SSO Endpoint without OAuth2orize

  • @julian You are correct. Your GitHub plugin repository is fine, but if I install the plugin through npm install or NodeBB Admin Panel, then it comes with a plugin.json that has the line "templates": "./templates", which then causes me the error. So basically, your Github is at 0.2.3 but in NodeBB it shows that 0.2.2 is the latest:


    Maybe because I'm using 0.6.0? But not a big issue... Now I just need to figure out how to replace the Font Awesome icon with a custom one 😄

  • Admin

    @rdomzim ah, that plugin should really be removed from npm, actually...

  • Hi Julian,

    Currently we are trying to integrate SSO with respect to our nodejs application. Steps which we have followed are:

    1. Installed "nodebb" module on app server
    2. Then installed "nodebb-plugin-sso-oauth-master" plugin
    3. Restarted nodebb

    Currently i am trying to login a user from "nodeapp" to "nodebb" forum. Consider nodeapp is hosted on same server with different port( and nodebb with another port(

    We are following token based approach to login in our nodejs app and same token can be used to login nodebb. Somehow i am not getting the flow, how to go about it.

    Can you please suggest how to make a call to forum from my nodejsapp with a same login token.

  • Admin

    @nitinayir8 The sso-oauth plugin is merely a skeleton, you cannot install it as-is, you will need to fork it and modify it to communicate with your app's OAuth2 provider.

  • @julian can you please guide us, what exactly we have todo to establish user login through our app. May be a flowchart or a sample code to get more idea about work flow. Currently we are stuck and not getting the workflow.


  • @nitinayir8 @julian I second this request. We're also trying to establish oAuth integration with nodeBB, but the documentation on this is too limited.

  • @julian : even I am looking out for the would be great if you could provide us with proper documentation

  • what oauth strategy are you using? Oauth2 you need to add the url to get the code, the url for the access token, and then a user api url which will return user information based off of the oauth2 access token.

  • OAuth2. Tried several OAuth2 servers for the test environment. So far no luck, currently on oauth2orize.

    How does nodeBB know to address the nodebb-plugin-sso-oauth plugin when requesting Currently it returns a "Not found" error. What helps a bit is overwriting strategies.url in line 125 with my own oauth2orize login URL ''. I can login now, but won't be redirected back to nodeBB. Manually opening afterwards returns the "Not found" error, again.

    There are crucial parts missing here, is there any working example code to use the plugin with any OAuth 2 server (e.g. oauth2orize) out there? A quick tutorial and/or code example would be very helpful. I'm thinking on switching to another forum solution as well. NodeBB seems to be a nice idea, but without detailed documentation its not worth implementing it.

  • Admin

    Hi guys, my apologies for not replying sooner as I've been away.

    The sso-oauth plugin is a skeleton plugin, which means that it will get you about 90% of the way there, but I can't create a "generic" OAuth provider plugin because every OAuth2 provider is different.

    When you fork the plugin and install it into your NodeBB:

    1. You will need to change the values in the constants.oauth or constants.oauth2 section (and change type depending on whether you are using oauth 1 or 2).
    2. The "callback url" is inferred from your NodeBB setup. If the url in your config is, then the callback url will be$NAME/callback, where $NAME is what is set in the constants section.
    3. When you visit /auth/$NAME, it should kickstart the OAuth2 process by redirecting the user to constants.requestTokenURL. You shouldn't have to modify line 125.

  • Admin

    As an addendum, I'm not going to lie, configuring an OAuth2 provider is rage-inducing. You may want to consider a "login-override" instead, which would allow you to verify user credentials via the username/password login box on NodeBB, effectively bypassing NodeBB's username/password check in favour of your own:


Suggested Topics

  • 3
  • 8
  • 4
  • 6
  • 8
| |