@julian Is it possible to just add a toggle in the plugin's admin page and works only for this plugin. If the oauth2 server is down, just remove the plugins temporarily. I have a doubt whether NodeBB has already a safe mode start, this means starting without all the plugins ?
K
kevinprotoss
@kevinprotoss
Posts
-
How disable general local login strategy -
How disable general local login strategy@julian Thanks your cue. You are absolutely right. If it's just a toggle, then it will be a dead lock. Is it possible to make it as a bootstrap config?
-
How disable general local login strategy@julian I see. That's what I mean. If I wanna completely disable the
/loginand/registerroute for NodeBB, must I modify the source code of NodeBB? Is there any other possibilities? -
How disable general local login strategyTo disable the local login, must I remove the routes for /login und /register? What do you mean 'hiding' @julian ? Or just fork and modify the theme, e.g., remove login.tpl and link in the menu.tpl?
If so, which theme should I modify? Will the templates in the lavanda overwrite those of in the vanilla? -
Cross login@Paolo exactly you are right. I have the same purpose as yours. It's possible to persist the session in MongoDB and share between two node apps. I had tested this ways as well. However, it's quite more difficult than sso solutions, since you need to implement in your node app with all NodeBB User relevant stuff, maybe still groups and others. I tried to do that and it worked already. Now I found it's better to enable sso login and disable nodeBB local login.
For a simple oauth2 provider, you can find an example in the oauth2orize repository: oauth2 provider
For the client side, all you want is the plugin which Julian had implemented. -
Cross login@julian Great work, it works for me as well.
-
Cross login@julian The keys is 'abc123' and secrets is 'ssh-secret'
I tried the new version plugin, but I get an error from the new code:
https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L33
The settings is undefined. -
Cross loginThanks julian, I understand how should I set the userProfileURL now. I'll give a try. Still a question is how to add these two routes mentioned above?
According to the passport.js, it's used to make a request for getting the token. Is it not required?
-
Cross login@julian said:
Note that this plugin is only a basic skeleton! It allows you to connect to an oauth provider, but stops short of registering/login, as each provider handles user data differently. You'll have to fork it, install it, and play around with it to finish it off
Hello Julian,
I had tried to install this plugin and play around with it. However, I can not let it work so far. I'm not sure whether I configure all the things correctly.
How should I set the 'userProfileUrl'? just a pathname of the userProfile link for nodeBB?
I tried the plugin with a example oauth2 provider, it fails to get the token.
And I check the source code of the plugins, I can not found where did you add the two routes for oauth2? '/auth/generic' and '/auth/generic/callback'
I read in the passport tutorial, these two routes are required for OAuth 2.0 authenticationapp.get('/auth/provider', passport.authenticate('provider')); app.get('/auth/provider/callback', passport.authenticate('provider', { successRedirect: '/', failureRedirect: '/login' }));What do you mean not finish? How should I extend the plugin? e.g., add the routes?
-
Shared Authentication between two node apps when using mongodb@julian said:
If you have OAuth2orize set up on your other application, you can fork the sso oauth plugin, customise it, and point it to your new OAuth2 endpoint. To disable the local login, you'll have to remove the
POST /loginand/registerroutes, and change the theme header so that it just calls the OAuth SSO endpoint directly instead.Super, that helps a lot!
Thx in deed -
Shared Authentication between two node apps when using mongodb@julian said:
Yes, you can use connect-mongo (or connect-redis) to share sessions. You'll have to match your cookie information as well. Theoretically, this should work, although it may be easier to set up an oauth endpoint using oAuthorize instead.
I have a new question, how can I disable the local login strategy and use the new oauth endpoint? or did I understand wrong about the oauth2rize?
-
How disable general local login strategyHello,
I intend to implement a new oauth2 endpoint and use the oauth2 login plugin for nodebb, but I have a question, is it possible for me to disable the local login strategy or login page in the admin settings?
Best regards,
Kevin -
Shared Authentication between two node apps when using mongodbThx so much.
I will try that after a while
-
Shared Authentication between two node apps when using mongodbI'm not sure whether I found the answer.
Is it possible to use connect-mongo for sharing the user session between two separate node app.
e.g., www.mydomain.com
forum.mydomain.comCan some one give me an answer?
-
Shared Authentication between two node apps when using mongodbHello,
I try to add my own site with a forum by using NodeBB. So far it's absolutely amazing as a forum software.
However, it works as an independent node application. I had already a website by using nodejs which listens on the port 8080. Both my own website and the NodeBB forum have a login function. How could I shared authentication information between these two separate applications?Note: I use MongoDB.