and in deleteUserData the first parameter is an object which contains the uid

Because this plugin - and everything based on it - is just using User.create, they're bypassing registration queue completely. This means that unless all SSO plugins are disabled, registration queue is almost useless (experienced this myself with a wave of spam accounts using google and discord sso to bypass the queue set in place specifically because these accounts started appearing).

Unfortunately, due to the way registration queue is implemented in NodeBB, there isn't really a good way to "just add the queue" without modifying how it works. Some ideas:

1. Disable registration completely when queue is enabled (probably the simplest "solution", however it's pretty obvious that it's far from perfect)
2. If queue is enabled and user is queued, save their username/email somewhere alongside oAuth data and create a function using hook action:user.create that will check if any new user matches the saved data and if there is a match - get the uid and process the user like with normal oAuth registration
3. If User.shouldQueueUser is true, show the user an error stating that registrations when queue is enabled are not supported or something (and obviously abort the registration attempt)
4. Actually change the way registration queue works in NodeBB - perhaps it could always assign uids that will be used after acceptation or discarded on rejection of the user? Then this SSO plugins could just use User.addToApprovalQueue instead of User.create if User.shouldQueueUser is true and the problem would be solved.

Btw. I haven't tested it yet, but it seems like there also isn't anything stopping people from registering when invitation-only mode is enabled. The buttons on login page can also register a new user, so even a lack of /register route doesn't help.

Because you only have 3 stars

Only doing this because @julianlam is on holiday... wonder how long it will take him to notice this :D

It crashes when you activate the plugin.

TypeError: Cannot call method 'forEach' of undefined
nodebb/src/plugins.js:560:23
nodebb/public/src/utils.js:39:13
at ReaddirReq.Req.done (nodebb/node_modules/less/node_modules/graceful-fs/graceful-fs.js:143:5)
at ReaddirReq.done (nodebb/node_modules/less/node_modules/graceful-fs/graceful-fs.js:90:22)
at Object.oncomplete (fs.js:107:15)


This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update dependency async to v3.2.5
• chore(deps): update dependency @commitlint/config-angular to v19

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

I installed nodebb but when I searched this plugin, it did not show up.

When a user deletes their profile, deleteUserData is supposed to clear the oauthId -> uid mapping this plugin is keeping. Howerver, that fails since the Id field on the user does not pass a whitelist. This in turn leads to the mapping not being deleted. I will soon push a fix that involves using the whitelist hook.

Flow like this..

1. User is logged out
2. User visits a forum thread
3. User logs in using Oauth
4. User is redirected back to root page

Expected behavior is they are redirect back to the forum thread they wanted to login from.

I'm trying to move my nodebb instance from a custom OAuth2 implementation to Ory Hydra.
Unfortunately the login fails with an error Request parameter 'state' must be at least be 8 characters long to ensure sufficient entropy.

I found a similar issue also with passport here, but applying the state: true to the strategies.push here did not solve the issue.

Any ideas what could cause this?

I use these plugin it works fine, but when I am reading any post or thread after that I click login and I logged in to nodebb using OAUTH. After logged in it redirect me to the main page, not that page that was reading. How I solve these, please help me

I updated NodeBB to 1.5.3 and now I'm getting this every time I try to log in using OAuth:

 InternalOAuthError: Failed to obtain access token
    at OAuth2Strategy._createOAuthError (/var/www/service/nodebb/node_modules/passport-oauth2/lib/strategy.js:379:17)
    at /var/www/service/nodebb/node_modules/passport-oauth2/lib/strategy.js:166:45
    at /var/www/service/nodebb/node_modules/oauth/lib/oauth2.js:191:18
    at ClientRequest.<anonymous> (/var/www/service/nodebb/node_modules/oauth/lib/oauth2.js:162:5)
    at ClientRequest.emit (events.js:159:13)
    at TLSSocket.socketErrorListener (_http_client.js:389:9)
    at TLSSocket.emit (events.js:159:13)
    at onwriteError (_stream_writable.js:409:12)
    at onwrite (_stream_writable.js:431:5)
    at _destroy (internal/streams/destroy.js:39:7)
    at TLSSocket.Socket._destroy (net.js:565:3)
    at TLSSocket.destroy (internal/streams/destroy.js:32:8)
    at WriteWrap.afterWrite [as oncomplete] (net.js:875:10)

Looking at my OAuth2 provider's logs, it doesn't even seem to fire a POST to the token endpoint. Any ideas?

I want to change the icon for Alternative Logins. I update code which is present in login.tpl
But it not works.
So can you please help me how I change that icon. I want to add an image.

Hello everyone,
I am currently trying to use the nodebb single sign-on oAuth2 plugin to integrate patreon (www.patreon.com) with nodebb. I followed the comments on gihub and used the oath plugin but
I cannot seem to get it to work correctly. I changed the library.js file with the following information

type: 'oauth2', // Either 'oauth' or 'oauth2'
name: 'patreon', // Something unique to your OAuth provider in lowercase, like "github", or "nodebb"
oauth: {
requestTokenURL: '',
accessTokenURL: '',
userAuthorizationURL: '',
consumerKey: '',
consumerSecret: ''
},
oauth2: {
authorizationURL: 'http://patreon.com/oauth2/authorize',
tokenURL: 'https://api.patreon.com/oauth2/token',
clientID: 'xxxxxx',
clientSecret: 'yyyyyy'
},
userRoute: 'https://api.patreon.com/oauth2/api/current_user' // This is the address to your app's "user profile" API endpoint (expects JSON)
However, the url created does not seem to work and I get a mismatch resolve url error. When I paste the url into the browser, the give access page shows but once I
grant access, I get an error saying the resolve url does not exist. I was wondering if anyone had any ideas on how to make this work.
Thanks

If the login page is disabled for the security reason and uses only nodebb-plugin-sso-oauth for the authentication, such settings make login screen shows “Alternative Logins” (image link):
https://community.notepad-plus-plus.org/assets/uploads/files/1585117401737-a18ec50a-5bb0-4840-9a67-6f999df4c201-image.png

It makes kind of confusion for users of NodeBB.
Could you consider to set Available Logins instead of “Alternative Logins” in this module if the native login feature in NodeBB is disabled?

My oauth code work well with all users except admin 1. The admin id is 1 and isadmin = true is set in this plugin. The login is fine, but it's redirected to register/complete when click /admin button. Is something missing here?

This repository is basically a perfect example of what repository templates were created for, so why not turn it into one :)

There are two main advantages here:

1. It's easy to create new repository based on a template more than once per account/organization (you can only create one fork per account/org. Then you have to create new repositories copying the content of this one instead).
2. It tells the users that this plugin doesn't work out of the box, but needs to be customized to make it work ("Template" next to repository name on its page)

And since it's just one checkbox in settings it took more time to write this issue that it should take to solve it.

More information:
docs on creating template repositories
docs on using template repositories to create new ones
announcement post

Working on setting up this plugin, and have been able to get to the point where my SSO endpoint is passing data back to the callback URL, but is just receiving a new auth request redirect in return. I have been able to find the prototype/function for handling the callbacks. Where is this set up? Much appreciated.

Is there a simple way to make logged through oauth user administrator, if oauth provider send such flag here https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L109 ?
Something like:
if(json.isAdmin)
{
profile.admin = 1;
}

error: ReferenceError: InternalOAuthError is not defined

https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L74
https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L96

Needs something like this:

var InternalOAuthError = module.require('passport-oauth').InternalOAuthError;

Hi developers & maintainers,

Thanks for keeping this plugin update-to-date 👍
I have a proposal on whether we could verify users from SSO.
There is already a related topic has been discussed in NodeBB community already, but there is still a small problem.

Problem & scenario

Example if the user uses SSO to log in. As an admin, I would like to find that user from ACP, e.g: to delete account.
I search for that email address and no user found. I checked the logic from NodeBB core and it's seems that this logic cannot trigger user object creation.
If I go to the user profile, also no email history is found!

Suggestion (or what I've done)

From this plugin, we could properly write auth logic here. Let's say I would tell user to verify themself first:
if(typeof data.email_verified === "undefined" || data.email_verified === false) { var err_a = new Error('Email address is not verified'); err_a.loginheader = 'Your email address has not yet been verified.' err_a.logintext = 'Check your email for further instructions. <a href="'+config.login_domain+'/confirm_resend?redirect_uri='+config.url+'/login">Resend the instructions to your email</a>'; console.log(err_a) return callback(err_a, null); }

Eventually, it makes sense that we should verify them as a verified user here by adding below code.
await User.setUserField(uid, 'email', payload.email); await UserEmail.confirmByUid(uid);

Now if the user enters the Forum, new joiners got email verified and also we could find him from ACP.

P/s: I'm not sure whether this improvement should be done from NodeBB core, or even here...It's open discussion.

I used NodeBB 2.8.0 with the latest SSO plugin.

I am a newbie to nodebb and nodejs as well. I have an web app by Nodejs and I want to login to my web app from nodebb. Can u give me some introduction ? You said that we could not find this plugin in plugin page so how can we "Activate this plugin from the plugins page" ? Can you give me an example ? I really thank you

Because commits like this will appear in github:

hofkensj@21af9f7

Leaking the client id and secret to the world.
Better off having environment variables or a settings file.

Yea pretty dumb but ugh, the instructions more or less encourage fork and commit