Best way to share user data between two forums?



  • I want to share user data between two forums, so that a user can log into both with the same account and have the same account metadata. Currently I'm patching one of the forum's code (mainly src/user and src/groups) so that it reads/writes from the other forum's database.
    My question is: would this be a good way to share the user data? What could be the caveat? Currently my code is working-ish but I need to know more about this before I can migrate my production database.


  • Global Moderator

    The best way to do this is to use the NodeBB session sharing plugin.


  • GNU/Linux Admin

    Yeah, I agree... Having the two forums share the same database for users is risky. I was going to recommend using a third party OAuth provider as the central point, and each NodeBB handles its own local database



  • @julian @PitaJ @arsdragonfly

    I'm investigating the session sharing plugin to share a session between multiple nodebb forums. Say a user creates an account in Forum A they then hop over to Forum B and are logged in via session sharing. Will the user always have to log in to Forum A before they visit Forum B? Could a solution be to have a "universal" sign-on page that sits in front of the forums?



  • I'm going to document my experience adding the session sharing plugin to nodebb here, in case it will help others. My forum is deployed to Heroku and Initially NodeBB crashed when trying to install the plugin.

    1. npm i nodebb-plugin-session-sharing
    2. git add *
    3. git commit
    4. git push -u heroku master
    5. In the ACP find Plugins > Install Plugins > nodebb-plugin-session-sharing click activate
    6. Click Rebuild and Restart Forum
    7. App crashed

    I reverted to the previous good commit. I upgraded NodeBB, then tried to install the plugin again, with success.

    1. git reset --hard <last good commit> (know what you are doing before you use "reset --hard")
    2. npm i nodebb-plugin-session-sharing
    3. ./nodebb upgrade
    4. git add *
    5. git commit
    6. git push -u heroku master
    7. In the ACP find Plugins > Install Plugins > nodebb-plugin-session-sharing click activate
    8. Click Rebuild and Restart Forum
    9. Reload the page when the Rebuild and Reset is done.
    10. Find Plugins > Session Sharing


  • @julian, @PitaJ , @baris ,
    Could you briefly explain what is meant by

    • "using a third party OAuth provider as the central point",

    in combination with the information from
    https://github.com/julianlam/nodebb-plugin-session-sharing

    • "When a user logs in, you'll need to save a cookie in their browser session for NodeBB. This cookie needs to have a couple special attributes: . . ."

    Are you saying the best process is to create another app for managing user login?

    Would you discourage development (if it's possible) of a NodeBB plugin with the ability to create the necessary cookie to log into other NodeBB instances?


  • GNU/Linux Admin

    Yes, you'd want to use another service to manage users... there isn't a plugin that allows your NodeBB to act as an OAuth2 provider, but that would be a possible solution.



  • @julian, @PitaJ, @baris
    I built a single sign-on app for my multi-forum use case. Thanks for the help! I'm going to clean it up and share it soon.

    Quick question. I'm sure many of my forum users will attempt to update their profile in the forum software, Is there a hook that fires when the profile information is updated? I'd like to create a plugin that updates my SSO database.


  • GNU/Linux Admin

    Easiest way would actually be to hide the user profile stuff in the various NodeBBs, and have the profile data managed on the SSO provider itself 🙂



  • @julian Thanks for your thoughts on the solution. I'm still thinking about the the appropriate user experience, but easy has a nice ring to it!

    I'm still learning about the inner workings of Nodebb. I found the autogenerated list of hooks and I'm curious if you think one of the following hooks would be most appropriate for the plugin I described:
    filter:user.updateProfile
    action:user.updateProfile


  • GNU/Linux Admin

    Depends what you want to do... if you want to be notified when user data is updated, then the action hook is fine (if you're not changing anything in the data payload itself).

    Useful if you want to take the new user data and update another set of data somewhere else 🤔


Log in to reply
 

Suggested Topics

| |