SSO question (NodeBB, Wordpress, etc. )
MYU last edited by
I am building a site. I will use Wordpress for content management and will use NodeBB for discussion board, as well as comment engine for wordpress. (I also plan to use openfire for chat.)
I am thinking to use wordpress as oauth server and block user registration function in nodebb. In other words, visitors must register accounts (and their nodebb account will be created at the same time) and log on through wordpress. Once they log on, they can go to nodebb to discuss.
Is this the correct way?
@MYU correct way in this case would be subjective. Whatever works best for you would be the correct way.
You can do this by creating an OAuth endpoint in WordPress and, like you said, removing a few things from your template and stuff to hide the registration stuff.
However, you might want to consider making a two-way bridge. An auth endpoint in both NodeBB and WordPress, sharing sessions between both. I feel like that would be a better way, and possibly easier, as trying to remove registration could be difficult.
The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.
Luckily, it's quite straightforward to get things working with OAuth2!
The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.
Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.
Once everything is working properly, you should be able to register and log in/out via your web app.