Is there some nodebb-plugin-sso-auth0 user ?

NodeBB Plugins
  • Hello,
    I wish know if there is some nodebb-plugin-sso-auth0 user, to know if this plugin works.
    I restart, rebuild several time, but i have nothing in the GUI menu.


  • Yes , nodebb-plugin-sso-google
    You can find it in plugin section of your admin portal


  • abhinov singh is referencing a different plugin that does SSO with the google's G+ API, but that is not an answer to @remydev's question. The nodebb-plugin-sso-auth0 plugin is used by the Antergos nodeBB forum: forum$antergos$com replacing '$' with '.' because the link was getting my post flagged as spam. Someone from their side is also the author of the plugin. I've been trying to get it to work myself with no luck yet but if you go to login on their page you can experience it working. Maybe we should raise some issues on the github page. I do see it in the GUI menu though, you can both install it and activate it from the GUI, I'm getting an error at the callback stage.

  • @Khalid-Kunji I am not the author of the plugin, although maybe I can help debug? Let me know what the callback error is...

  • The "./nodebb log" output is :
    AUTH0 ERROR - ENO-010: {"profile":{"name":{},"_json":{},"_raw":"{}"}}
    2018-04-30T08:27:48.885Z [19343] - error: /auth/auth0/callback

    The UI shows this text:
    Internal Error.

    Oops! Looks like something went wrong!



    And looking at network traffic with Firefox I see several 302s and a 500 error. I suppose it might be getting stripped somewhere there. I do have the Google SSO plugin working though, so I suppose that data should pass through the Nginx reverse proxies?

  • Hm... usually the callback is meant to contain some query parameters (such as code...) wonder where that went. Honestly if there's nothing else in terms of a server-side error or stack trace, then that's not much to go on...

  • @julian Actually, I see a code parameter in the one that receives a 500 response from the page.

    code someletters
    state longersletters+symbols

    So I went to the Antergos forum and tried logging in there as well to watch the network, in their case they don't have the state parameter and don't get a 500 response, they have only the code parameter in this part.

  • @julian So my site receives "https$mysite$site$com/auth/auth0/callback?code=letternumberjumble&state=letternumbersymboljumble" and responds with a 500.

    while their site gets "https$forum$antergos$com/auth/auth0/callback?code=letternumberjumble"

    $ being replaced with the obvious things because the spam defense doesn't let me post things that seem like links yet.

    If I remove the state I can at least get some better feedback from the backend, though it complains the callback code is wrong (probably because it needs to happen in that first response directly, at least I assume it shouldn't work if merely resent/spoofed later).

    2018-05-01T15:30:53.594Z [26584] - error: /auth/auth0/callback
    TokenError: Invalid authorization code
    at Strategy.OAuth2Strategy.parseErrorResponse (/data/node_BB/nodebb/node_modules/passport-oauth2/lib/strategy.js:329:12)
    at Strategy.OAuth2Strategy._createOAuthError (/data/node_BB/nodebb/node_modules/passport-oauth2/lib/strategy.js:376:16)
    at /data/node_BB/nodebb/node_modules/passport-oauth2/lib/strategy.js:166:45
    at /data/node_BB/nodebb/node_modules/oauth/lib/oauth2.js:191:18
    at passBackControl (/data/node_BB/nodebb/node_modules/oauth/lib/oauth2.js:132:9)
    at IncomingMessage.<anonymous> (/data/node_BB/nodebb/node_modules/oauth/lib/oauth2.js:157:7)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)

    Don't spend time on it for now, I'll see if I can use a rule on the auth0 site to not send back the state and I'll report back if that works or not.

  • @khalid-kunji did u get this working? I am getting the same error.

Suggested Topics