Attributes in URL after redirect that appear in production but not with netlify dev

My site name:
My GitHub Project: Github

I made a little app to test how a twitter login would work serverless. I use PassportJS and store the sessions on MongoDB.

The app works but there is one key part that I couldn’t fix. After clicking the login button and waiting for the redirect to the homepage the tokens from the twitter API appear in the search bar:

I redirect with

  passport.authenticate("twitter", {
    successRedirect: "",
    failureRedirect: "",

Weird is that this behavior doesn’t exist running netlify dev and in my project where I do the same just with a backend server.

Why doesn’t it redirect to

(By redirect I mean the redirects in node.js and not redirect in the netlify.toml. I used a redirect in the netlify.toml before, but I removed it and hoped this fixes the issue - but it didn’t)

Hi @Eric1

The form element in index.html use GET requests, which are for receiving data e.g

If you wish to have data sent, use a POST request instead (see Express

Why the difference between Netlify and Netlify CLI I cannot speculate.

Hi @coelmay I’m not trying to send data. I change the form to links so it is probably more clear. (it still doesn’t work)
<a href="/.netlify/functions/auth/login">Login</a>
I’m also not using Express…

The routes are using app.get() e.g.

router.get("/", (req, res) => {
  res.status(200).json({ user: req.user });

This above is a GET request.

So why is this line in functions/auth.js

const express = require("express");

and this line in functions/routes/auth.js

const router = require("express").Router();

Ups sorry. Yes I’m using Express.

Yes this router uses get. But how would this fix my problem if I changed it to a post? I’m not trying to send data to this route.

The purpose of the following snippet is to retrieve the user data when the user is logged in. (this works) So I don’t think a post here would solve the problem.

router.get("/", (req, res) => {
  res.status(200).json({ user: req.user });

I wasn’t suggesting that specific snippet of code was the issue, I used it only as an example.

@coelmay I rephrased the problem here on stackoverflow. I hope this makes more clear what the problem is.

That Stackoverflow link seems dead.

But, I was trying to look through Passport.js documentation and I found this page:

The code snippet there seems to be different than what you’ve used.

Stackoverflow link is dead because I deleted it.

Thanks for your investigation. I think the snippet is valid. The problem seems to be netlify’s feature “automatic pass through of query string parameters”, which preserves ?oauth_token=xyz&oauth_verifier=xyz after the redirect from twitter.

I now use this config to remove the params:

  from = "/*"
  to = "/?success"
  query = {oauth_token = ":token", oauth_verifier = ":verifier"}
  force = true