Shared Authentication between two node apps when using mongodb
-
Hello,
I try to add my own site with a forum by using NodeBB. So far it's absolutely amazing as a forum software.
However, it works as an independent node application. I had already a website by using nodejs which listens on the port 8080. Both my own website and the NodeBB forum have a login function. How could I shared authentication information between these two separate applications?Note: I use MongoDB.
-
I'm not sure whether I found the answer.
Is it possible to use connect-mongo for sharing the user session between two separate node app.
e.g., www.mydomain.com
forum.mydomain.comCan some one give me an answer?
-
Yes, you can use connect-mongo (or connect-redis) to share sessions. You'll have to match your cookie information as well. Theoretically, this should work, although it may be easier to set up an oauth endpoint using oAuthorize instead.
-
Thx so much.
I will try that after a while
-
@julian said:
Yes, you can use connect-mongo (or connect-redis) to share sessions. You'll have to match your cookie information as well. Theoretically, this should work, although it may be easier to set up an oauth endpoint using oAuthorize instead.
I have a new question, how can I disable the local login strategy and use the new oauth endpoint? or did I understand wrong about the oauth2rize?
-
If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the
POST /loginand/registerroutes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead.
-
@julian said:
If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the
POST /loginand/registerroutes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead.Super, that helps a lot!
Thx in deed
-
There's also a relevant Github issue open for disabling local logins: https://github.com/designcreateplay/NodeBB/issues/1263
closed Allow NodeBB to disable local logins #1263
-
@kevinprotoss Have you been able to do the changes and make your website and nodebb sync with each other?
-
I'm interested in the same use case. Sharing a login form an app to an instance of nodebb. I'm particulary curious about how they achieved that on http://world.kano.me/ since it is an smooth and elegant result. Any clue on how they implemented it?
-
@José-Ángel-Rey-Liñares I don't believe Kano uses NodeBB anymore, though I could be mistaken.
We still recommend https://github.com/julianlam/nodebb-plugin-sso-oauth, though if you have a login API that takes username/password, you could also consider writing a plugin that listens on the
action:auth.overrideLoginhook...
