I've been looking at the code of the nodebb-plugin-sso-oauth, attempting to implement it, and wondering...
Where does it actually send the password to the OAuth server?
It doesn't, it redirects the user to your site, and you get to handle the password input and verification
I've been looking into that as well, but I still can't see where the authorizationURL is used
It's used behind the scenes by the OAuth code. It's not sending a username or password, it's just the url that kickstarts the OAuth process. It's caught by your app, and shows the "Do you want to authorise NodeBB to use your xyz account?", or a plain login page if no user is logged in.
I see, so at this point it all depends on my implementation of the OAuth server...
The problem was that my server operates entirely in JSON, and doesn't display any kind of page (being pretty raw).
Thanks for the hints though, I'll try to work it out, somehow.