Thank you Biplab Malakar

I would still code and invest the $1 million for good cause.

Seems that's wrong , The doc says something different. db.collection.remove( <query>, <justOne> ) justOne (boolean) Optional. To limit the deletion to just one document, set to true. Omit to use the default value of false and delete all documents matching the deletion criteria.

Thanks Diego, had to use cookie-parser

This is where I got stuck actually. "/twitter" , passport.authenticate( "twitter" , { scope: [ "profile" ] })); "/twitter/callback" , passport.authenticate( "twitter" , { failureRedirect: "/login" }), controllers.authController.twitter_callback ); twitter_callback: async (req, res) => { try { const twitter_user = await req.user; const user = await User.create({ name: twitter_user.displayName, email: twitter_user.emails[ 0 ]. value }); const token = user.generateAuthToken(); res.header( "x_auth_token" , token).json({ msg: "callback called" , status: 200 }); // res.redirect("/"); } catch (err) { console.log(err); // res.status(500).json(err); } } I'm having trouble with saving the header token in cookie. I need to store the header token in cookie.

Thank you !!

Thanks for the feedback @sandeep

@sandeep :)

Hi Anthony, That's the ideal way of having private routes. Usually in middleware. This is what I do usually. router.post("/create", [auth, isAdmin], controllers.users.create);

Thanks Matt Strom , exactly what I needed.