Integrating AWS Cognito Authentication with NodeBB API (No NodeBB UI)
-
Hi community,
I’m using AWS Cognito for authentication (sign up and login) across my project, and all user management is centralized there.
Now I want to integrate NodeBB, but I do not want to use NodeBB’s UI for login/registration. Instead, I want to:
-
Continue using AWS Cognito for user registration and login.
-
Expose a common backend service (API) that my other modules (and NodeBB) can use for authentication.
-
Use only the NodeBB APIs (not the UI) to handle sessions, topics, posts, etc.
I’m a bit unsure about the correct approach here:
-
Can NodeBB rely fully on Cognito for authentication while I interact with NodeBB only through its APIs?
-
How should I map Cognito users to NodeBB users (e.g., using Cognito’s sub as the NodeBB uid)?
-
Should I use the session-sharing plugin, or is it better to build a custom integration for Cognito?
-
What’s the recommended way to keep NodeBB users in sync with Cognito users if I bypass the UI?
Has anyone implemented this kind of API-only integration with Cognito and NodeBB? Any best practices or guidance would be much appreciated.
Thanks!
-
-
Hi community,
I’m using AWS Cognito for authentication (sign up and login) across my project, and all user management is centralized there.
Now I want to integrate NodeBB, but I do not want to use NodeBB’s UI for login/registration. Instead, I want to:
-
Continue using AWS Cognito for user registration and login.
-
Expose a common backend service (API) that my other modules (and NodeBB) can use for authentication.
-
Use only the NodeBB APIs (not the UI) to handle sessions, topics, posts, etc.
I’m a bit unsure about the correct approach here:
-
Can NodeBB rely fully on Cognito for authentication while I interact with NodeBB only through its APIs?
-
How should I map Cognito users to NodeBB users (e.g., using Cognito’s sub as the NodeBB uid)?
-
Should I use the session-sharing plugin, or is it better to build a custom integration for Cognito?
-
What’s the recommended way to keep NodeBB users in sync with Cognito users if I bypass the UI?
Has anyone implemented this kind of API-only integration with Cognito and NodeBB? Any best practices or guidance would be much appreciated.
Thanks!
balu Why are you planning to have the user step through Cognito for authentication if you're not intending to use the NodeBB frontend at all?
If you already have the Cognito user, you could use the NodeBB API (using a master token) to create a user, and store your own association between the cognito id and the nodebb uid.
Then just keep using the master token to make calls on behalf of whichever user. Use the
?_uid=parameter to distinguish calls between different users. -
-
julian Thank you for the clarification. 🙏
I am using React.js for my frontend, and the NodeBB forum is just one module inside my overall project.
I understand now that I can use the master token + ?_uid= approach to call the NodeBB APIs directly, and maintain my own mapping between the Cognito sub and the NodeBB uid.
I was initially looking at the session-sharing plugin, but since I am not using the NodeBB frontend at all, I think the create-user API + master token flow might be a cleaner solution for me.
Could you please confirm if in my case hitting the create-user API and maintaining the mapping is better than trying to wire up session-sharing?
-
julian Thank you for the clarification. 🙏
I am using React.js for my frontend, and the NodeBB forum is just one module inside my overall project.
I understand now that I can use the master token + ?_uid= approach to call the NodeBB APIs directly, and maintain my own mapping between the Cognito sub and the NodeBB uid.
I was initially looking at the session-sharing plugin, but since I am not using the NodeBB frontend at all, I think the create-user API + master token flow might be a cleaner solution for me.
Could you please confirm if in my case hitting the create-user API and maintaining the mapping is better than trying to wire up session-sharing?
balu it's what I would do. Doesn't necessarily mean it's the right approach but simpler is better.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
-
10 members of the new York state parliament arrested by trump' ICE squads
https://www.amny.com/news/brad-lander-jumaane-williams-nyc-officials-arrested-ice/they were looking to inspect the cells where, as they have the right to
-
10 parlamentari dello stato di New York arrestati dalle camice trumpiane dell"ICE
https://www.amny.com/news/brad-lander-jumaane-williams-nyc-officials-arrested-ice/
volevano visitare le celle, come è loro prerogativa
-
Un' alba silenziosa , infuocata e dai colori un po' confusi...
-
Rischi chimici: come arrivare ad una adeguata valutazione dei rischi?
@lavoro
https://www.puntosicuro.it/valutazione-dei-rischi-C-59/rischi-chimici-come-arrivare-ad-una-adeguata-valutazione-dei-rischi-AR-25691/
Quali sono i punti qualificanti di un DVR? Quali sono le criticità? Come censire gli agenti chimici e misurare l'esposizione? Ci sono strumenti per le aziende? Ne parliamo con Emma Incocciati, Pasquale Desideri e Giovanna Ricupero (CTSS, Inail).
-
@kappazeta@mastodon.bida.im
uhm...nel post mi riferisco specificamente a quelle discussioni che vanno più o meno cosi:
- persona 1 esprime opinione
- persona 2 esprime opinione contraria
- persona 1 argomenta
- persona 2 non avendo evidentemente argomenti propri butta lì "tizio nel libro tale scrive così, leggitelo."
- persona 1 ovviamente non ha modo di controbattere se non leggendo tutto il libro per contestualizzare la citazione ed eventualmente farne una critica.
A questo punto la discussione muore e apparentemente chi ha messo lì la citazione ha dato un argomento definitivo.
-
Pane e nutella pucciato nel caffelatte. E buongiorno a me.
-
@FIABSegrateCiclabile @milano
La graziella blu è fantastica
