{
  "context": "This criteria evaluates how well the engineer uses the passport-google-oauth package to implement session-based Google OAuth 2.0 authentication, focusing specifically on session management integration capabilities including strategy configuration, user serialization/deserialization, and session lifecycle handling.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "OAuth2Strategy Import",
      "description": "Uses OAuth2Strategy (or GoogleStrategy) from passport-google-oauth or passport-google-oauth20 package",
      "max_score": 10
    },
    {
      "name": "Strategy Configuration",
      "description": "Correctly configures the OAuth2Strategy with clientID, clientSecret, and callbackURL parameters",
      "max_score": 15
    },
    {
      "name": "Strategy Registration",
      "description": "Registers the strategy with passport using passport.use() method",
      "max_score": 10
    },
    {
      "name": "Verify Callback",
      "description": "Implements the verify callback with correct signature (accessToken, refreshToken, profile, done) and calls done() with user object",
      "max_score": 15
    },
    {
      "name": "User Serialization",
      "description": "Implements passport.serializeUser() to store only the user ID in the session",
      "max_score": 15
    },
    {
      "name": "User Deserialization",
      "description": "Implements passport.deserializeUser() to retrieve full user data from storage using the ID",
      "max_score": 15
    },
    {
      "name": "Session Initialization",
      "description": "Initializes passport with passport.initialize() and enables session support with passport.session()",
      "max_score": 10
    },
    {
      "name": "Authentication Middleware",
      "description": "Uses passport.authenticate() with 'google' strategy for initiating OAuth flow and handling callback",
      "max_score": 10
    }
  ]
}