User account password question

[jremi]

Hi Julian,

The plugin is working great and I was able to come up with a solution for my cross domain cookie issue. That is all sorted out....

My question is more related to best practice....

If external app sends a new session share to the nodebb and I store the cookie and the account is auto-generated the user is auto logged into the nodebb with the new account. All of this works great. However, if for some reason the cookie is destroyed the user cannot re-authenticate since no password was ever generated from directly within nodebb.

So my question is more about best practices for setting a password on a new auto generated account in nodebb due to a session sharing.

For example: I went into the new users account and attempted to set a password, but that does not seem to work.

Would they do a password reset email and then set it?

Just trying to understand your thought (best practice) on that aspect of the session share.

Maybe they would just go back to the primary app that shared the session and "re-initiate" a new session share to get a new cookie re-created... I'm just trying to understand what the user would do who is now transferred to the nodebb and does not know the password for there account since they are already in a authenticated session due to the cookie.

Thanks again,

[julianlam]

Your shared cookie should contain a unique ID that is associated with that user. If they want to log in again, they'll log in via your app that will give them that cookie, and they will be logged back into that same account.

The idea is to remove the need to log in via the username/password page.