HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

OAuth2 SSO register system

Hi I have a site created on laravel.I have setup the vanilla forums,but the forum is on a different domain.I want to register users to that forum programmatically. Means when a user is registered on my laravel site,I want to register that user on my forum site as well,with the same email and password he inserted for the registration on my laravel site,so that he does not have to register at the form site,he will just need to login to the forum using the same credentials.
I have come to know thats its possible using the OAuth SSO.
Can some one plz help how can I achieve this.I have not used Vanilla before.

Comments

  • LincLinc Detroit Admin

    Unless you are already using an OAuth2 authentication system, I suggest looking into jsConnect instead.

  • OK thank you for replying. I will check the jsConnect documentation and ask you if further guidance is required. Actually I am using the OAuth authentication,but thats for infusionsoft. I have not used OAuth for vanilla forum.

  • LincLinc Detroit Admin

    If you are already using OAuth2, I suggest enabling the OAuth2 plugin in the Dashboard and inputting your connection details. It may work out-of-the-box. If it doesn't, there may be some coding involved to get it working. OAuth2 isn't a narrowly defined spec so much as a protocol, so there are lots of variants on it. We just have a basic one in core.

  • Thank for the reply Linc.I have add the jsConnect plugin to my Vanilla Forum and enabled it as well.I have a question.My vanilla forum is on a different domain and my main site is on an other.The functionality required is that user comes to the main site first and login there,in his dashboard he has a link to the forum,when he clicks on the forum,he is redirected to my Vanilla forum site.But he should not be required to login there.He should be automatically logged in.If the user comes directly to forum,he sees nothing but a link to my main site.So that he can login and then use the forum site.I have downloaded the jsConnect php library.I have this code
    // 2. Grab the current user from your session management system or database here.
    $signedIn = true; // this is just a placeholder

    // YOUR CODE HERE.

    // 3. Fill in the user information in a way that Vanilla can understand.
    $user = array();

    if ($signedIn) {
    // CHANGE THESE FOUR LINES.
    $user['uniqueid'] = '123';
    $user['name'] = 'John PHP';
    $user['email'] = 'john.php@example.com';
    $user['photourl'] = '';
    $user['ip'] = "";
    $user['nonce'] = "";
    }

    // 4. Generate the jsConnect string.

    // This should be true unless you are testing.
    // You can also use a hash name like md5, sha1 etc which must be the name as the connection settings in Vanilla.
    $secure = false;
    writeJsConnect($user, $_GET, $clientID, $secret, $secure);

    Where should I put this code?On my main site or the forum site?

  • LincLinc Detroit Admin
    edited March 2018

    Your main site. Vanilla queries that endpoint using the user's session, so you can detect if they are logged in on the main site using your normal "is this user logged in?" check.

    Set that connection as the default (in Vanilla), then pass the user to forum.com/sso rather than the forum homepage. I strongly recommend doing this by adding /sso to LINKS to the forum that they'd click on rather than auto-redirecting the user, because auto-redirects can easily cause infinite loops if you're not very careful. That /sso will auto-trigger the connection, and land them on the homepage of the forum, signed in.

  • Thank for the reply.I have placed the authentication url in the jsconnect's connection and placed the authentication code on my main site for the url which I have added in the jsConnect Connection.So on my main site currently for just testing,I am not checking for the logged in user and just put this code for a dummy user
    $user = array();
    $signedIn = true;
    if ($signedIn) {
    // CHANGE THESE FOUR LINES.
    $user['uniqueid'] = '123';
    $user['name'] = 'John PHP';
    $user['email'] = 'john.php@example.com';
    $user['photourl'] = '';
    $user['ip'] = "";
    $user['nonce'] = "";
    }

    // 4. Generate the jsConnect string.

    // This should be true unless you are testing.
    // You can also use a hash name like md5, sha1 etc which must be the name as the connection settings in Vanilla.
    $secure = false;
    writeJsConnect($user, $_GET, $clientID, $secret, $secure);

    with proper clientid and secret.
    And I have enabled the auto connect.But still when I load the forum site in the browser,it still does not auto connect using this authentication url and code which I provided

  • HameedHameed New
    edited March 2018

    And when I pass to my frum site with /sso I get this error "
    Something has gone wrong.

    We've run into a problem and are unable to handle this request right now.
    Please check back in a little while.
    "

  • When I load my authentication url directly I get undefined index ip and undefined index nonce error as well.I guess this will be provided by the vanilla when it hits my
    authentication url

  • Hi I have fixed the issue now.When user clicks on the forum button on the main site.It takes them to myforum.com/sso then the user is successfully logged in the forum site.Now I want to restrict a user who comes directly to the forum site and is not logged in to the main site,then on the forum site he should see a page with the message access denied and a link to the main site.How can I achieve it?Plz help Thank you

  • Hi I have fixed all the issues.I have applied the complete functionality what I wanted.Now I have just one question,actually I have two sites,so I have two different forums for these two sites.On one site the the functionality is working fine, I initially applied the jsConnect in test mode and then disabled the test mode and its still working fine. But for the other site when I remove the test mode and try to login the user to the forum site using jsConnect,the user is taken to the forum site but an error is displayed, Invalid ip address and the user is not logged in.But its working fine in test mode. Can you help me with this plz. Should I keep it in test mode,I dont know whats the purpose of the test mode,is it just less secure? As its working fine so there is a option that I can keep it in test mode. Or how can I fix the 'invalid ip address' error,so that I can disable the test mode?

Sign In or Register to comment.