[nodebb-plugin-session-sharing] Session Sharing

biz

Hey @julian , thanks for this useful plugin.

Why is username or first and last name required in addition to ID inside the JWT? Is it possible to remove this requirement and only require ID to be contained in the JWT?

Surely the user's account can be located with just the ID, correct?

julian

@biz The username (or firstName/lastName combo) is required only so that if the user isn't found, a user can be created with that information.

biz

@julian

When I remove the requirement for username or full name, the findUser does not find the user, the async.parallel returns:

{ uid: null, mergeUid: null }

https://github.com/julianlam/nodebb-plugin-session-sharing/blob/master/library.js
and line 185, the last else clause, would be executed

I suspect it has to do with lines 159 and 160, but I do not understand the code here, do you have any ideas?

biz

@biz Never mind, I had to remove lines 158-161 and 188 and then it works. Thanks a lot for all your work!

NasuhG

I dont know how is this auth process works with jwt.
I have nodebb in forum.example.com and nodejs app in example.com. And reverse proxy with nginx. I have few question:

-When user logins or signs up which route we should POST method to?
-Do I need to install npm install jsonwebtoken?
-Is this JWT Secret key obtained from jwt.io website?
-How can I save a cookie to user browser?
-When I achieve all this and users logins with nodebb credentials how can i access to current logged in user info?
-Do I need to include the user's passwords to Json web token?
-Do I need to set secret in nodebb admin panel?

Edit:So I did some googling and what I understand I need to post the user info to some expressjs route on my app and generate the Json web token in backend and use some cookie plugin for nodejs. But my last two question is remain unclear for me.
@julian

shakirAbuGarbia

first sorry for my english it is not my first language

i am using the session sharing plugin and it is working wonderful , the users on my app login directly to the nodeBB, but i need to classify them into groups I created two group already from the admin panel (Group-1 , Group-2) as i under stand i need to setup the settings from the admin panel and put the group title at the JWT payload that i send to be saved at the cookies

here is how my payload looks like id: uuid,
email: [email protected],
username: username,
groupTitle: 'Group-1',

but when i check the user on nodebb i notes that the user created and logged in successfully but the user join no group ... is it the right approach ??? what to do??
@julian

julian

Hi @shakirAbuGarbia, groups is expected to be an array, so please send in ["Group-1"] and try again

shakirAbuGarbia

@julian thank you so much i was using the wrong key groupTitle instead of groups

Gábor

Hi,

This is a wonderful plugin and it has worked fine for our users. Unfortunately for some users, we set unsigned tokens (cookies). They were complaining about not being able to log in. As soon as we recognized the problem, we changed their cookies to signed ones. Now they are not getting the error message about the need to sign the JWT token but nodebb is not logging them in. They have the cookie set with the correct - signed JWT token - but they are not logged in.

Any clues on how to solve this?

cifangyiquan

hi, @julian
I encountered a problem while using this plugin. When registered users jump to the forum, they will register a new user. Even if "id" is the id of an old user, a new user will be registered.

julian

@cifangyiquan if the user has an existing account before attempting session share login then they will get a new account, since the "remote id" passed in is unknown.

I believe if you pass in an email, it should attempt email user matching.

Julien Heng

Hi @julian!

I'm experiencing a problem with session sharing on the forum. Even after I log out from my website, the forum doesn't log me out. I've set the cookie changes in the admin panel to "Revalidate," but it's not working as expected. Upon closer inspection in the browser's application settings, I noticed that the issue is related to "express.sid" cookie which i have no idea what it is. To successfully log out from the forum, I have to manually clear the "express.sid" cookie.

julian

@Julien-Heng express.sid is the name of the session cookie that NodeBB sets. It's different from the session sharing cookie. For revalidate to work, you need to delete the cookie that is set by session-sharing from the other end.

So when you log out from your website, that cookie needs to be deleted, and then when the user visits NodeBB, the revalidate logic kicks in, can't find the cookie, and logs out the user from NodeBB.

Julien Heng

@julian it works properly now! thank you so much. really appreciate it!

Julien Heng

When a new user registers on the website and subsequently accesses the forum, their account is successfully created on the forum. However, despite specifying in the plugin settings to include the user's email during session sharing (by passing in id, username, and email), the email information is not being transferred or shown in the forum. Do you have any idea why? Thank you in advance!