Community

General OpenID login plugin development

NodeBB Plugins
  • Tomáš Simon KlapkaT

    I'm trying to create an OpenID auth login and I need help.

    According to other SSOs and auth plugins there is a difference that there is no need for admin page with api/app key but before going to /auth/openid there is a form required to specify an OpenID identifier (url) so it POSTs to /auth/openid with open_identifier variable set, which might be different for every user.

    I've tried to create an '/auth/openid_form' route and add there a static page with a form (hooked to filter:server.create_routes)

    where the form is:

    <form action="/auth/openid" method="post">
    <div>
        <label>OpenID identifier:</label>
        <input type="text" name="openid_identifier" size="40" /><br/>
    </div>
    <div>
        <input type="submit" value="Sign In"/>
    </div>
</form>

    I can display the form by browsing to /auth/openid_form but when I enter anything I get Error: Forbidden:

    Error: Forbidden
    at Object.exports.error (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/utils.js:60:13)
    at Object.handle (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:41)
    at next (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/proto.js:190:15)
    at next (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/session.js:313:9)
    at /home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/session.js:337:9
    at /home/nodebb/www/nodebb/node_modules/connect-mongo/lib/connect-mongo.js:220:17
    at /home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/collection/query.js:147:5
    at Cursor.nextObject (/home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/cursor.js:733:5)
    at commandHandler (/home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/cursor.js:713:14)
    at /home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/db.js:1806:9

    If I do not fill anything as open_identifier /auth/openid just responds 'Unauthorized' which seems ok to me.

    I am not sure if this is CSRF issue with recent changes in express/connect or if I am doing something wrong.

    Actually, there is another thing... how to add this form into a strategy so it is asked before using passport.auth? I mean, if I push strategy with URL /auth/openid it works fine but I need the link for OpenID login to go to /auth/openid_form first and not call passport.auth on this route and call passport.auth later on /auth/openid

    Tips or any heads up? 🙂

    2
  • julianJ

    Hmm... the "Forbidden" error is definitely a CSRF issue... in StackOverflow, they ask for this during login for OpenID:

    Selection_004.png

    Is this what you're trying to create?

    Ensure you're passing in a hidden input field with id _csrf in your form.

    Tomáš Simon KlapkaT 1 Reply
    0
  • Tomáš Simon KlapkaT

    @julian thanks. I've fixed the csrf issue.

    another issue appeared 🙂

    I hook the form page on the route /auth/openid_form with action posting to /auth/openid
    also I add the strategy with route /auth/openid

    If I fill the form on /auth/openid_form, it POSTs to /auth/openid, but it returns 302 and redirects to /404 and logs warn: Route requested but not found: /auth/openid

    I've also tested my OpenID provider with passport-openid example from https://github.com/jaredhanson/passport-openid/tree/master/examples/signon to ensure it is not in provider or my understanding of passport-openid. So it must be my misunderstanding of express and nodebb 🙂

    I'm very confused 😕 🙂

    See library.js - http://pastebin.com/HX0MNbmM
    and hooks:

      "hooks": [
    {
      "hook": "filter:auth.init", "method": "getStrategy", "callbacked": false
    },
    {
      "hook": "filter:server.create_routes", "method": "addOpenIDLoginRoute", "callbacked": true
    }

    Or here is my whole source code of nodebb-plugin-openid
    (please, It's development prototype. First I'm aiming for working prototype and then I'll revise it to publish it properly)

    F 1 Reply
    0
  • F

    @Tomáš-Simon-Klapka

    When you do finish and release it, I hope it comes bundled with every install.

    0
  • robotdanR

    As far as I know there is not an official plugin yet to support OpenID Connect in NodeBB.

    If anyone is still looking for a work-able OpenID Connection option, we've built one for production usage but it should work with any OpenID Connect identity provider.

    • Supports discovery using the .well-known/openid-configuration URL
    • Supports configurable email claim, defaults to email
    • Supports Logout URL
    • Optionally map roles by a named claim provided in the Userinfo endpoint response
    • Documented option to bypass the default login panel

    Feel free to open an issue if you find it is missing anything.
    https://github.com/FusionAuth/nodebb-plugin-fusionauth-oidc

    1

Suggested Topics

  • V

    I can't find my installed plugins.

    NodeBB Plugins
    0 Votes
    4 Posts
    1606 Views
    V

    @insuusvenerati I tried multiple plugins and none of the are showing up. I am activating them after install.

  • DoppyD

    The script doesn't work until I refresh the page[Nodebb-plugin]

    NodeBB Plugins
    0 Votes
    2 Posts
    983 Views
    yariplusY

    This is because the form element doesn't exist when you initially load the page.

    Use the event selector on the body element to grab the form dynamically.

    $('body').on('input', '#email', function() { console.log("IN"); $.ajax({ url:'....', data: { 'email_input': $(this).val() }, success: function(data) { } }); });
  • NicolasN

    [nodebb-plugin-ns-slugify] NS Slugify

    NodeBB Plugins
    2 Votes
    5 Posts
    2670 Views
    NicolasN

    @leksar you can discard changes (git checkout -- .) before switching to the another branch (master) or you can stash them, and pop stash changes after branch switch. Anyway, It's to early for master switch, some changes are part of active pull request.

    As I understand, this plugin will be fully supported by future 0.7.1 release of the NodeBB.

  • A

    The Plugin Ideas Topic

    NodeBB Plugins
    1 Votes
    27 Posts
    8885 Views
    scottalanmillerS

    @Tanner said in The Plugin Ideas Topic:

    XMPP integration with chat (have the protocol be tied to an XMPP server)

    I still really want this one. Or integration to Rocket would be even better.

  • tedr56T

    [nodebb-plugin-soundcloud] SoundCloud embed plugin

    NodeBB Plugins
    3 Votes
    42 Posts
    19199 Views
    rbeerR

    Well, again: that's odd.

    Try to

    run ./nodebb dev, visit the ACP and deactivate both soundcloud plugins restart nodeBB (click the little popup in upper right corner, after disabling plugins) wait for nodeBB to be up again enable only one of the soundcloud plugins.

    If that still doesn't do the trick, you might want to update all plugins with the "update" button in the ACP. You have a lot warnings, regarding outdated plugins. If that again does nothing, my last two cents would be to deactivate those outdated plugins to see if they cause any trouble.

Copyright © 2023 NodeBB | Contributors