@pitaj This seems to be a new requirement, so if that is truly the case, then our Facebook SSO plugin is not compatible with the latest Facebook changes.
Thanks for reporting
The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.
Luckily, it's quite straightforward to get things working with OAuth2!
The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.
Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.
Once everything is working properly, you should be able to register and log in/out via your web app.
@Danny-McWilliams If you're speaking about the NodeBB setup to use the endpoint - it's extremely easy. However, the endpoint can be kinda tricky.
The flow for the plugin for the forum is:
I am interested in SSO as well. I have seen several threads that mention the "how to" as described by @julian above, but haven't yet seem any real world examples or replies from folks who have done it. I would be great to hear some such examples.
(We are trying to make a decision between nodeBB and Discourse. I like what I am learning about nodeBB so far, but SSO may be important for us. Looking for some added confidence that we'd be able to get an Oauth2 endpoint setup on our app, which is powered by node)
The difficult part about OAuth2, and why we can't get a "one size fits all" solution, is because everybody's API is different. That's why you need to modify the plugin to use the correct URLs for the OAuth endpoints and for the User API.
Secondly, everybody's user API is different. Where one may use
username, another may use
nickname. That's why it needs to be customised to fit each and every install.
Perhaps a blog post may help?
@markcarey I created an OAuth2 endpoint on my website from scratch and made NodeBB utilize it successfully. It was the first time I engaged in such an endeavour and it wasn't easy!
I followed the examples provided in the OAuth2orize plugin's github.
Besically all you have to do is swap out the local db they use and implement your db logic. Also use some sort of UID generator for client ids/secrets.
If you have that done and are able to successfully authorize with some tool, for example Postman or the Google OAuth Playground it should be pretty straightforward from there to setup the NodeBB SSO OAuth plugin to fit your website.