Integrate NC with NodeBB forums with this OAuth2 (SSO) plugin for register/login

Hello

I was added new nodeBB OAuth2 plugin to login/register through NC instance. Install it with nodeBB ACP.

Regards

Sorry, but I don’t understand what you want to tell us. Can you please revise your text a little bit to be more precise.

I changed a little the title.

I was made a plugin for NodeBB forums, that use Nextcloud as OAuth2 provider. Then users already registered at NC can register/login on any NodeBB forum usin SSO, like with Facebook, Google, etc.

That sounds good. I would recommend that you provide a link to your NodeBB plugin so that interested users can find and download it, if required.

For install there is no need for URL because nodebb admins can install plugins directly inside their ACP (Admin Control Panel).

Anyway, this is the URL:

Thanks and best regards

Hello normando,

I can’t use nodebb sso nexcloud app, ihave ths error:
identification certificat invalid

https://nodebb_url/login is fordidden

Can you help me please ?

Hi.

You need to edit a few things to adapt to your setup. Please, read the README file o read at https://github.com/NormandoHall/nodebb-plugin-sso-nextcloud

Of course you need to replace some strings like NODEBB_URL with you own domain name. Basically:

• Go to your NextCloud -> Settings - > Security, scroll down to OAuth 2.0 Clients.
• Add new client with a name, and the callback URL, like this: https://NODEBB_URL/auth/nextcloud/callback (replace with NODEBB_URL with you domain)
• The copy the generated ID and SECRET
• Open and edit your NodeBB config.json file and add the ID/Secret pair:

  "oauth": {
    "id": "someoauthid",
    "secret": "youroauthsecret"
  },

• Open and edit the file library.js located under node_modules/nodebb-plugin-sso-nextcloud, replace NC_URL with your NextCloud URL (lines 60, 61 and 65)
• Activate this plugin from the plugins page
• Restart your NodeBB

Let me know if you can fix it.

Regards

Thanks for your answer, but I did everything you explain to me. I followed the readme of the application. But the error is present. My nextcloud is managed by an active directory.

Are you restart NodeBB? You get the same error? Are you using SSL? Your nodeBB is under http or https?

With NodeBB v1.13.1 and Nextcloud 17.1
With nextcloud ldap app

[[error:invalid-login-credentials]]
URL de la requête :https://domaine.org/login

Méthode de la requête :POST

Adresse distante :x.x.x.x:443

Code d’état :

403

Version :HTTP/2.0

Politique de référent :strict-origin-when-cross-origin

Maybe i must in NodeBB ACP do Settings>User>User Registraion>No Registration ?
After test same result

Leave registration settings as you want.

To discard ldap, register one single user in NC and test with that user.

Another thing I suspect is your web server configuration for nodeBB. If you are using nginx, this is my conf

upstream io_nodes {
    ip_hash;
    server 127.0.0.1:20000;
    server 127.0.0.1:20001;
    #server 127.0.0.1:20002;
    #server 127.0.0.1:20003;
}

server {
  listen       80;
  server_name forum.domain.com.ar;
  return 301 https://forum.domain.com.ar$request_uri;
}

server {
    listen 443 ssl http2;
    server_name forum.domain.com.ar;
    root /opt/forum/nodebb/public;

#    access_log  /var/log/nginx/forum-access.log;
access_log off;
    error_log   /var/log/nginx/forum-error.log;
    ssl_certificate /etc/letsencrypt/live/domain.com.ar/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com.ar/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this topic first.
#    add_header Strict-Transport-Security "max-age=0";
##    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
#    add_header X-XSS-Protection "1; mode=block";
#    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://io_nodes;  # no trailing slash
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    gzip            on;
    gzip_min_length 1000;
    gzip_proxied    off;
    gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;

}

I am under apache, my config:
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName nodebb.domaine.org

SSLEngine on
SSLCertificateFile /etc/ssl/private/nodebb_domaine_org.crt
SSLCertificateKeyFile /etc/ssl/private/nodebb.domaine.org.key
SSLCertificateChainFile /etc/ssl/private/nodebb_domaine_org.ca-bundle

# Basic security headers
Header always set X-Content-Type-Options "nosniff"
Header always set X-Xss-Protection "1; mode=block"

# NodeBB header
RequestHeader set X-Forwarded-Proto "https"

# Static file cache
<FilesMatch "\.(ico|jpg|jpeg|png|gif|js|css)$">
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 14 days"
        Header set Cache-Control "public"
    </IfModule>
</FilesMatch>

ProxyRequests off
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

# Custom Error Document when NodeBB is offline
ProxyPass /error-documents !
ErrorDocument 503 /error-documents/503.html
Alias /error-documents /root/nodebb/public

# Websocket passthrough
RewriteEngine On
RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
RewriteCond %{QUERY_STRING} transport=websocket    [NC]
RewriteRule /(.*)           ws://localhost:4567/$1 [P,L]

ProxyPass / http://localhost:4567/
ProxyPassReverse / http://localhost:4567/

# Log stuff
ErrorLog ${APACHE_LOG_DIR}/nodebb.domaine.org-error.log
CustomLog ${APACHE_LOG_DIR}/nodebb.domaine.org.log combined

Can you run this in a console and paste the results ?

curl https://NC_USERNAME:NC_PASS@NC_URL/ocs/v2.php/cloud/user -H 'OCS-APIRequest: true'

Replace NC_USERNAME, NC_PASS, NC_URL with your values

With your command:
curl https://NC_USERNAME:NC_PASS@NC_URL/ocs/v2.php/cloud/user -H ‘OCS-APIRequest: true’

Result:

-bash: !@NC_URL/ocs/v2.php/cloud/user: event not found

With this command:
curl -u NC_USERNAME:NC_PASS -X GET ‘https://NC_URL/ocs/v2.php/cloud/user’ -H ‘OCS-APIRequest: true’

wih nc_username test2

?xml version=“1.0”?
ocs
meta
status>ok</status
statuscode>200</statuscode
message>OK</message
meta
data
storageLocation>/var/nc_data/test2</storageLocation
id>test2</id
lastLogin>xxxxx728xxxxx</lastLogin
backend>LDAP</backend
subadmin/
quota>
free>xxxxx14xxxxx</free
used>0</used
total>xxxxx14xxxxx</total
relative>0</relative
quota>-3</quota
quota>
email>test2-Rocket@mail.fr</email
phone></phone
address></address
website></website
twitter></twitter
groups>
element>Groupe</element
groups>
language></language
locale>
backendCapabilities
setDisplayName></setDisplayName
setPassword></setPassword
backendCapabilities
display-name>test test2</display-name

@ludovicis there was a bug in the code. Please, update plugin to the last version (0.3.6), change again the lines 60, 61 and 65 of library.js, reload, restart and test again. Sorry for the inconvenience

Happy new year
Thanks Normando, it’s ok with the update plugin.

How i can customize the new button in “To log in” “other connection methods”, please ?
To put for example “Connection with nextcloud”…

Happy New Year ludovicis!!!

In line 160 of library.js you can see the Fon Awesome icon used: fa-check-square

You have a few choices.

First, look at similar plugins, like nodebb-plugin-sso-facebook to look at how customized this and repeat the same for this plugin. This require to use templates, etc.

Another and simpler. In your nodeBB Admin Control Panel, go to Appearance - > Custom Content, and select Custom CSS/LESS. Add this line (of course customize as you want):

.nextcloud a i::after{content: " Connection with nextcloud"; font-size: 24px; }

Set “Enable Custom CSS/LESS” switch, and save the changes. Reload browser and you see the text.

You can change the icon, and the text, add background to css and vertical aling your text.

Regards!

Thanks for your quick answer

.nextcloud a i::after{content: " Connection with nextcloud"; font-size: 24px; }
Don’t work

But i can change with my fr language in /…/nodebb/public/language/fr and /…/nodebb/build/public/language/fr
the line “alternative logins” “Autres méthodes de connexion” by “Se connecter via Nextcloud”

I will test other customize setting
Thanks again for your help

FYI there is no need to change language into build directory, because this is update every time you upgrade you nodeBB. Change only under public folder, and do in root folder of nodeBB:

./nodebb build languages

It is strange there is no changes when you add this class into custom css classes.

.nextcloud a i::after{content: " Se connecter via Nextcloud"; font-size: 24px; }

Ensure you enabled live reload and custom classes switches, and save then when finish.

You’re welcome.

You are right, it’s ok now with enabled live reload and custom classes switches.