How to add passport-twitter middleware to an express GET route

How to add passport-twitter middleware to an express GET route


I’m working on the pinterest clone and trying to integrate passport-twitter.

Login seems to work in firefox (but not chrome or chromium). It redirects to twitter and returns to app when authorize button is clicked. However routes other than twitter (auth and callback) do not call deserializeUser and req.user is undefined.

I have looked at a number of examples but can’t see what I am doing wrong.

Any help appreciated.

links to demo and Server code

thanx for your time,


Shouldn’t your authentication route be set to /auth/callback/twitter instead of /callback/twitter ?. The reason I am saying that that is because the call back that you are pointing to in you twitter strategy is that is to say auth folder is specified from the root. May not fix your problem but at least I know that I had the call back and get routes matched in my projects for passport-twitter to work…


Thanx for your time Dereje, I will certainly take a look at your repo.
I’m very new to this, but as I understand it, the following code prefixes all routes (in that module) with /auth:

app.use('/auth', authRoutes);

e.g. in authRoutes “const authRoutes = require('./routes/auth');” all routes will be prefixed with /auth, so /callback/twitter becomes /auth/callback/twitter.

The auth flow itself seems to work. It’s keeping hold of the auth in other routes (e.g. /auth/user) that is missing.


gotcha @nikrb I didn’t pay attention to that require statement, I’ll take a look later for more irregularities with my code


I don’t know if this helps, but looking at my debug statements after running through auth below,

request for /static/user main js calls deserializeUser and req.user is set:

2017-11-10T19:58:16.517312+00:00 app[web.1]: request: protocol [http] host []
2017-11-10T19:58:16.517312+00:00 app[web.1]:     url [/static/js/main.5a9373cf.js]
2017-11-10T19:58:16.517415+00:00 app[web.1]: passport deserializeUser id: 5a00c91a297efbb316146e79
2017-11-10T19:58:16.520057+00:00 app[web.1]: request user [{ _id: 5a00c91a297efbb316146e79,
2017-11-10T19:58:16.520058+00:00 app[web.1]:   twitterId: 584322168,
2017-11-10T19:58:16.520059+00:00 app[web.1]:   __v: 0,
2017-11-10T19:58:16.520059+00:00 app[web.1]:   name: 'Niki Bing',
2017-11-10T19:58:16.520059+00:00 app[web.1]:   email: null }]

but the following request for /auth/user deserializeUser is not run and req.user is not set:

2017-11-10T19:58:16.903363+00:00 app[web.1]: request: protocol [http] host []
2017-11-10T19:58:16.903366+00:00 app[web.1]:     url [/auth/user]
2017-11-10T19:58:16.903503+00:00 app[web.1]: request user [undefined]


Without downloading your whole project and checking the console.log at different steps it is really hard for me to see what is wrong, especially since I’m also a beginner at this, however one difference I see between mine and yours is that in the callback for the passport-twitter strategy mine has a process.nextTick(function() , which basically waits for the data to come back from twitter before firing off the database commands.
The other thing I see is that you are using a findOneAndUpdate command , but I am not sure what exactly you are updating, all the user information is provided by twitter, so either that twitter user already exists in your database, in which case you simply return the user, or the user does not exist, in which case you would create a new user in your db, I am not sure why an update would even be necessary here.

For my passport.js needs I used this as a start off template and modified it according to my needs so it would play along with react/redux on the client side.


I noticed the process.nextTick as well, but it didn’t solve the issue unfortunately.
The findOneAndUpdate is so the user is created first time. It’s also left over from my base local auth template allowing the user to change their details/password.
Thanx for the link to, will check it out.

thanx for your help dude,


Browser fetch wasn’t sending cookie to server, found answer here:

fetch( "/auth/user",{
  method: "GET",
  headers: {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Cache': 'no-cache'
  credentials: 'same-origin'