Cross login
-
@Paolo You might be interested by this OAuth SSO plugin
-
Note that this plugin is only a basic skeleton! It allows you to connect to an oauth provider, but stops short of registering/login, as each provider handles user data differently. You'll have to fork it, install it, and play around with it to finish it off
-
@julian said:
Note that this plugin is only a basic skeleton! It allows you to connect to an oauth provider, but stops short of registering/login, as each provider handles user data differently. You'll have to fork it, install it, and play around with it to finish it off
Hello Julian,
I had tried to install this plugin and play around with it. However, I can not let it work so far. I'm not sure whether I configure all the things correctly.
How should I set the 'userProfileUrl'? just a pathname of the userProfile link for nodeBB?
I tried the plugin with a example oauth2 provider, it fails to get the token.
And I check the source code of the plugins, I can not found where did you add the two routes for oauth2? '/auth/generic' and '/auth/generic/callback'
I read in the passport tutorial, these two routes are required for OAuth 2.0 authenticationapp.get('/auth/provider', passport.authenticate('provider')); app.get('/auth/provider/callback', passport.authenticate('provider', { successRedirect: '/', failureRedirect: '/login' }));What do you mean not finish? How should I extend the plugin? e.g., add the routes?
-
The
userProfileUrlis not set in the oauth skeleton because each provider handles it differently (as it is not part of the spec). E.g. Facebook might use/api/v2/user, whereas Twitter might use/users/{handle}, etc. That value changes depending on your OAuth provider.In your case, you'll probably want to use
http://ec2-54-252-147-156.ap-southeast-2.compute.amazonaws.com/api/userinfoas theuserProfileUrl -
Thanks julian, I understand how should I set the userProfileURL now. I'll give a try. Still a question is how to add these two routes mentioned above?
According to the passport.js, it's used to make a request for getting the token. Is it not required?
-
@julian The keys is 'abc123' and secrets is 'ssh-secret'
I tried the new version plugin, but I get an error from the new code:
https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L33
The settings is undefined. -
Thanks for yours reply, but this plugin is "allows users to login/register via any configured OAuth provider".
In my case i don't want deploy an oauth provider only for this task. There is another way? For example a rest service that return to me a session cookie.
If i can do a curl post to the /login url with user, password and a valid token i solve my problem by adding programmatically the cookie to my session. Obviously to do this i must create a nodebb user programmatically, can i do that?
I've found this one http://community.nodebb.org/topic/916/shared-authentication-between-two-node-apps-when-using-mongodb#6564 -
@Paolo exactly you are right. I have the same purpose as yours. It's possible to persist the session in MongoDB and share between two node apps. I had tested this ways as well. However, it's quite more difficult than sso solutions, since you need to implement in your node app with all NodeBB User relevant stuff, maybe still groups and others. I tried to do that and it worked already. Now I found it's better to enable sso login and disable nodeBB local login.
For a simple oauth2 provider, you can find an example in the oauth2orize repository: oauth2 provider
For the client side, all you want is the plugin which Julian had implemented. -
@kevinprotoss thanks a lot for your reply, but unfortunately my other app isn't a node app so i can't use oauth2orize. However, i take a cue from your suggestions for a solution.
