);

See how I used use there instead of get? Once I changed it back, I stopped getting this error.

My stack trace looked a bit different, though:

DEBUG: Error: failed to find request token in session
     at Strategy.<anonymous> (/Users/drhayes/src/incursion/node_modules/passport-twitter/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth.js:122:54)  
     at Strategy.authenticate (/Users/drhayes/src/incursion/node_modules/passport-twitter/lib/passport-twitter/strategy.js:82:40)  
     at Passport.authenticate (/Users/drhayes/src/incursion/node_modules/passport/lib/passport/middleware/authenticate.js:153:14)  
     at Object.handle (native)  
     at next (/Users/drhayes/src/incursion/node_modules/express/node_modules/connect/lib/http.js:204:15)  
     at /Users/drhayes/src/incursion/node_modules/passport/lib/passport/middleware/authenticate.js:99:9  
     at /Users/drhayes/src/incursion/node_modules/passport/lib/passport/http/request.js:46:7  
     at pass (/Users/drhayes/src/incursion/node_modules/passport/lib/passport/index.js:229:30)  
     at /Users/drhayes/src/incursion/node_modules/passport/lib/passport/index.js:237:36  
     at /Users/drhayes/src/incursion/routes/auth.coffee:42:14  

Has your source changed recently? Is there a revision bump in your deployed slug?

Answer 3

sameSite seems to be another culprit. Going from

const SESSION_OPTIONS = {
  ...
  cookie: {
    sameSite: true,
  },
};

to

const SESSION_OPTIONS = {
  ...
  cookie: {
    sameSite: app.get('env') === 'production' ? true : false,
  },
};

did the trick for me.

Answer 4

I have the same issue, the solution was, take the site using http://127.0.0.1:3000/ instead http://localhost:3000, when the request happens everything works well.

Answer 5

In my case, it is due to reverse proxy and secure cookie. Setting app.set('trust proxy', 1) resolves the issue.

https://github.com/expressjs/session/issues/281#issuecomment-191327863

Answer 6

I used passport-flickr and fixed the same problem by changing 127.0.0.1 to localhost

passport.use(new FlickrStrategy({
    ...
    callbackURL: "http://localhost:3000/auth/flickr/callback"
  },

Answer 7

This is a very late answer, but I just figured another reason this can happen. When the guys who made express-session said that MemoryStore is not meant for production, they really meant it.

If you're using clustering, (pm2 or forever or running on Heroku), then memory based cookie storages have their own set of problems. You'll often loose cookies or corrupt them (because there are two or more separate processes on server side, not sharing common memory).

If you want to run your Node app with clusters, you need to use Redis or some DB-backed cookie storage

Answer 8

Twitter does not accept localhost so i was forced to use the following settings:

In https://apps.twitter.com/app/....

website = http://127.0.0.1:3000
callback url: http://localhost:3000/login/twitter/callback

In passport:

'callbackURL'       : 'http://localhost:3000/login/twitter/callback'

Note: The twitter callback url works using both 127.0.0.1 & localhost

Answer 9

In Twitters app settings, ensure the following fields have these values:

Website : http://127.0.0.1:3000

Callback URL : http://127.0.0.1:3000/auth/twitter/callback

**I am working with port number 3000. You could change that to whatever port you are working with.

Now, navigate to http://127.0.0.1:3000 in your browser. This should solve your problem.

Answer 10

I had this once, I fixed it by changing the call back URL

from 127.0.0.1

to localhost

Answer 11

I also encountered this error using Node.js, Express & Passport, although my fix was different than those described above.

I had copied and pasted the following code from the 'express-session' documentation...

app.use(session({ secret: 'keyboard cat', key: 'sid', cookie: { secure: true }}))

That secure: true bit instructs express-session to use 'https', which I don't have setup in my development environment. Once I removed it, the error went away.

Answer 12

YUHU I solved. the problem was that some times my website had www and sometimes not, so there were problems with sessions, apparently.