{
  "context": "This criteria evaluates how well the engineer uses passport-google-oauth to implement environment-specific callback URLs for multi-environment OAuth authentication. The focus is on proper strategy configuration, callback URL management, and integration with Passport.js middleware.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "OAuth2Strategy Import",
      "description": "Correctly imports OAuth2Strategy from passport-google-oauth (or passport-google-oauth20)",
      "max_score": 10
    },
    {
      "name": "Environment-Based Callback URL",
      "description": "Implements logic to select callback URL based on NODE_ENV environment variable with correct URLs for all three environments (development, staging, production)",
      "max_score": 25
    },
    {
      "name": "Strategy Configuration",
      "description": "Properly configures OAuth2Strategy with required parameters: clientID, clientSecret, and the environment-specific callbackURL",
      "max_score": 20
    },
    {
      "name": "Verify Callback Implementation",
      "description": "Implements verify callback with correct signature (accessToken, refreshToken, profile, done) and properly calls done() to complete authentication",
      "max_score": 15
    },
    {
      "name": "Passport Initialization",
      "description": "Properly initializes passport with passport.use() to register the strategy and uses passport.initialize() and passport.session() middleware",
      "max_score": 10
    },
    {
      "name": "Authentication Middleware Usage",
      "description": "Uses passport.authenticate() middleware correctly on both /auth/google route (to initiate OAuth flow) and /auth/google/callback route (to handle callback)",
      "max_score": 15
    },
    {
      "name": "Session Serialization",
      "description": "Implements passport.serializeUser() and passport.deserializeUser() to handle user session persistence",
      "max_score": 5
    }
  ]
}