SSO questions

General Discussion
  • I'm looking at using the SSO plugins for Google, Facebook, and Github. I have a few questions before I install these:

    1. Are they all stable?
    2. On the registration page, are all options for registering presented, including just registering with an email address?
    3. What happens to accounts that were registered through SSO if I eventually delete the SSO plugin that the account was registered under?
    1. I think we use all of them here, and I haven't heard of any issues.
    2. It's configurable. By default, normal email-based registration is enabled. You can disable it in the ACP.
    3. Their existing browser sessions will persist, but they won't be able to log in without the SSO plugin.
  • If needed, is there a way to convert SSO accounts to local ones? Obviously they would require a password reset.

Suggested Topics

  • 0 Votes
    2 Posts

    The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

    Luckily, it's quite straightforward to get things working with OAuth2!

    The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

    Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

    Once everything is working properly, you should be able to register and log in/out via your web app.

  • 0 Votes
    3 Posts

    I guess that could work. I was hoping that NodeBB could somehow be set up as an oauth2 provider. Any guidance on if that is possible would be appreciated.

  • 0 Votes
    8 Posts

    @supersym Good point there, just, I don't know how Xenforo does it 😛

  • 0 Votes
    2 Posts
    var meta = module.parent.require('./meta');. Then, meta.config may have the configuration (might need to double-check that). var nconf = module.parent.require('nconf'); will allow you to hook into the configuration utility we use: nconf.get('url') returns the full url. Unfortunately not -- our hooks are designed to keep the information passed in to a minimum. The posts.parse hook is called whenever a piece of content needs to be "parsed like a post". It is not strictly a hook that is called whenever a topic is loaded. Perhaps you can look into filter:post.getPosts?
  • 0 Votes
    16 Posts

    @julian @psychobunny

    Correct me I am wrong, as of now we can post only a particular board, right ? We can simply change the no. 4 /5 or one of our choice. Also Custom home page header vanishes when I click the logo button.