Persona (BrowserId) authentication never succeeds in Express 3.0 (with passport-browserid)

Question

I tried writing a skeleton app that authenticates using Mozilla Persona using this tutorial and the passport documentation and the login always fails - I am not sure what I am doing wrong as I don't see any logs from passport. This is my front-end code and this is my server code and I do see the Persona pop-up but req.isAuthenticated() is always false when I login from that pop-up.

Here is a snippet of the client-code:

<script type="text/coffeescript">
    $ ->
      $('#signin').click -> navigator.id.request()
      $('#signout').click -> navigator.id.logout()

      navigator.id.watch
        onlogin: (assertion) ->
          $.ajax
            type: 'POST'
            url: '/login'
            data: assertion: assertion

            success: (res, status, xhr) ->
              console.log res

            error: (res, status, xhr) -> alert "login failure" + res

        onlogout: ->
          console.log 'logout'

  </script>

And this is the server code:

express = require 'express'
passport = require 'passport'
BrowserIDStrategy = require('passport-browserid').Strategy
app = express()

passport.serializeUser (user, done) ->
  log 'serializing user #{user}'
  done null, user.email

passport.deserializeUser (email, done) ->
  log 'deserializing email #{email}'
  done null, email: email

persona_audience = "http://#{config.server.host}:#{config.server.port}"

passport.use new BrowserIDStrategy audience: persona_audience,
  (email, done) ->
    log email
    done null, email: email

app.get '/test', (req, res) ->
  msg = if req.isAuthenticated() then "Congratulations! You've signed in as #{req.user.email}" else "Fail :(("
  log msg
  res.send msg

app.post '/login', passport.authenticate('browserid', {failureRedirect: '/test', successRedirect: '/test'})

app.get '/logout', (req, res) ->
  req.logOut()
  res.redirect '/'

app.configure ->
#  app.use express.logger()
  app.use express.cookieParser(config.server.session_secret)
  app.use express.session()
  app.use express.bodyParser()
  app.use express.methodOverride()
  app.use passport.initialize()
  app.use passport.session()
  app.use app.router
  app.use express['static'](__dirname + '/public')

Answer 1

Putting the app.configure before app.login fixes it. Can someone explain what's going on?

Answer 2

    data: assertion: assertion

This is not valid json above:

        data: { assertion: assertion }