NodeBB Oauth SSO Plugin and Wordpress
-
Ok guys, here is my first stab at trying to get the Wordpress plugin working and I am failing miserably so far. I keep getting a 404 at Nodebb whatever I do. Frustrating.
@Julian thanks for the passport link, I was vaguely aware of it and since I am currently trying to understand SSO and have been reading the OAuth 2.0 draft it was helpful to go through all the strategies.
WIth my slighter better understanding the Google SSO plugin seems to be the closest fit to the Wordpress Oauth2 plug in.
Here is a screenshot of the token endpoint
And of the access user profile endpoint
And here is my first attempt at a custom strategy. The data is provided in json by the wordpress plugin. Only including the changed bits from the Google Oauth2 strategy. Please note the Wordpress Oauth 2 plugin does not work without the 'state=' parameter.
function Strategy(options, verify) {
options = options || {};
options.authorizationURL = options.authorizationURL || 'http://example.com/oauth/authorize?state=2020';
options.tokenURL = options.tokenURL || 'http://example.com/oauth/request_token';OAuth2Strategy.call(this, options, verify);
this.name = 'wordpress';
}Strategy.prototype.userProfile = function(accessToken, done) {
this._oauth2.get('http://example.com/oauth/request_access', accessToken, function (err, body, res) {
if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }try { var json = JSON.parse(body); var profile = { provider: 'wordpress' }; profile.id = json.ID; profile.displayName = json.user_nicename; profile.name = json.user_login; profile.emails = [{ value: json.user_email }]; profile._raw = body; profile._json = json; done(null, profile); } catch(e) { done(e); -
Any update on a Wordpress SSO?
-
@Tanner said:
Any update on a Wordpress SSO?
Should be pretty simple to be honest. There's a passport for it. For you, I'll see what I can do.
EDIT: The passport is for Wordpress.com
Damnit.I'm going to have to install Wordpress and look through a few plugins.
-
Hey Everyone,
I know this thread is a bit old but I thought I would chime in here being the developer of the WP OAuth Server plugin you mention here.
@Tanner I recently published the OAuth client plugin for WordPress. If you are still interested, you can visit https://wp-oauth.com. The plugin is a premium plugin but is very reasonable.
To everyone else, I am not familiar with the platform you are using but I do have a very good understanding of security, authentication via WordPress and core of WP OAuth Server. I am open to helping where ever I can. If anyone needs a hand, shoot me an email, reply back here or submit a support request either on at https://wp-oauth.com or the WP forums.
Looking forward to helping where I can.
-
@Justin-P-Greer Very cool to have you here. Welcome!
Poor @raul has been waiting months for this, and I promised to help him out but I ended up getting very sidetracked by other issues with NodeBB.
As long as your WP plugin can establish a standard OAuth2 endpoint, we can probably build something against it.
-
The plugin uses the "oauth/authorize" and "oauth/token" for authorization. This is to spec for OAuth2. Now as far as the resource API, there is no spec given as long as the acess token is given. Current the endpoint for the user resource is "/oauth/me?access_token=xxx". The "me" endpoint is there by default and returns basic information about the user from WP user meta fields. It can be modified very easier using WP filters.
You can visit the documentation or just shoot me an email if you need anything.
-
I'm interested in this too. Was exactly thinking about using your wp plugin to achive the mentioned functionality. What a coincidence.
-
I'll have a quick look through some plugins now.
