Despite the error in the logs above, I just noticed that the plugin did do its thing, it logged in uid=1 regardless of what what user/pass was submitted.
So far, so good. but not quite the flow I was hoping for.
Here is what I am trying to achieve, maybe there is a better hook to use:
- user signs in our app, which is on a different subdomain from nodeBB (ie. app = app.domain.com and nodeBB = nodebb.domain.com)
- our app adds a session cookie for .domain.com (ensuring that other subdomains can access the cookie)
- user arrives at nodebb.domain.com
- plugin immediately gets triggered, and checks for the app session cookie
- if found, plugin does work to validate the session and identify the user
- if valid, login matching user or register new nodeBB user
- user logged in
All without the user needing to click the Login link, of course.
Any suggestions? The plugin, as it stands now seems to require a post of the local login form to get triggered, whereas ideally the following logic would happen: IF nodeBB session exists, use it ELSE: look for app session cookie as described above...