Buy Hosting

Sharing SSO Sessions

NodeBB Development
  • Vipul BhavsarV

    I have an existing website which is built using express and node.js , I have to incorporate nodebb in that website, I am using facebook login for both of them but I have to login into them seperately one by one(using same facebook app for both). What I want to do is,

    1.Login via fb or any sso in the main site and the user should be logged in the forum via the same automatically.

    1. How can I integrate nodebb in my website so that the look and feel doesn't change, it looks like I am on a completely different website, just need some tips to integrate nodebb in my existing website.

    How can I achieve these two?

    1
  • PitaJP

    OAuth2 endpoint on your main site. Pinging @julian because he has the canned response for this

    0
  • julianJ

    The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

    Luckily, it's quite straightforward to get things working with OAuth2!

    The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

    Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

    Once everything is working properly, you should be able to register and log in/out via your web app.

    0
  • A

    @julian said:

    The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.

    Luckily, it's quite straightforward to get things working with OAuth2!

    The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.

    Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.

    Once everything is working properly, you should be able to register and log in/out via your web app.

    Canned responses working perfectly I see. 😛

    0
  • psychobunnyP

    Hah. I was wondering what purpose I'd use the canned responses plugin for. Now I know:

    Pinging @julian - he probably has the canned response for your issue kthx

    0
  • julianJ

    Stahp :rage2:

    0
  • psychobunnyP

    Haha or alternatively a feature request: ability to copy other people's canned responses 😉

    0

Suggested Topics

  • R

    Login options other than session sharing plugin

    Locked NodeBB Development
    0 Votes
    2 Posts
    252 Views
    julianJ

    @raj-0 https://community.nodebb.org/post/86615 duplicate, locking.

  • Y

    Someone using session-sharing?

    NodeBB Development
    0 Votes
    2 Posts
    987 Views
    PitaJP

    @yami

    https://github.com/julianlam/nodebb-plugin-session-sharing/blob/master/README.md

  • maniM

    Why I can't share topic?

    NodeBB Development
    1 Votes
    9 Posts
    3k Views
    maniM

    @luke Yes, I changed as below, put share icon at the right
    upload-3de7a56f-2649-47a4-8600-cfb323e982c1

  • J

    Using PHP sessions with nodebb?

    NodeBB Development
    0 Votes
    28 Posts
    15k Views
    S

    @julian I see. Well I'm trying to basically port Vanilla's plugin to Nodebb, but I'm not sure if I'll be able to so it'd be cool if you devs had some official, simpler solution like it.

    Vanilla's is really easy. You give it the url for your registration and login page, and a url where it expects JSON to return for a users name, email, etc if they're logged in. If they're logged in, it creates a Vanilla forum user for them if one doesn't already exist. If they already on, it just logs them in normally as if they typed in their username and password on the Vanilla forums.
    So no matter what auth system you use, you can use your own API to output the JSON it wants, so long as the client-id and secret key supplied matches up as well. I have my own accounts system and it took me like <1 hour to read the documentation for how to set it up with Vanilla's and do a custom implementation.
    Reading the oauth plugins on the other hand, I'm rather clueless on what I need to do to make it work for my own, and what I need on my own site's end of things. Like looking at the BNET plugin, I can't figure out what "clientID: process.env.BNET_ID" and "clientSecret: process.env.BNET_SECRET" are, among other things. It's just too in depth for something that should be simpler.

    edit: Actually I see what the process.env are. They're user environment variables. But well, still, the oauth sso is way more complicated than I think a lot of people will want.
    Like if I want to replace the profile, I'd rather that have a separate plugin replacing the profile. Not part of the OAuth implementation. I imagine I can just cut that out while forking, but still. I wish there was something as simple as Vanilla's JSONP SSO.

    And as I look through more, I'm not seeing why authorizationURL, tokenURL, clientID, clientSecret can't just be on settings pages instead of constants, with an oauth/oauth2 radial.

  • B

    share NodeBB Header and Footer

    NodeBB Development
    0 Votes
    28 Posts
    10k Views
    B

    @StuartH it may have to do with how often NodeBB calls the filter:footer.build hook, and since it's a SINGLE PAGE APP, it's not much, I've seen that weirdness, but I am not too sure what to do about it, the filter is pretty straight forward. what you can do to verify that's the footer code is being generated correctly, is to view-source of the page, then search for nodebb-plugin-42 comment.
    if for some reason, the javascript generated is invalid, you may have a page error. I am working on a fix for this issue

Copyright © 2023 NodeBB | Contributors