Shared Authentication between two node apps when using mongodb

kevinprotoss

Hello,

I try to add my own site with a forum by using NodeBB. So far it's absolutely amazing as a forum software.
However, it works as an independent node application. I had already a website by using nodejs which listens on the port 8080. Both my own website and the NodeBB forum have a login function. How could I shared authentication information between these two separate applications?

Note: I use MongoDB.

kevinprotoss

I'm not sure whether I found the answer.

Is it possible to use connect-mongo for sharing the user session between two separate node app.
e.g., www.mydomain.com
forum.mydomain.com

Can some one give me an answer?

julian

Yes, you can use connect-mongo (or connect-redis) to share sessions. You'll have to match your cookie information as well. Theoretically, this should work, although it may be easier to set up an oauth endpoint using oAuthorize instead.

kevinprotoss

Thx so much.

I will try that after a while

kevinprotoss

@julian said:

Yes, you can use connect-mongo (or connect-redis) to share sessions. You'll have to match your cookie information as well. Theoretically, this should work, although it may be easier to set up an oauth endpoint using oAuthorize instead.

I have a new question, how can I disable the local login strategy and use the new oauth endpoint? or did I understand wrong about the oauth2rize?

julian

If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the POST /login and /register routes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead.

kevinprotoss

@julian said:

If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the POST /login and /register routes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead.

Super, that helps a lot!
Thx in deed

miksago

There's also a relevant Github issue open for disabling local logins: https://github.com/designcreateplay/NodeBB/issues/1263

julianlam created this issue in designcreateplay/NodeBB

closed Allow NodeBB to disable local logins #1263

kblade

@kevinprotoss Have you been able to do the changes and make your website and nodebb sync with each other?

jarey

I'm interested in the same use case. Sharing a login form an app to an instance of nodebb. I'm particulary curious about how they achieved that on http://world.kano.me/ since it is an smooth and elegant result. Any clue on how they implemented it?

julian

@José-Ángel-Rey-Liñares I don't believe Kano uses NodeBB anymore, though I could be mistaken.

We still recommend https://github.com/julianlam/nodebb-plugin-sso-oauth, though if you have a login API that takes username/password, you could also consider writing a plugin that listens on the action:auth.overrideLogin hook...