As an addendum, I'm not going to lie, configuring an OAuth2 provider is rage-inducing. You may want to consider a "login-override" instead, which would allow you to verify user credentials via the username/password login box on NodeBB, effectively bypassing NodeBB's username/password check in favour of your own: