Facebook sso - essentials

Technical Support
  • hi,
    i am getting into the 'insecure page' error (Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://).

    my setup: nodebb 1.10, latest, behind apache.

    in the config.json url i am using a http://url to which my apache proxy points too. i can't obviously change it to https but how to make the facebook plugin using now the real outer url of my apache server which runs the https perfectly ? the plugin is creating a wrong redirect_url,...

    that all makes no sense, i spent the whole day now bouncing my head against this...


    i already tried all the suggested settings here from the forum,...

  • You should set the url in your config.json to use https, the SSO plugin probably uses the url value from config.json.

  • yeah, i tried that too, https://myurl.com:4567 renders the forum inaccessible since it doesn't return encrypted http, obviously.

  • This post is deleted!
  • @Macrow-Willson said in Facebook sso - essentials:

    yeah, i tried that too, https://myurl.com:4567 renders the forum inaccessible since it doesn't return encrypted http, obviously.

    Not really obviously. The URL in your config.json should be the one you're using publicly. Thus whatever your Apache reverse proxy is configured for. The configuration is used to create the URLs on your site. It has no impact on the actual communication with your reverse proxy.

    My hunch is, you also need to remove that port. Because your Apache reverse proxy probably is providing your site over the standard HTTPS port. So it probably is just https://myurl.com. Also don't change anything about your reverse proxy configuration when you change this url parameter. Your reverse proxy still fetches the forum over HTTP at the port 4567. This has nothing to do with the url parameter.

Suggested Topics

  • 0 Votes
    5 Posts

    @dunlix yes in my settings as in the image. I rebuilt after saving the settings.

    I don't know how to set up in this forum but the same problem exists here.


  • 0 Votes
    1 Posts


    I am attempting to use the nodebb-plugin-sso-oauth plugin to implement SSO with CAS into my forum.

    We are based on Apereo CAS.

    My CAS is using Oauth2. I have POST methods with urls for request code (authorization), request access token, and request profile.

    I have installed the plugin and set up nconf to use my constants.

    I activated the plugin and refreshed my nodebb forum.

    It is now crashing upon starting and I get the following error.

    24/7 00:37:39 [29650] - error: message=Cannot read property 'length' of undefined, stack=TypeError: Cannot read property 'length' of undefined
    at pathtoRegexp (/root/nodebb/node_modules/path-to-regexp/index.js:63:49)
    at new Layer (/root/nodebb/node_modules/express/lib/router/layer.js:45:17)
    at Function.use (/root/nodebb/node_modules/express/lib/router/index.js:464:17)
    at Function.<anonymous> (/root/nodebb/node_modules/express/lib/application.js:220:21)
    at Array.forEach (<anonymous>)
    at Function.use (/root/nodebb/node_modules/express/lib/application.js:217:7)
    at module.exports (/root/nodebb/src/routes/index.js:139:7)
    at /root/nodebb/src/webserver.js:99:4
    at fn (/root/nodebb/node_modules/async/lib/async.js:746:34)
    at /root/nodebb/node_modules/async/lib/async.js:1213:16
    at /root/nodebb/node_modules/async/lib/async.js:166:37
    at /root/nodebb/node_modules/async/lib/async.js:706:43
    at /root/nodebb/node_modules/async/lib/async.js:167:37
    at Immediate._onImmediate (/root/nodebb/node_modules/async/lib/async.js:1206:34)
    at runCallback (timers.js:810:20)
    at tryOnImmediate (timers.js:768:5)

    My guess is that for some reason, path is being passed as undefined.

    I am stuck and in need of help.

    Please provide feedback or recommendations for how I can implement CAS Single Sign On into my nodebb forum.

    Thank you,

  • 0 Votes
    7 Posts

    Hey @Julian
    Maybe you could post the config on the README.md of the github project.
    It will be more effective.

    Only a suggestion.
    Thanks for the plugin. 👍

  • 0 Votes
    7 Posts

    You should be able to disable registration in the ACP. That will still allow SSO.

    Edit: previous discussion

    User registration only with SSO

    Hi everyone, Quick question, is it possible to disable the registration form, in order to allow registration by SSO only? Thanks for your help Christian


    NodeBB Community (community.nodebb.org)

  • Facebook Oauth

    Solved Technical Support
    0 Votes
    4 Posts

    Could be 😃 Glad to hear it is working now.