Does NodeBB provide support for a user database other than the one it builds in mongo? How would I integrate NodeBB with Keycloak?

David Sargrad

Maybe I misconfigured the redirect URI in the keycloak client:

David Sargrad

Yet that seemed to be the one to use..

julian

@David-Sargrad You're seeing a 500 error, which means it's the right URL but something happened on the backend. If it was the wrong URL it'd be a 404

If you modify a backend file, you have to restart NodeBB (but you don't have to rebuild). The files are cached (by Node.js) so you need to restart NodeBB so the cache is empty.

David Sargrad

i see.. for some reason the console.log didnt go to the console.. that said.. i'm at the breakpoint where the console.log is ...
This is my payload object:

julian

Nice. It's the @... you'll want to have Keycloak send a username, not the email.

David Sargrad

I see.. You are too good!

SO the @ in the handle is problematic?

julian

Yeah, I'm not immediately certain why @ was omitted, but this is an excerpt of the expression that defines what characters are allowed:

'" \-+.*[\]0-9\u00BF-\u1FFF\u2C00-\uD7FF\w

Some symbols, numbers, letters, and select unicode ranges. Gone are the days when the expression used to be ^\w+$

David Sargrad

I see.. Now to see if Keycloak allows me to modify that.. I'd assume so.

David Sargrad

any idea why the console.log didnt actually go to the console? odd .. since the code seems to be there.

julian

No clue... but if the breakpoint works, then just use that. console.log debugging is for simpletons like myself anyway right

It's like bringing a club to a gun fight.

David Sargrad

Heh.. yea.. i love to single step debug when its an option.. gives quick insights into code design

David Sargrad

@julian Success!! I logged in with a new account: handle poodle

Works with keycloak so far!!

David Sargrad

What defines this convention? Is this an OAuth2 convention on the handle restriction?

'" -+.*[]0-9\u00BF-\u1FFF\u2C00-\uD7FF\w

julian

Nope, it's NodeBB specific based on what we've seen and decided to allow over time.

David Sargrad

I see.. well awesome Julian.. so far so good.

David Sargrad

Now that I've verified that a user registered in Keycloak can login to nodebb properly, what API call can I make to automatically log that user in, when that user successfully logs in to our application?

julian

Hmm, easiest would just be a custom bit of js to check app.user and redirect them to the appropriate /auth/keycloak endpoint if it is null.

It would mean guests get redirected too though.

julian

The thing about SSO is that it's being used as an authenticator (or is it an authorizer? I always get them confused). So we can't really automatically log the user in because we don't know they're logged in on your end.

However, something custom could be built, whereby if we detect a specific cookie, then the redirection happens? That'd be outside the scope of the plugin, however.

David Sargrad

@julian i've discussed the limitation that says @ is not a proper username character with my team. We literally have requirements from our customer that say an email address must be a username. Would you guys be open to implementing a change, and allowing @? We are hoping that you see this as a sensible nodebb modification.

julian

Discussing internally, but to my knowledge there no explicit reason @ was excluded, so including it should not be an issue.