Account destroyed upon signing in with second OAuth provider

General Discussion

Suggested Topics

  • 0 Votes
    5 Posts

    @Samson-Liu to expand on @PitaJ's reply:

    The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

    Luckily, it's quite straightforward to get things working with OAuth2!

    The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

    Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

    Once everything is working properly, you should be able to register and log in/out via your web app.

  • 0 Votes
    2 Posts

    Check out the event lot page in the ACP (under advanced). The user's deletion event should have been logged, and the IP address should have been saved.

    ... as long as your NodeBB is new enough, that is 🙂

  • Account security issue

    Solved General Discussion
    0 Votes
    3 Posts

    thanks, I hava been update to v0.7.0 and fixed the isuse

  • 0 Votes
    14 Posts

    I use mongo so I have to follow a different approach to unlock my account
    launch your mongo cli, switch to the nodebb db and run


    uid is usually 1 for admin

    If you don't know what your uid is you can run

    db.objects.remove({"_key": { $regex: /lockout:.*/ }})

    to unlock all locked accounts

    Becareful when doing this as I'm not sure if it would have any other side effects I'm not aware of. It's only meant to be a quick way restore order if you keep locking yourself out during dev

  • 0 Votes
    3 Posts

    Hi @nashsai -- if you have some programming experience, you can create an LDAP SSO plugin, using our existing SSO plugins (fb, google, twitter) as a template. You would have to replace the underlying library to use passport-ldap.