NodeBB logged in user details api endpoint



  • Hi,

    I am a relatively new web developer, and wanted to know whether this was a good enough approach to my problem.

    I have nodebb forums running on a subdomain, and want some of the details of the logged in user to be available to my main domain. I do not want a full fledged sso system or something like that, as I want minimum hassle. I was thinking of the following method, and wanted whether this is feasible from a technical and security point of view.

    I was thinking of setting '.example.com' for my express cookie session so it is available on my main domain. From there, I can use this cookie to make a cURL request to a custom api endpoint on my forums, which basically returns the users details if the cookie can be authenticated.

    I hope someone can help me, as I am unsure from a security point of view whether it is feasible.

    Thanks


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.