NodeBB Oauth SSO Plugin and Wordpress



  • @Julian I was vaguely aware of passport, but I just had a closer look and it's seems like an great plugin to have with over 50 mainstream sites strategies already available.

    I hadn't really thought about the Discourse con of only one external login but when you thinkabout it but it is a big con. Ideally you want to have multiple login options for end users so that's some thing to think about.

    The Nodebb cons are also to be considered, even with passport there is still a bit to be done for each provider.



  • Ok guys, here is my first stab at trying to get the Wordpress plugin working and I am failing miserably so far. I keep getting a 404 at Nodebb whatever I do. Frustrating.

    @Julian thanks for the passport link, I was vaguely aware of it and since I am currently trying to understand SSO and have been reading the OAuth 2.0 draft it was helpful to go through all the strategies.

    WIth my slighter better understanding the Google SSO plugin seems to be the closest fit to the Wordpress Oauth2 plug in.

    Here is a screenshot of the token endpointnodebb-sso.png

    And of the access user profile endpoint

    nodebb-sso2.png

    And here is my first attempt at a custom strategy. The data is provided in json by the wordpress plugin. Only including the changed bits from the Google Oauth2 strategy. Please note the Wordpress Oauth 2 plugin does not work without the 'state=' parameter.

    function Strategy(options, verify) {
    options = options || {};
    options.authorizationURL = options.authorizationURL || 'http://example.com/oauth/authorize?state=2020';
    options.tokenURL = options.tokenURL || 'http://example.com/oauth/request_token';

    OAuth2Strategy.call(this, options, verify);
    this.name = 'wordpress';
    }

    Strategy.prototype.userProfile = function(accessToken, done) {
    this._oauth2.get('http://example.com/oauth/request_access', accessToken, function (err, body, res) {
    if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }

    try {
      var json = JSON.parse(body);
      
      var profile = { provider: 'wordpress' };
      profile.id = json.ID;
      profile.displayName = json.user_nicename;
      profile.name = json.user_login;
      profile.emails = [{ value: json.user_email }];
      
      profile._raw = body;
      profile._json = json;
      
      done(null, profile);
    } catch(e) {
      done(e);

  • Plugin & Theme Dev

    Any update on a Wordpress SSO?



  • @Tanner said:

    Any update on a Wordpress SSO?

    Should be pretty simple to be honest. There's a passport for it. For you, I'll see what I can do. 👍

    EDIT: The passport is for Wordpress.com 😆 Damnit.

    I'm going to have to install Wordpress and look through a few plugins.


  • Plugin & Theme Dev

    @a_5mith did you ever have a look at this? 🙂



  • @Tanner Erm... I, forgot. 😢 I'll have a quick look through some plugins now.

    EDIT: Should be possible using this


  • Plugin & Theme Dev

    @a_5mith what about having Wordpress be the oAuth client and not the provider?



  • Hey Everyone,

    I know this thread is a bit old but I thought I would chime in here being the developer of the WP OAuth Server plugin you mention here.

    @Tanner I recently published the OAuth client plugin for WordPress. If you are still interested, you can visit https://wp-oauth.com. The plugin is a premium plugin but is very reasonable.

    To everyone else, I am not familiar with the platform you are using but I do have a very good understanding of security, authentication via WordPress and core of WP OAuth Server. I am open to helping where ever I can. If anyone needs a hand, shoot me an email, reply back here or submit a support request either on at https://wp-oauth.com or the WP forums.

    Looking forward to helping where I can.


  • GNU/Linux Admin

    @Justin-P-Greer Very cool to have you here. Welcome! 😄

    Poor @raul has been waiting months for this, and I promised to help him out but I ended up getting very sidetracked by other issues with NodeBB.

    As long as your WP plugin can establish a standard OAuth2 endpoint, we can probably build something against it.



  • The plugin uses the "oauth/authorize" and "oauth/token" for authorization. This is to spec for OAuth2. Now as far as the resource API, there is no spec given as long as the acess token is given. Current the endpoint for the user resource is "/oauth/me?access_token=xxx". The "me" endpoint is there by default and returns basic information about the user from WP user meta fields. It can be modified very easier using WP filters.

    You can visit the documentation or just shoot me an email if you need anything.



  • I'm interested in this too. Was exactly thinking about using your wp plugin to achive the mentioned functionality. What a coincidence.





Suggested Topics

| |