Cross login



  • Hi all and compliments for NodeBB.
    I would connect the nodebb login system with the login of one of my web application.
    How can i do a SSO through applications and nodeBB?

    Thanks in advance


  • Plugin & Theme Dev

    @Paolo You might be interested by this OAuth SSO plugin


  • Admin

    Note that this plugin is only a basic skeleton! It allows you to connect to an oauth provider, but stops short of registering/login, as each provider handles user data differently. You'll have to fork it, install it, and play around with it to finish it off 🙂



  • @julian said:

    Note that this plugin is only a basic skeleton! It allows you to connect to an oauth provider, but stops short of registering/login, as each provider handles user data differently. You'll have to fork it, install it, and play around with it to finish it off 🙂

    Hello Julian,

    I had tried to install this plugin and play around with it. However, I can not let it work so far. I'm not sure whether I configure all the things correctly.
    How should I set the 'userProfileUrl'? just a pathname of the userProfile link for nodeBB?
    I tried the plugin with a example oauth2 provider, it fails to get the token.
    And I check the source code of the plugins, I can not found where did you add the two routes for oauth2? '/auth/generic' and '/auth/generic/callback'
    I read in the passport tutorial, these two routes are required for OAuth 2.0 authentication

    app.get('/auth/provider', passport.authenticate('provider'));
    app.get('/auth/provider/callback', 
      passport.authenticate('provider', { successRedirect: '/',
                                          failureRedirect: '/login' }));
    
    

    What do you mean not finish? How should I extend the plugin? e.g., add the routes?


  • Admin

    The userProfileUrl is not set in the oauth skeleton because each provider handles it differently (as it is not part of the spec). E.g. Facebook might use /api/v2/user, whereas Twitter might use /users/{handle}, etc. That value changes depending on your OAuth provider.

    In your case, you'll probably want to use http://ec2-54-252-147-156.ap-southeast-2.compute.amazonaws.com/api/userinfo as the userProfileUrl


  • Admin

    Keep in mind the OAuth SSO plugin is actually a bit outdated (though it should still be backwards compatible) -- I'll have to take a look at it tonight.


  • Admin

    @kevinprotoss Give v0.1.1 of the sso-oauth plugin a try. The README should now contain some instructions as well now.



  • Thanks julian, I understand how should I set the userProfileURL now. I'll give a try. Still a question is how to add these two routes mentioned above?

    According to the passport.js, it's used to make a request for getting the token. Is it not required?


  • Admin

    @kevinprotoss The plugin already handles that for you 👍

    I used the GitHub API to test -- the oauth example you provided did not provide any keys or secrets for me to use, so I couldn't test against it.



  • @julian The keys is 'abc123' and secrets is 'ssh-secret'
    I tried the new version plugin, but I get an error from the new code:
    https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L33
    The settings is undefined.


  • Admin

    Thanks for the report -- update the plugin to v0.1.2 and try again.



  • @julian Great work, it works for me as well.



  • Thanks for yours reply, but this plugin is "allows users to login/register via any configured OAuth provider".
    In my case i don't want deploy an oauth provider only for this task. There is another way? For example a rest service that return to me a session cookie.
    If i can do a curl post to the /login url with user, password and a valid token i solve my problem by adding programmatically the cookie to my session. Obviously to do this i must create a nodebb user programmatically, can i do that?
    I've found this one http://community.nodebb.org/topic/916/shared-authentication-between-two-node-apps-when-using-mongodb#6564



  • @Paolo exactly you are right. I have the same purpose as yours. It's possible to persist the session in MongoDB and share between two node apps. I had tested this ways as well. However, it's quite more difficult than sso solutions, since you need to implement in your node app with all NodeBB User relevant stuff, maybe still groups and others. I tried to do that and it worked already. Now I found it's better to enable sso login and disable nodeBB local login.
    For a simple oauth2 provider, you can find an example in the oauth2orize repository: oauth2 provider
    For the client side, all you want is the plugin which Julian had implemented.



  • @kevinprotoss thanks a lot for your reply, but unfortunately my other app isn't a node app so i can't use oauth2orize. However, i take a cue from your suggestions for a solution.



  • @Paolo there are oauth2 provider written in php and many other languages. have you find any solution for your problem?


 

| |

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.