I was following a tutorial on using Oauth (Google) with Passport.js and Nodejs, The Net Ninja one
And He didn't mention express-session and it worked for him
When I tried it it gave me the Error:
Login sessions require session support. Did you forget to use `express-session` middleware?
And When I installed express-session, and did something like this
var session = require('express-session');
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: false,
cookie: { secure: true }
}));
... It worked Fine!
So, did I have to use express-session, and should I do every time I use passport oauth?
A web application needs the ability to identify users as they browse from page to page. This series of requests and responses, each associated with the same user, is known as a session.
https://www.passportjs.org/concepts/authentication/sessions/
Sessions allow you to keep the user authenticated across multiple requests. Without sessions, each request would be treated as a new request, and the user would have to authenticate themselves again and again.
When you use express-session, Passport stores the authenticated user's information in a session cookie. This allows you to keep the user authenticated across multiple requests.
But, you can disable session support in Passport: Passport js authentification without sessions.
Once you have disabled session support, you will need to store the auth information in a different way. One way to do this is to use JSON Web Tokens (JWTs). JWTs are a way of storing user information in a token that can be passed between the client and the server. JWTs are stateless, so they don't require sessions.
Have a look: https://www.passportjs.org/packages/passport-jwt/