Passport & JWT & Google Strategy - Disable session & res.send() after google callback

Manage to overcome this with some insights:
1. disable session in express - just remove the middleware of the session

// app.use(session({secret: config.secret}))

2. when using Google authentication what actually happens is that there is a redirection to google login page and if login is successful it redirect you back with the url have you provided.

This actually mean that once google call your callback you cannot do res.send(token, user) - its simply does not work (anyone can elaborate why?). So you are force to do a redirect to the client by doing res.redirect("/").But the whole purpose is to pass the token so you can also do res.redirect("/?token=" + token).

app.get( '/auth/google/callback',        passport.authenticate('google', {            //successRedirect: '/',            failureRedirect: '/'            , session: false        }),        function(req, res) {            var token = AuthService.encode(req.user);            res.redirect("/home?token=" + token);        });

But how the client will get the user entity?So you can also pass the user in the same way but it didn't felt right for me (passing the whole user entity in the parameter list...).So what I did is make the client use the token and retrieve the user.

    function handleNewToken(token) {        if (!token)            return;        localStorageService.set('token', token);        // Fetch activeUser        $http.get("/api/authenticate/" + token)            .then(function (result) {                setActiveUser(result.data);        });    }

Which mean another http request - This make me think that maybe I didnt get right the token concept.Feel free to enlighten me.