Google+ insert moment with nodejs client

Has anyone been able to get the google-api-nodejs-client to successfully insert a moment?

Whatever I try, I get a generic 400 "Invalid value" error but am unable to narrow down the invalid value because the API Explorer doesn't work either.

Would it be because of the missing data-requestvisibleactions parameter? I'm using passport.js's require('passport-google-oauth').OAuth2Strategy for handling oauth access, and that part is working fine, but I have no idea how to incorporate requestvisibleactions into the oauth request flow since this is definitely not originating from a clientside form.

Here's a snippet of what I'm trying to do (using the latest version of googleapis, v1.0.2):

var google = require('googleapis')
var auth = new google.auth.OAuth2()
auth.setCredentials({
  'access_token': user.token
})

google.plus('v1').moments.insert({
  collection: 'vault',
  userId: 'me',
  debug: true,
  resource: {
    type: "http://schemas.google.com/AddActivity",
    target: {
      type: "http://schema.org/CreativeWork",
      url: "...omitted...",
      image: "...omitted...",
      description: "test",
      name: "test"
    }
  },
  auth: auth
}, function (err, response) {
  if (err) {
    console.error(err)
    res.send(err.code, err)
  } else {
    console.log(response)
    res.send(200)
  }
})

ref 1 (out-of-date w.r.t. an older version of googleapis)

ref 2 (client-side, where the use of data-requestvisibleactions is more obvious)

As you speculated, you need the request_visible_actions parameter as part of the URL calling the oauth endpoint.

It looks like the current version of passport-google-oauth doesn't support this parameter. Judging by several of the open issues and pull requests, it isn't clear that the author will respond to requests to add it either. You have two possible options:

Switch to using the OAuth support that is included in google-api-nodejs-client
Patch the passport-google-oauth code. (And possibly submit a pull request in the hopes it will be useful to someone else.)

I don't use passport.js or the passport module in question, so I can't test this, but based on the github repository, I think you can insert the following in lib/passport-google-oauth/oauth2.js after line 136 and before the return statement:

if (options.requestVisibleActions) {
  // Space separated list of allowed app actions
  // as documented at:
  //  https://developers.google.com/+/web/app-activities/#writing_an_app_activity_using_the_google_apis_client_libraries
  //  https://developers.google.com/+/api/moment-types/
  params['request_visible_actions'] = options.requestVisibleActions;
}