Logging in programmatically from another application

General Discussion
  • I have an application with a local sign up and login with nodebb as the forum.

    I am able to sign up users and log them in but when I click on the link that directs me to nodebb forum, the users are not signed on. The response I get from the server is all ok only it says that status is offline.

    I expected that the once the user is signed on, he should stay signed on till his session expires. I don't know what I am doing wrong and I don't understand how a user is logged on yet not logged on.

  • Ah, looks like you started a new topic, good.

    Response as before:

    The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

    Luckily, it's quite straightforward to get things working with OAuth2!

    The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

    Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

    Once everything is working properly, you should be able to register and log in/out via your web app.

  • @julian thanks for the prompt response. I will try it out.

  • Hi guys
    I have created a new project using nodejs, i have given a reference link of nodeBB forum but still it asks for a login to nodeBB
    My question is how to login using my existing username and password to nodebb,can anyone tell me in which file i have to change or add something

  • @Nitin-Jadhav Please read my above post.

  • @julian i already installed auth0 plugin but still it asks for login , also created a jsonwebtoken

  • Hi @julian I have been working on this for almost a full day. I have written my oath2orize endpoints and added the constants in the plug in as shown below

    check my next post for my oauth2orize codes

    and a snippet of my library for the plugin

    var constants = Object.freeze({
    		type: 'oauth2',	// Either 'oauth' or 'oauth2'
    		name: 'create-and-login-user',	// Something unique to your OAuth provider in lowercase, like "github", or "nodebb"
    		oauth: {
    			requestTokenURL: '',
    			accessTokenURL: '',
    			userAuthorizationURL: '',
    			consumerKey: '',
    			consumerSecret: ''
    		oauth2: {
    			authorizationURL: 'http://localhost:3000/api/oauth2/authorize',
    			tokenURL: 'http://localhost:3000/api/oauth2/token',
    			clientID: 'nodeBB_logIn',
    			clientSecret: 'change_this_later'
    		userRoute: 'http://localhost:3000/api/oauth2/users'	// This is the address to your app's "user profile" API endpoint (expects JSON)

    When I click on the link to nodebb nothing happens. I want to know does nodebb make a get request when I click on the link after installing the plug-in. I am a bit confused now.

    I have checked my codes with postman and everything is working fine. Nodebb does not log the output for me to see my results everytime.

  • any chance @julian or someone else who has done this would help push me the right direction.

    I think I am doing everything right but there is no message whatsoever on nodebb's log to see if I am mistaken.

    PS: I just noticed something that could be causing problems for me. What is the name required supposed to do. I noticed it is being used in strategies.push from my understanding of how this works: nodebb makes a call to my authorization end point and I check if the client is correct and grant it an access code, it then visits my token end point and exchanges this access code for a token. I take it to the user end point and hands it my users credentials to log in. I think I am wrong since it is not working.

     // Register authorization code grant type
            server.grant(oauth2orize.grant.code(function(client, redirectUri, user, ares, callback) {
              // Create a new authorization code
              var code = new Code({
                value: uid(16),
                clientId: client._id,
                redirectUri: redirectUri,
                userId: user._id
              // Save the auth code and check for errors
              code.save(function(err) {
                if (err) { return callback(err); }
                callback(null, code.value);
            // Exchange authorization codes for access tokens
            server.exchange(oauth2orize.exchange.code(function(client, code, redirectUri, callback) {
                console.log(client, code, redirectUri)
              Code.findOne({ value: code }, function (err, authCode) {
                if (err) { return callback(err); }
                if (authCode === undefined) { return callback(null, false); }
                if (client._id.toString() !== authCode.clientId) { return callback(null, false); }
                //if (redirectUri !== authCode.redirectUri) { return callback(null, false); }
                // Delete auth code now that it has been used
                authCode.remove(function (err) {
                  if(err) { return callback(err); }
                  // Create a new access token
                  var token = new Token({
                    value: uid(256),
                    clientId: authCode.clientId,
                    userId: authCode.userId
                  // Save the access token and check for errors
                  token.save(function (err) {
                    if (err) { return callback(err); }
                    callback(null, token);
            setCodes = function(client, user, redirectUri, Code){
                var code = new Code();
                    code.value = uid(16),
                    code.clientId = client.id,
                    code.userId = user._id
                code.save(function(error, success){
                        console.log(Code.find({}), 'I ran hered', code, error);
                //Code.find({}, function(error, success){if(success){console.log(success, "george")}});
            module.exports.authorization = [
                server.authorization(function(clientId, redirectUri, callback) {
                    Client.findOne({ id: clientId }, function (err, client) {
                      if (err) { console.log("I ran herea");return callback(err); }
                      return callback(null, client, redirectUri);
                  }, function (client, user, redirectUri, done) {
                    setCodes(client, user, redirectUri, Code);
                        clientId: client.id,
                        userId: user._id
                    }, function (err, codes) {
                        if (err) { console.log("second"); return done(err); }
                        if (codes.length > 0) {
                            return done(null, true);
                        } else {
                            console.log('I ran here fourth');
                            return done(null,false);
            // Application client token exchange endpoint
            module.exports.token = [
            module.exports.getNodebbUsers = function(req, res){
                Token.find({value : req.body.token}, function(error, user){
                    userId = user[0].userId;
                        User.find({_id : userId}, function(error, user){
                                    username : user[0].userName,
                                    email : user[0].email,
                                    id : user[0]._id
                            } else {

    btw this is my code above. I could do with some help seeing I have pushed myself to the limit.

    Why does the callback uri have callback appended to its name and should this be an endpoint in my app?

    I also intend posting my solutions once this starts working to save someone the wasted hours I spent reading, debugging and hacking my codes.

  • @jewa name is something unique, as the comment indicates. For example, if your site is "Example Widgets and Stuff", use something like example.

    When the end user clicks on the link in the login/registration page, it should send them to /auth/example (if example was the name, as above), which would redirect them to the authorizationURL as defined in your plugin.

    From there, it's up to your site to send them back with the proper token or code.

  • @julian I see. I thought all the user needed to do was to log in on my site and when he clicks on the forum link on my website there would be a handshake between my website and nodebb and then sign him on. I didn´t know he had to click on the log in/register link on nodebb.

    I still have some questions though:

    1. So I have to make a page and endpoint for /auth/example right? I believe oauth2orize would be responsible for the redirection.

    2. I read your code and you always append callback if I am to make an endpoint or page it would never be executed because I would have /auth/example whilst the plugin would contain /auth/example/callback.

    I think the process is a bit clearer to me right now. I have been programming javascript and node for about 3 months which is not much admittedly but this is hands down the most complicated thing I have come across as I don't have a full grasp of the whole process and it has very little to do with your programming skills imo and more to do with how much you understand libraries and all.

  • @jewa so I am getting there. I finally noticed a button- alternative registration/log in.

    I clicked it and hurrah I got an error that should help at last:

    https://www.dropbox.com/s/hm711i99iex4v1x/Screenshot 2017-02-13 21.57.07.png?dl=0

    It still has to do with the call back uri. I really don't know what to do next since the url points to nodebb and not to me so I can't create an endpoint or something.

    I am not so sure but I have a little idea of what my problem is but even at that I don't know how to solve it. I traced the error logs to an oauth2 file and it requests that the page returns between 200 and 299 status code but mine is returning 500. How can I return 200 when the link is not on my site. I am really getting confused.

  • @julian this is to hoping you'd help me complete this hurdle. As shown in the picture, I am getting the code but I don't know what to make of the error I am getting. I tried to deploy nodebb on Heroku since the error could possibly be because I am using local host but I ran into other issues with nodebb crashing on Heroku and that is like opening two battle fronts needlessly. I think I would proceed one step at a time.

    Like I said, when I run my authorizationUrl on my browser, it gives an error 401 with the grant code. The resource I saw online said this was perfectly normal. If I copy the code and make a post request for my token on PostMan, it exchanges the code for a token and then I complete by posting to my user endpoint to get user details so I think the whole process is working and possibly I am just one correction away from saving you the stress of having to answer someone else trying to do this on node js because as I mentioned earlier, I will write down what worked for me and the resources I used.

  • @julian I have been patiently waiting for a response. However, I tried to install nodebb on heroku. It was a painful process but I came to my wits ends when I got to the launch page. It says congratulations your nodebb has been setup but won't get past that page. It returns a 404 error whilst making a get request for /admin.

    Here are the logs

    2017-02-16T04:21:11.458766+00:00 app[web.1]:
    2017-02-16T04:21:11.458782+00:00 app[web.1]: Starting NodeBB
    2017-02-16T04:21:11.458916+00:00 app[web.1]: "./nodebb stop" to stop the NodeBB server
    2017-02-16T04:21:11.458977+00:00 app[web.1]: "./nodebb log" to view server output
    2017-02-16T04:21:11.459020+00:00 app[web.1]: "./nodebb restart" to restart NodeBB
    2017-02-16T04:21:11.464363+00:00 app[web.1]: (node:4) DeprecationWarning: Calling an asynchronous function without callback is deprecated.
    2017-02-16T04:21:11.464621+00:00 app[web.1]: (node:4) DeprecationWarning: Calling an asynchronous function without callback is deprecated.
    2017-02-16T04:21:11.466271+00:00 app[web.1]: TypeError: Cannot read property 'apply' of undefined
    2017-02-16T04:21:11.466272+00:00 app[web.1]: at /app/node_modules/async/lib/async.js:760:22
    2017-02-16T04:21:11.466273+00:00 app[web.1]: at /app/node_modules/async/lib/async.js:166:37
    2017-02-16T04:21:11.466274+00:00 app[web.1]: at /app/node_modules/async/lib/async.js:718:13
    2017-02-16T04:21:11.466274+00:00 app[web.1]: at async.forEachOf.async.eachOf (/app/node_modules/async/lib/async.js:233:13)
    2017-02-16T04:21:11.466275+00:00 app[web.1]: at _parallel (/app/node_modules/async/lib/async.js:717:9)
    2017-02-16T04:21:11.466276+00:00 app[web.1]: at Object.async.parallel (/app/node_modules/async/lib/async.js:731:9)
    2017-02-16T04:21:11.466277+00:00 app[web.1]: at launch (/app/install/web.js:121:8)
    2017-02-16T04:21:11.466277+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    2017-02-16T04:21:11.466278+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:131:13)
    2017-02-16T04:21:11.466279+00:00 app[web.1]: at Route.dispatch (/app/node_modules/express/lib/router/route.js:112:3)
    2017-02-16T04:21:11.996384+00:00 heroku[web.1]: Process exited with status 0
    2017-02-16T04:21:12.007390+00:00 heroku[web.1]: State changed from up to crashed
    2017-02-16T04:21:12.340823+00:00 heroku[router]: at=error code=H10 desc="App crashed" method=GET path="/admin" host=xxx.herokuapp.com request_id=eb7cf3c5-60db-47a6-ba5f-11685c6d62a2 fwd="" dyno= connect= service= status=503 bytes=

  • @jewa what Node version? Try Node 6 if you're on a newer version.

  • @PitaJ I am on node 6.9.2. I will uninstall that and install node 6.0.0.

    Update I have tried it still returns the same error.

  • @jewa you shouldn't need to downgrade then. Any version of Node 6.x.x should work.

  • @jewa That error doesn't seem related to logging in programmatically... sounds like you have a plugin or theme installed that relies on async v1... are you on the develop branch?

  • @julian I am on nodebb version 1.4.3 not sure if that is develop branch as I am not so good with git. Yes it is not related. I just wanted to isolate the cause of my failure to log in programmatically by hosting on Heroku and trying it from there.

    I followed the steps here: https://community.nodebb.org/topic/9049/getting-nodebb-and-plugins-setup-with-heroku-and-mongodb

    and then modified web.js line 34 inside the install folder to port = process.env.PORT || port; Otherwise, it would load at port 4567 which was always failing. I think I also added process.env.PORT to line 145 in loader.js but I don't think that changed anything much. It only started nodebb when I modified web.js

  • @julian @pitaJ So I burnt the whole thing down. Cloned version 1.3.0 and re-installed. It broke down without modifying web.js so I modified it and it gave me the same error as before. What do I do?

  • Do not use Heroku as that is not a standard deployment environment for us.

Suggested Topics

  • 0 Votes
    1 Posts


    In settings I have session time set for 14 days.
    But many users have a problem that they are being logged out every day.
    I also need to log in every single day.

    Where I can look for the issue ?

  • 0 Votes
    2 Posts

    @kratos97 Just FYI, we can't see the errors you mentioned in your post. Perhaps it wasn't attached?

  • 0 Votes
    1 Posts

    Hi everyone,
    I use the sso plugin with wordpress and find it cannot log out at the same time. So I found that way. It might a little bit dangerous because it just delete cookie. Is there any other way to log out at same time?

    This is my way to logout

    Logout wordpress -> Delete Cookie of NodeBB -> return to nodebb homepage

    Step 1: create this php file under wordpress dir

    <?php require( dirname(__FILE__) . '/wp-load.php' ); wp_logout(); setcookie("express.sid", FALSE, time()-YEAR_IN_SECONDS, '', "~~FORUM_COOKIE_DOMAIN~~"); header("Location: http://~~FORUM_COOKIE_DOMAIN~~/"); exit;

    Step 2 : make NodeBB can access this file when logout
    When we logout form NodeBB, it send us to /logout and a string.
    So I use the nginx as proxy server to access php files. here is my config file of nginx

    location ~ .*\.php$ { rewrite ^/(.*) /$1 break; proxy_pass http://localhost:82; proxy_buffer_size 128k; proxy_buffers 32 32k; proxy_busy_buffers_size 128k; } location / { rewrite /logout http://~~~FORUM_DOMAIN~~~/logoutbbs.php break; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://io_nodes; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }
  • Another Problem

    General Discussion
    0 Votes
    1 Posts

    When I try to upload my picture it says "this most likely means the gm/convert binaries can't be found"

  • 0 Votes
    6 Posts

    @babaggeii The write API would contain support for API keys (and later on, access tokens), so there are plans to allow the write API to expose user-specific routes using the same user auth system as well.