nodebb-plugin-fusionauth-oidc
Advanced tools
Authenticate to FusionAuth or any OpenID Connect identity provider.
This plugin is developed and supported by FusionAuth but it is intended to work with any OpenID Connect identity provider.
If you find any issue or a missing feature, please open an issue.
Email claim can be loaded without restarting NodeBB.npm link in this directorynpm link nodebb-plugin-fusionauth-oidc./nodebb build./nodebb devExtend > Plugins from the menuFind Plugins from the sub-menufusionauth-oidc
Install button on the nodebb-plugin-fusionauth-oidc resultInstalled from the sub-menunodebb-plugin-fusionauth-oidc plugin and click ActivateTo configure the OpenID Connect plugin, perform the following steps to navigate to the configuration panel.
Plugins > OpenID Connect from the menuYou will need your Client Id, Client Secret and the endpoint URLs provided to you by your OpenID Connect identity provider.
If your OpenID Connect identity provider supports discovery, then you only need to enter the Client Id, Client Secret and Discovery base URL. If this is not available to you or discovery is not successful, you may also enter each endpoint manually .
Once you complete this configuration and save the form, you will need to restart NodeBB for the configuration to take effect.
| Field | Description |
|---|---|
| Client Id | The unique Client Id provided to you by your IdP. |
| Client Secret | The client secret provided to you by your IdP. In some cases this may not be provided to you if the IdP allows for non-confidential clients. |
| Discovery URL | When provided, this URL will be used to find the OpenID Connect discovery document. This URL will be appended with .well-known/openid-configuration. If this URL returns a JSON discovery document the remaining endpoints will be automatically resolved when you press the Save button. |
| Authorization endpoint | The fully qualified URL to the Authorization endpoint. |
| Token endpoint | The fully qualified URL to the Token endpoint. |
| Userinfo endpoint | The fully qualified URL to the Userinfo endpoint. |
| Logout endpoint | The fully qualified URL of the OpenID Connect logout endpoint. If configured, the browser will be redirected to this URL when you click logout in NodeBB. |
| Email claim | The name of the claim found in the response from the Userinfo endpoint that identifies the user's email address. This is generally email and is the default value. |
| Roles claim | If present, on login we will check this claim for the value "admin" and if present, give the user access to the admin panel. The claim value can either be a string or array of strings. Anything else will be treated as the user having no roles. |
This plugin will work with any OpenID Connect identity provider. If you are using FusionAuth, the values needed for this configuration will be found in your Application OAuth configuration. For more information, review the OAuth configuration tab of the Application configuration in the FusionAuth documentation.
If your provider requires a callback url then use https://<domain>/auth/fusionauth-oidc/callback
If you want to skip the login page and always use the configured OpenID Connect identity provider for authentication you will need to disable Login Login and Local Registration.
Manage > Privileges from the menuLocal Login column in the Group Privileges table
Settings > User from the menuUser Registration section and set Registration Type to No Registration
Once both Local Login and Local Registration have been disabled, the default login page will be skipped and the user will be automatically redirected to the OpenID Connect login page.
If you need to login locally you can manually add the following parameter /login?local=1 to your URL and you will be taken to the default login page.
If you make changes to the plugin you will need to rebuild and reload. You can do this manually or via the UI.
FAQs
Authenticate to FusionAuth or any OpenID Connect identity provider.
We found that nodebb-plugin-fusionauth-oidc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.