allow login sessions to be instantiated

Author: sambrenner

lib/passport-http-oauth/strategies/consumer.js

@@ -207,7 +207,7 @@ ConsumerStrategy.prototype.authenticate = function(req) {
       // If no `oauth_token` is present, the consumer is attempting to abtain
       // a request token.  Validate the request using only the consumer key
       // and secret, with the token secret being an empty string.
-      validate('', function() {
+      validate('', function(user) {
         // At this point, the request has been validated and the consumer is
         // successfully authenticated.  The duty of this strategy is complete.
         //
@@ -235,7 +235,7 @@ ConsumerStrategy.prototype.authenticate = function(req) {
         //          detect potential attacks, and display advisory notices to
         //          users.
 
-        return self.success(consumer, info);
+        return self.success(user, info);
       });
     } else {
 
@@ -320,11 +320,11 @@ ConsumerStrategy.prototype.authenticate = function(req) {
       // verified and authentication is successful.
       if (self._validate) {
         // Give the application a chance it validate the timestamp and nonce, if
-        // it so desires.
+        // it so desires. The valid param can be the user if a login session needs to be created.
         var next = function(err, valid) {
           if (err) { return self.error(err); }
           if (!valid) { return self.fail(self._challenge('nonce_used')); }
-          return ok();
+          return ok(valid);
         };
 
         if (self._passReqToCallback) {