Is there some nodebb-plugin-sso-auth0 user ?

@julian So my site receives "https$mysite$site$com/auth/auth0/callback?code=letternumberjumble&state=letternumbersymboljumble" and responds with a 500.

while their site gets "https$forum$antergos$com/auth/auth0/callback?code=letternumberjumble"

$ being replaced with the obvious things because the spam defense doesn't let me post things that seem like links yet.

If I remove the state I can at least get some better feedback from the backend, though it complains the callback code is wrong (probably because it needs to happen in that first response directly, at least I assume it shouldn't work if merely resent/spoofed later).

2018-05-01T15:30:53.594Z [26584] - error: /auth/auth0/callback
TokenError: Invalid authorization code
at Strategy.OAuth2Strategy.parseErrorResponse (/data/node_BB/nodebb/node_modules/passport-oauth2/lib/strategy.js:329:12)
at Strategy.OAuth2Strategy._createOAuthError (/data/node_BB/nodebb/node_modules/passport-oauth2/lib/strategy.js:376:16)
at /data/node_BB/nodebb/node_modules/passport-oauth2/lib/strategy.js:166:45
at /data/node_BB/nodebb/node_modules/oauth/lib/oauth2.js:191:18
at passBackControl (/data/node_BB/nodebb/node_modules/oauth/lib/oauth2.js:132:9)
at IncomingMessage.<anonymous> (/data/node_BB/nodebb/node_modules/oauth/lib/oauth2.js:157:7)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickCallback (internal/process/next_tick.js:180:9)

Don't spend time on it for now, I'll see if I can use a rule on the auth0 site to not send back the state and I'll report back if that works or not.

@julian Actually, I see a code parameter in the one that receives a 500 response from the page.

code someletters
state longersletters+symbols

So I went to the Antergos forum and tried logging in there as well to watch the network, in their case they don't have the state parameter and don't get a 500 response, they have only the code parameter in this part.

The "./nodebb log" output is :
AUTH0 ERROR - ENO-010: {"profile":{"name":{},"_json":{},"_raw":"{}"}}
2018-04-30T08:27:48.885Z [19343] - error: /auth/auth0/callback

The UI shows this text:
Internal Error.

Oops! Looks like something went wrong!

/auth/auth0/callback

undefined

And looking at network traffic with Firefox I see several 302s and a 500 error. I suppose it might be getting stripped somewhere there. I do have the Google SSO plugin working though, so I suppose that data should pass through the Nginx reverse proxies?

How is it maintained? I've seen very strict package systems (e.g. Debian package maintainer that I don't think I'm ready for, building the package is fine, but to actually maintain it in the Debian repo is a fairly large responsibility), very loose ones (e.g. snapd and docker's main repo), and somewhat strict ones (I maintain several R packages on CRAN and if they aren't updated to continue to meet CRAN standards they risk getting archived). I'm not very familiar with npm, and how the list in nodeBB is put together, is it pulled direct from npm and tag filtered or something?

abhinov singh is referencing a different plugin that does SSO with the google's G+ API, but that is not an answer to @remydev's question. The nodebb-plugin-sso-auth0 plugin is used by the Antergos nodeBB forum: forum$antergos$com replacing '$' with '.' because the link was getting my post flagged as spam. Someone from their side is also the author of the plugin. I've been trying to get it to work myself with no luck yet but if you go to login on their page you can experience it working. Maybe we should raise some issues on the github page. I do see it in the GUI menu though, you can both install it and activate it from the GUI, I'm getting an error at the callback stage.

Both of these are available in the plugin list. Looking at the github commits it is not immediately obvious which one should be used as neither is strictly "ahead" per se, but looking at the actual commits I think nodebb-plugin-sso-github would be the one to use. I'm not 100% on that though. Should they both still be in the npm repo/install list shown in the nodeBB admin interface?