Cannot access /protected in provided WebAppSample "Protecting web applications using WebAppStrategy"

[stepoibm]

Hi! I'm having trouble getting the example to work. The returned token from the appID login don't seem to persist in the session or in a cookie, so I can't ever access the "protected" endpoint. Am I missing something?

Reproduction steps

1. install required packages npm install --save ibmcloud-appid log4js passport express-session express pug
2. get sample folder from this repo
3. save provided example as server.js
4. replace this in server.js with data from existing appid instance

passport.use(new WebAppStrategy({
	tenantId: "{tenant-id}",
	clientId: "{client-id}",
	secret: "{secret}",
	oauthServerUrl: "{oauth-server-url}",
	redirectUri: "{app-url}" + CALLBACK_URL
}));

6. register callback uri with appid (for me http://localhost:3000/ibm/bluemix/appid/callback)
7. run node server.js
8. navigate to http://localhost:3000/web-app-sample.html
9. click "open protected page"
10. login
11. navigate to http://localhost:3000/web-app-sample.html
12. click "open protected page"

Expected

1. http://localhost:3000/web-app-sample.html should not show "You're not authenticated :(" after logging in in step 10
2. after login I should be able to access /protected

Additional

• Tested on node 18.1.0 and 17.6.0
• Reproduction done in this repo: https://github.com/stepoibm/appid-passport. Clone and create your .env and you should get the same issue

[stepoibm]

@VadimDez discovered, that the issue does not exist for passport version 0.5.3. Current version is 0.6.0

[jay-mack]

@stepoibm A new version of the SDK has been released, v7, this includes revised samples of AppID working with passport v6. You mostly likely will need to make changes to your application so play around with the examples.