Attributes in URL after redirect that appear in production but not with netlify dev

Eric1 · January 21, 2022, 10:45pm

My site name: https://serverless-twitter-login.netlify.app
My GitHub Project: Github

I made a little app to test how a twitter login would work serverless. I use PassportJS and store the sessions on MongoDB.

The app works but there is one key part that I couldn’t fix. After clicking the login button and waiting for the redirect to the homepage the tokens from the twitter API appear in the search bar: https://serverless-twitter-login.netlify.app/?oauth_token=xyz&oauth_verifier=xyz

I redirect with

router.get(
  "/redirect",
  passport.authenticate("twitter", {
    successRedirect: "https://serverless-twitter-login.netlify.app",
    failureRedirect: "https://serverless-twitter-login.netlify.app",
  })
);

Weird is that this behavior doesn’t exist running netlify dev and in my project where I do the same just with a backend server.

Why doesn’t it redirect to https://serverless-twitter-login.netlify.app?

(By redirect I mean the redirects in node.js and not redirect in the netlify.toml. I used a redirect in the netlify.toml before, but I removed it and hoped this fixes the issue - but it didn’t)

coelmay · January 21, 2022, 11:53pm

Hi @Eric1

The form element in index.html use GET requests, which are for receiving data e.g

https://example.com/?q=search+query

If you wish to have data sent, use a POST request instead (see Express app.post().)

Why the difference between Netlify and Netlify CLI I cannot speculate.

Eric1 · January 22, 2022, 12:24am

Hi @coelmay I’m not trying to send data. I change the form to links so it is probably more clear. (it still doesn’t work)
<a href="/.netlify/functions/auth/login">Login</a>
I’m also not using Express…

coelmay · January 22, 2022, 12:29am

The routes are using app.get() e.g.

router.get("/", (req, res) => {
  res.status(200).json({ user: req.user });
});

This above is a GET request.

So why is this line in functions/auth.js

const express = require("express");

and this line in functions/routes/auth.js

const router = require("express").Router();

Eric1 · January 22, 2022, 12:40am

Ups sorry. Yes I’m using Express.

Yes this router uses get. But how would this fix my problem if I changed it to a post? I’m not trying to send data to this route.

The purpose of the following snippet is to retrieve the user data when the user is logged in. (this works) So I don’t think a post here would solve the problem.

router.get("/", (req, res) => {
  res.status(200).json({ user: req.user });
});

coelmay · January 22, 2022, 7:44am

I wasn’t suggesting that specific snippet of code was the issue, I used it only as an example.

Eric1 · January 26, 2022, 2:16am

@coelmay I rephrased the problem here on stackoverflow. I hope this makes more clear what the problem is.

hrishikesh · January 27, 2022, 12:04pm

That Stackoverflow link seems dead.

But, I was trying to look through Passport.js documentation and I found this page:

The code snippet there seems to be different than what you’ve used.

Eric1 · January 27, 2022, 2:18pm

Stackoverflow link is dead because I deleted it.

Thanks for your investigation. I think the snippet is valid. The problem seems to be netlify’s feature “automatic pass through of query string parameters”, which preserves ?oauth_token=xyz&oauth_verifier=xyz after the redirect from twitter.

I now use this config to remove the params:

[[redirects]]
  from = "/*"
  to = "/?success"
  query = {oauth_token = ":token", oauth_verifier = ":verifier"}
  force = true