Shared authentication support?
-
Looking to integrate NodeBB with our main website (www.example.com). Can NodeBB recognise accounts that have already been authenticated on the website? If so, how?
The NodeBB will be hosted on the same server but on a different subdomain (forum.example.com)?
The site is built on the java platform. It uses Spring Security and MySql Database.
-
The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.
Luckily, it's quite straightforward to get things working with OAuth2!
The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.
Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.
Once everything is working properly, you should be able to register and log in/out via your web app.