SOLVED A question regarding OAuth 2.0 SSO

James Game

I've been looking at the code of the nodebb-plugin-sso-oauth, attempting to implement it, and wondering...

Where does it actually send the password to the OAuth server?

julian

It doesn't, it redirects the user to your site, and you get to handle the password input and verification

James Game

I've been looking into that as well, but I still can't see where the authorizationURL is used

julian

It's used behind the scenes by the OAuth code. It's not sending a username or password, it's just the url that kickstarts the OAuth process. It's caught by your app, and shows the "Do you want to authorise NodeBB to use your xyz account?", or a plain login page if no user is logged in.

James Game

I see, so at this point it all depends on my implementation of the OAuth server...
The problem was that my server operates entirely in JSON, and doesn't display any kind of page (being pretty raw).
Thanks for the hints though, I'll try to work it out, somehow.