HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Jwt Sso


I am looking for an addon that will not disclose the authenticate url. I looked at the documentation and found a page talking about a JWT SSO addon, but I can't find it anywhere, does it still exist ?

I found another Github PR talking about an addon named Vanilla Connect, but again, I can't find it anywhere.

Background: We have a product (web application) that we sell to different customers (on premise). We would like to add a button in this product that will open our forum without the need to login (SSO). The user is already authenticated on the product. So the idea is that our product generates a JWT and send it to the forum, and the forum authenticates the user based on his email address and the valid JWT signature.

Could you please help ?

We are using Version 3.0.2


  • Does the Vanilla Forums jsConnect plugin suffice for your case?

  • Unfortunately no, because with jsConnect we need to configure each url in the administration, and this will create as many buttons on the login page :

    And we don't want to have 50 buttons on the login page.

Sign In or Register to comment.