General OpenID login plugin development

NodeBB Plugins
  • I'm trying to create an OpenID auth login and I need help.

    According to other SSOs and auth plugins there is a difference that there is no need for admin page with api/app key but before going to /auth/openid there is a form required to specify an OpenID identifier (url) so it POSTs to /auth/openid with open_identifier variable set, which might be different for every user.

    I've tried to create an '/auth/openid_form' route and add there a static page with a form (hooked to filter:server.create_routes)

    where the form is:

    <form action="/auth/openid" method="post">
            <label>OpenID identifier:</label>
            <input type="text" name="openid_identifier" size="40" /><br/>
            <input type="submit" value="Sign In"/>

    I can display the form by browsing to /auth/openid_form but when I enter anything I get Error: Forbidden:

    Error: Forbidden
        at Object.exports.error (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/utils.js:60:13)
        at Object.handle (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:41)
        at next (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/proto.js:190:15)
        at next (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/session.js:313:9)
        at /home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/session.js:337:9
        at /home/nodebb/www/nodebb/node_modules/connect-mongo/lib/connect-mongo.js:220:17
        at /home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/collection/query.js:147:5
        at Cursor.nextObject (/home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/cursor.js:733:5)
        at commandHandler (/home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/cursor.js:713:14)
        at /home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/db.js:1806:9

    If I do not fill anything as open_identifier /auth/openid just responds 'Unauthorized' which seems ok to me.

    I am not sure if this is CSRF issue with recent changes in express/connect or if I am doing something wrong.

    Actually, there is another thing... how to add this form into a strategy so it is asked before using passport.auth? I mean, if I push strategy with URL /auth/openid it works fine but I need the link for OpenID login to go to /auth/openid_form first and not call passport.auth on this route and call passport.auth later on /auth/openid

    Tips or any heads up? 🙂

  • Hmm... the "Forbidden" error is definitely a CSRF issue... in StackOverflow, they ask for this during login for OpenID:


    Is this what you're trying to create?

    Ensure you're passing in a hidden input field with id _csrf in your form.

  • @julian thanks. I've fixed the csrf issue.

    another issue appeared 🙂

    I hook the form page on the route /auth/openid_form with action posting to /auth/openid
    also I add the strategy with route /auth/openid

    If I fill the form on /auth/openid_form, it POSTs to /auth/openid, but it returns 302 and redirects to /404 and logs warn: Route requested but not found: /auth/openid

    I've also tested my OpenID provider with passport-openid example from to ensure it is not in provider or my understanding of passport-openid. So it must be my misunderstanding of express and nodebb 🙂

    I'm very confused 😕 🙂

    See library.js -
    and hooks:

      "hooks": [
          "hook": "filter:auth.init", "method": "getStrategy", "callbacked": false
          "hook": "filter:server.create_routes", "method": "addOpenIDLoginRoute", "callbacked": true

    Or here is my whole source code of nodebb-plugin-openid
    (please, It's development prototype. First I'm aiming for working prototype and then I'll revise it to publish it properly)

  • @Tomáš-Simon-Klapka

    When you do finish and release it, I hope it comes bundled with every install.

  • As far as I know there is not an official plugin yet to support OpenID Connect in NodeBB.

    If anyone is still looking for a work-able OpenID Connection option, we've built one for production usage but it should work with any OpenID Connect identity provider.

    • Supports discovery using the .well-known/openid-configuration URL
    • Supports configurable email claim, defaults to email
    • Supports Logout URL
    • Optionally map roles by a named claim provided in the Userinfo endpoint response
    • Documented option to bypass the default login panel

    Feel free to open an issue if you find it is missing anything.

Suggested Topics

  • 1 Votes
    4 Posts

    Hi all, there was a regression that I accidentally introduced into the package manager, which I have resolved now.

    Apologies for the blanked list!

  • 0 Votes
    1 Posts

    I just installed nodebb-plugin-sso-auth0 and created an app at Auth0. After successfull login at Auth0, when redirected, i get the following error. No restart or build helped.
    Any suggesstions for the prorblem?


    Internal Error. Oops! Looks like something went wrong! /auth/auth0/callback undefined
  • 0 Votes
    9 Posts

    Thank you for your quick reply! It was extremely helpful.

    I have added the 1-line fix to map your from_name field to SendGrid's API. I submitted a PR to the nodebb-plugin-emailer-sendgrid GitHub repo, so that hopefully others can benefit too. This is the first time I have submitted a PR to an open source project, so I hope I did the procedure correctly. 🙂

    The 1-line fix works on our installation, and I am now receiving emails which have a proper From name!

  • 1 Votes
    8 Posts

    @Shaun when 0.5.0 is released, their will be full documentation, but the process will be something along the lines of

    git checkout v0.5.x git pull ./nodebb upgrade

    But their will be an announcement about all of that and how to update when it's ready. If you have any other issues with plugins etc, feel free to create a topic. 👍

  • 5 Votes
    78 Posts

    @julian Is it possible to display the search icon in the mobile menu in the sticky title menu, as in all top platforms?