My client has an Umbraco 13 website, hosted on Umbraco Cloud. They have an internal developer who has developed an SPA tool using node.js. They would like for the website to manage members who will then have access to the tool. I am wondering if it would be possible for the external node.js site to access information from the Umbraco site about a member’s logged-in status, and other related info, perhaps via an API endpoint I set up on the Umbraco site?
Example:
Member 1234 logs into the Umbraco website, and is directed to a page with a link which points to the Node site (ex: “https://TOOLS.WEBSITE.COM/TheTool?Member=1234”)
The Node app makes a call to “https://WEBSITE.COM/API/CheckMember?ID=1234” which then returns a JSON blob with info about the member, based on the ID number. (Would we be able to provide a “logged-in” value of True/False considering this is not in the same “session”?)
Sounds like you’d be better off implementing External SSO for the umbraco site, and use the same provider for the node.js site? (passing your data in the returned claims rather than json blobs)
If SSO is needed for multiple sites, it’s recommended to use a dedicated OpenID Connect identity provider (e.g. IdentityServer, Azure AD) and configure Umbraco and other sites as clients to that provider.Umbraco itself does not natively act as an OpenID Connect (OIDC) provider for other sites. It is designed to act as an OIDC client, meaning it uses external OIDC identity providers (such as IdentityServer, Azure AD, Auth0) to authenticate users for the Umbraco backoffice or website members.umbraco+2
Thus, Umbraco can consume OpenID Connect authentication but cannot typically function as an OpenID Connect identity provider for other applications without custom implementation.
So, to clarify, the node.js site would need to have it’s own login functionally, and the Umbraco site would also have it’s own login functionality, but both utilizing the same third party Open ID provider for the authentication?
And in that case, if there was additional data being store about member properties and roles/permissions on the Umbraco site, that data could be securely passed to the node.js site?
I wouldn’t go as far as expertise..
But yes each has it’s own login, but that is using the external SSO in both cases, so if logged in on one you are logged in on the other, via the authentication cookie.
Depending on how much member property data you are talking about, and if it’s only asp.net identity concerns then you could elevate that into the external SSO, and pass via claims.
Alternatively, though not tried this or indeed if it’s correct, using the bearer token from the node.js site should allow you to talk to a memberAuthorised umbraco controller to fetch data (AJAX) from the umbraco site.
The JWT code from Warren, looks like a possibility also, Though perhaps it is assuming the login UI is on the external site, and then it is just passing the data back to the Umbraco site for validating.
Since the requirement is for the Umbraco site to handle the member UI (login,logout, etc), it might take a combination of those approaches in order to make it work.
Seems I’d need to do some testing to figure out the best way you get the two sites talking to each other.
A bunch of SSO providers will handle the UI of login, logout and registration. For instance https://auth0.com/ will handle those for you. I’m not sure if that satisfies the requirement but it’s at least a single UI for both.