Whoops, my tongue slipped.
NodeBB SSO Plug-in Flow
-
I'm using the following sample SSO plug-in as an OAuth2 client for an OAuth2orize server and have some questions about how it works:
https://github.com/julianlam/nodebb-plugin-sso-oauth
I've forked the above code from GitHub and modified the library.js file with my URLs and parameters as suggested in the code comments.
My expectation was that the process would flow like this:
- Client calls server to authenticate
- Server authenticates, asks about granting access to resources and redirects back to client with an authentication code.
- Client then calls the server to exchange the authentication code for an access token
- Server responds with an access token
- Client then calls the server to get user info, passing the access token
- Server responds with user info JSON
Looking at my logs, I see that step 3 doesn't happen, but instead the flow goes straight to step 5. The problem I have is that step 5 requires an access token which it doesn't have, so the auth fails.
Am I not understanding something about the way this works or do I need to make some more code changes to the sample sso plugin?
-
Found the problem: Step 3 requires that the server accept HTTP POST - I was only accepting GET.
