Search code examples
single-sign-onforumphpbbvbulletinphpbb3

website forum with same users and single sign on. How?

  1. we have a web service with its own authentication system (not any of the widespread CMSs - the custom one)
  2. we want it to have a forum
  3. however, we want the forum to use the same user logins and other data, e.g. who is admin and who's not, how many 'stars' you've got and so on
  4. we don't want to build forum solution ourselves - instead we want to use some well-known engines like phpBB, vBulletin or similar. Hosted solutions are also an option.

we failed to find any "plug-and-play" solution for this, supposingly widespread, problem. So what's the right way to approach it?

Solution

  • Assuming the forum is on a subdomain: pass a unique authentication token from your main site to your forum to authenticate users when they visit the forum.

    The most fashionable way to accomplish this is by using JSON Web Tokens (JWT) which you read about here: http://jwt.io/ in conjunction with a javascript callback from the forum to the main site to check the user's status (e.g. is the user logged in to the main site).

    Some hosted forum solutions support SSO right out of the box or with minimal work. Here are two examples:

    https://vanillaforums.com/features/single-sign-on

    http://www.ninjapost.com/single-sign-on/