SSO consumer

frankfrankly

Hello, has anyone configured NodeBB to consume an SSO service, oauth2, or other, other than facebook or google integration. We have a website and CMS that can be an sso provider, and want users on the site to not have to re-auth when using the forum. thx

julian

The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

Luckily, it's quite straightforward to get things working with OAuth2!

The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

Once everything is working properly, you should be able to register and log in/out via your web app.

zerefel

Right now I'm also working on creating an OAuth2 endpoint for my app to try and connect NodeBB with it. I will be glad if you share your progress, @frankfrankly!

Danny McWilliams

I'd like to do this @julian - is it as simple as installing it on the server and modifying the SSO plugin?

Never tried OAuth before, I'd like to use it on our NodeBB & Wordpress installs.

zerefel

@Danny-McWilliams If you're speaking about the NodeBB setup to use the endpoint - it's extremely easy. However, the endpoint can be kinda tricky.

The flow for the plugin for the forum is:

1. You fork the plugin
2. You provide information about your OAauth/OAuth2 Endpoint in the plugin source file (library.js)
3. You tell the plugin exactly how to access the user data returned from the endpoint (which properties hold which values)
4. Test.

markcarey

I am interested in SSO as well. I have seen several threads that mention the "how to" as described by @julian above, but haven't yet seem any real world examples or replies from folks who have done it. I would be great to hear some such examples.

(We are trying to make a decision between nodeBB and Discourse. I like what I am learning about nodeBB so far, but SSO may be important for us. Looking for some added confidence that we'd be able to get an Oauth2 endpoint setup on our app, which is powered by node)

julian

The difficult part about OAuth2, and why we can't get a "one size fits all" solution, is because everybody's API is different. That's why you need to modify the plugin to use the correct URLs for the OAuth endpoints and for the User API.

Secondly, everybody's user API is different. Where one may use username, another may use handle, or nickname. That's why it needs to be customised to fit each and every install.

Perhaps a blog post may help?

zerefel

@markcarey I created an OAuth2 endpoint on my website from scratch and made NodeBB utilize it successfully. It was the first time I engaged in such an endeavour and it wasn't easy!
I followed the examples provided in the OAuth2orize plugin's github.

Besically all you have to do is swap out the local db they use and implement your db logic. Also use some sort of UID generator for client ids/secrets.

If you have that done and are able to successfully authorize with some tool, for example Postman or the Google OAuth Playground it should be pretty straightforward from there to setup the NodeBB SSO OAuth plugin to fit your website.