@julian I see. Well I'm trying to basically port Vanilla's plugin to Nodebb, but I'm not sure if I'll be able to so it'd be cool if you devs had some official, simpler solution like it.
Vanilla's is really easy. You give it the url for your registration and login page, and a url where it expects JSON to return for a users name, email, etc if they're logged in. If they're logged in, it creates a Vanilla forum user for them if one doesn't already exist. If they already on, it just logs them in normally as if they typed in their username and password on the Vanilla forums.
So no matter what auth system you use, you can use your own API to output the JSON it wants, so long as the client-id and secret key supplied matches up as well. I have my own accounts system and it took me like <1 hour to read the documentation for how to set it up with Vanilla's and do a custom implementation.
Reading the oauth plugins on the other hand, I'm rather clueless on what I need to do to make it work for my own, and what I need on my own site's end of things. Like looking at the BNET plugin, I can't figure out what "clientID: process.env.BNET_ID" and "clientSecret: process.env.BNET_SECRET" are, among other things. It's just too in depth for something that should be simpler.
edit: Actually I see what the process.env are. They're user environment variables. But well, still, the oauth sso is way more complicated than I think a lot of people will want.
Like if I want to replace the profile, I'd rather that have a separate plugin replacing the profile. Not part of the OAuth implementation. I imagine I can just cut that out while forking, but still. I wish there was something as simple as Vanilla's JSONP SSO.
And as I look through more, I'm not seeing why authorizationURL, tokenURL, clientID, clientSecret can't just be on settings pages instead of constants, with an oauth/oauth2 radial.