@mark-coniglio hi Mark. At this time I am not aware of any regression with the mentions plugin, which would usually point to some sort of configuration error.
Do you see any errors on the client side, in the browser dev tools?
we want to introduce a customer community forum, and it is important to learn about the enterprise SSO opportunities.
Nothing is decided yet on our side, however the selection of the community forum software should not influence the decision which SSO technology we will use for our own product and other systems we use.
Is there are list of what is supported out of the box by NodeBB or what can be easily extended?
The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.
Luckily, it's quite straightforward to get things working with OAuth2!
The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.
Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.
Once everything is working properly, you should be able to register and log in/out via your web app.