{
  "context": "This criteria evaluates how well the engineer uses the passport-google-oauth package's OAuth 1.0a authentication strategy to implement a legacy Google authentication service. The focus is on proper usage of the OAuthStrategy class, correct configuration parameters, and appropriate handling of OAuth 1.0a tokens and user profiles.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "OAuthStrategy Import",
      "description": "Imports OAuthStrategy (or Strategy alias) from passport-google-oauth package",
      "max_score": 10
    },
    {
      "name": "Strategy Configuration",
      "description": "Creates new OAuthStrategy instance with correct configuration object containing consumerKey, consumerSecret, and callbackURL parameters",
      "max_score": 20
    },
    {
      "name": "Verify Callback Signature",
      "description": "Implements verify callback with correct OAuth 1.0a signature: (token, tokenSecret, profile, done) - not the OAuth 2.0 signature (accessToken, refreshToken, profile, done)",
      "max_score": 20
    },
    {
      "name": "Strategy Registration",
      "description": "Registers the OAuthStrategy with Passport using passport.use()",
      "max_score": 15
    },
    {
      "name": "Token Handling",
      "description": "Correctly handles and stores/passes both token and tokenSecret from the verify callback (not accessToken/refreshToken)",
      "max_score": 15
    },
    {
      "name": "Profile Data Access",
      "description": "Accesses user profile properties (id, displayName) from the profile object provided by the strategy",
      "max_score": 10
    },
    {
      "name": "Passport Configuration",
      "description": "Returns or exports properly configured Passport instance that can be used for authentication middleware",
      "max_score": 10
    }
  ]
}