Shared Authentication between two node apps when using mongodb
-
I'm not sure whether I found the answer.
Is it possible to use connect-mongo for sharing the user session between two separate node app.
e.g., www.mydomain.com
forum.mydomain.comCan some one give me an answer?
-
-
Thx so much.
I will try that after a while
-
@julian said:
Yes, you can use connect-mongo (or connect-redis) to share sessions. You'll have to match your cookie information as well. Theoretically, this should work, although it may be easier to set up an oauth endpoint using oAuthorize instead.
I have a new question, how can I disable the local login strategy and use the new oauth endpoint? or did I understand wrong about the oauth2rize?
-
If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the
POST /login
and/register
routes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead. -
@julian said:
If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the
POST /login
and/register
routes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead.Super, that helps a lot!
Thx in deed -
There's also a relevant Github issue open for disabling local logins: https://github.com/designcreateplay/NodeBB/issues/1263
-
@kevinprotoss Have you been able to do the changes and make your website and nodebb sync with each other?
-
I'm interested in the same use case. Sharing a login form an app to an instance of nodebb. I'm particulary curious about how they achieved that on http://world.kano.me/ since it is an smooth and elegant result. Any clue on how they implemented it?
-
@José-Ángel-Rey-Liñares I don't believe Kano uses NodeBB anymore, though I could be mistaken.
We still recommend https://github.com/julianlam/nodebb-plugin-sso-oauth, though if you have a login API that takes username/password, you could also consider writing a plugin that listens on the
action:auth.overrideLogin
hook...