Integrating AWS Cognito Authentication with NodeBB API (No NodeBB UI)
-
Hi community,
I’m using AWS Cognito for authentication (sign up and login) across my project, and all user management is centralized there.
Now I want to integrate NodeBB, but I do not want to use NodeBB’s UI for login/registration. Instead, I want to:
-
Continue using AWS Cognito for user registration and login.
-
Expose a common backend service (API) that my other modules (and NodeBB) can use for authentication.
-
Use only the NodeBB APIs (not the UI) to handle sessions, topics, posts, etc.
I’m a bit unsure about the correct approach here:
-
Can NodeBB rely fully on Cognito for authentication while I interact with NodeBB only through its APIs?
-
How should I map Cognito users to NodeBB users (e.g., using Cognito’s sub as the NodeBB uid)?
-
Should I use the session-sharing plugin, or is it better to build a custom integration for Cognito?
-
What’s the recommended way to keep NodeBB users in sync with Cognito users if I bypass the UI?
Has anyone implemented this kind of API-only integration with Cognito and NodeBB? Any best practices or guidance would be much appreciated.
Thanks!
-
-
Hi community,
I’m using AWS Cognito for authentication (sign up and login) across my project, and all user management is centralized there.
Now I want to integrate NodeBB, but I do not want to use NodeBB’s UI for login/registration. Instead, I want to:
-
Continue using AWS Cognito for user registration and login.
-
Expose a common backend service (API) that my other modules (and NodeBB) can use for authentication.
-
Use only the NodeBB APIs (not the UI) to handle sessions, topics, posts, etc.
I’m a bit unsure about the correct approach here:
-
Can NodeBB rely fully on Cognito for authentication while I interact with NodeBB only through its APIs?
-
How should I map Cognito users to NodeBB users (e.g., using Cognito’s sub as the NodeBB uid)?
-
Should I use the session-sharing plugin, or is it better to build a custom integration for Cognito?
-
What’s the recommended way to keep NodeBB users in sync with Cognito users if I bypass the UI?
Has anyone implemented this kind of API-only integration with Cognito and NodeBB? Any best practices or guidance would be much appreciated.
Thanks!
balu Why are you planning to have the user step through Cognito for authentication if you're not intending to use the NodeBB frontend at all?
If you already have the Cognito user, you could use the NodeBB API (using a master token) to create a user, and store your own association between the cognito id and the nodebb uid.
Then just keep using the master token to make calls on behalf of whichever user. Use the
?_uid=parameter to distinguish calls between different users. -
-
julian Thank you for the clarification.
I am using React.js for my frontend, and the NodeBB forum is just one module inside my overall project.
I understand now that I can use the master token + ?_uid= approach to call the NodeBB APIs directly, and maintain my own mapping between the Cognito sub and the NodeBB uid.
I was initially looking at the session-sharing plugin, but since I am not using the NodeBB frontend at all, I think the create-user API + master token flow might be a cleaner solution for me.
Could you please confirm if in my case hitting the create-user API and maintaining the mapping is better than trying to wire up session-sharing?
-
julian Thank you for the clarification.
I am using React.js for my frontend, and the NodeBB forum is just one module inside my overall project.
I understand now that I can use the master token + ?_uid= approach to call the NodeBB APIs directly, and maintain my own mapping between the Cognito sub and the NodeBB uid.
I was initially looking at the session-sharing plugin, but since I am not using the NodeBB frontend at all, I think the create-user API + master token flow might be a cleaner solution for me.
Could you please confirm if in my case hitting the create-user API and maintaining the mapping is better than trying to wire up session-sharing?
balu it's what I would do. Doesn't necessarily mean it's the right approach but simpler is better.
