Facebook sso - essentials

Technical Support
  • hi,
    i am getting into the 'insecure page' error (Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://).

    my setup: nodebb 1.10, latest, behind apache.

    in the config.json url i am using a http://url to which my apache proxy points too. i can't obviously change it to https but how to make the facebook plugin using now the real outer url of my apache server which runs the https perfectly ? the plugin is creating a wrong redirect_url,...

    that all makes no sense, i spent the whole day now bouncing my head against this...


    i already tried all the suggested settings here from the forum,...

  • You should set the url in your config.json to use https, the SSO plugin probably uses the url value from config.json.

  • yeah, i tried that too, https://myurl.com:4567 renders the forum inaccessible since it doesn't return encrypted http, obviously.

  • This post is deleted!
  • @Macrow-Willson said in Facebook sso - essentials:

    yeah, i tried that too, https://myurl.com:4567 renders the forum inaccessible since it doesn't return encrypted http, obviously.

    Not really obviously. The URL in your config.json should be the one you're using publicly. Thus whatever your Apache reverse proxy is configured for. The configuration is used to create the URLs on your site. It has no impact on the actual communication with your reverse proxy.

    My hunch is, you also need to remove that port. Because your Apache reverse proxy probably is providing your site over the standard HTTPS port. So it probably is just https://myurl.com. Also don't change anything about your reverse proxy configuration when you change this url parameter. Your reverse proxy still fetches the forum over HTTP at the port 4567. This has nothing to do with the url parameter.

Suggested Topics

  • 0 Votes
    21 Posts

    @julian A quick (hacky) test seems to work. Ill have a deeper dive tomorrow and see if I encounter any issues. Thanks for the hook pointer. 👍

  • 0 Votes
    2 Posts

    Finally found a topic with good explanation an answers:

    Redirect Notice



    Didn't expect the config.json would influence such requests.

    Kind regards.

  • 0 Votes
    1 Posts


    I am attempting to use the nodebb-plugin-sso-oauth plugin to implement SSO with CAS into my forum.

    We are based on Apereo CAS.

    My CAS is using Oauth2. I have POST methods with urls for request code (authorization), request access token, and request profile.

    I have installed the plugin and set up nconf to use my constants.

    I activated the plugin and refreshed my nodebb forum.

    It is now crashing upon starting and I get the following error.

    24/7 00:37:39 [29650] - error: message=Cannot read property 'length' of undefined, stack=TypeError: Cannot read property 'length' of undefined
    at pathtoRegexp (/root/nodebb/node_modules/path-to-regexp/index.js:63:49)
    at new Layer (/root/nodebb/node_modules/express/lib/router/layer.js:45:17)
    at Function.use (/root/nodebb/node_modules/express/lib/router/index.js:464:17)
    at Function.<anonymous> (/root/nodebb/node_modules/express/lib/application.js:220:21)
    at Array.forEach (<anonymous>)
    at Function.use (/root/nodebb/node_modules/express/lib/application.js:217:7)
    at module.exports (/root/nodebb/src/routes/index.js:139:7)
    at /root/nodebb/src/webserver.js:99:4
    at fn (/root/nodebb/node_modules/async/lib/async.js:746:34)
    at /root/nodebb/node_modules/async/lib/async.js:1213:16
    at /root/nodebb/node_modules/async/lib/async.js:166:37
    at /root/nodebb/node_modules/async/lib/async.js:706:43
    at /root/nodebb/node_modules/async/lib/async.js:167:37
    at Immediate._onImmediate (/root/nodebb/node_modules/async/lib/async.js:1206:34)
    at runCallback (timers.js:810:20)
    at tryOnImmediate (timers.js:768:5)

    My guess is that for some reason, path is being passed as undefined.

    I am stuck and in need of help.

    Please provide feedback or recommendations for how I can implement CAS Single Sign On into my nodebb forum.

    Thank you,

  • 0 Votes
    7 Posts

    @pichalite Thanks. I appreciate the knowledge.

  • 0 Votes
    2 Posts

    Ok, when I switched to using a clustered setup with nginx serving static assets this issue went away.