68 comments found.
Hi there, Any update soon?
new update will be release in 48 hours. now, still awaiting for approval.
This seems to be exactly what i need. How much for you to install it?
the documentation to install is available at here > https://opensso.nanowebdev.eu.org. If you need help, contact me aalfiann@gmail.com.
Is this platform dead,?
no its still active development
I tried to inbox you, about installation and setup, for Laravel, php and react, is this possible?
sorry brother, I don’t see your email, can I know your email?
yes, its possible, I have an example how to setup using platform laravel, php and react.
This is great, would you be bale to help do a setup? and anyway to contact you direct for help
send email directly with your email to aalfiann@gmail.com.
I have multiple platforms, and I am in need of this type of solution to run on user login, however they will run on subdomains, is this possible? How much for installation?
Hi, I am interested in purchasing this code. Can you do some customisation to add MongoDB Atlas as the database.How much you will charge ? Thanks, Navjeet Singh Nayyar
let’s talk about this to my email aalfiann@gmail.com
Nice Product!
Q: Hi. How to connect an existing app deployed only on cpanel and cannot rebuild the app etc.? Please give details so i can understand what needs to be done exactly and the workflow using your app. Thanks
1. This script is working well with cPanel, I can help you if you can’t build this inside cPanel.
2. Please read this >> https://opensso.nanowebdev.eu.org/docs/guides/integration
it will explain your question in details also there is a example working script (multiple frameworks) to login, authentication and logout.
Hello. I want to buy this script, but I have not how many questions: - Is there any API documentation for other sites integrated to this system? - Is it possible to install this system on Auth.domain.com subdomain? - so that nasal subdomains are different projects, such as Travel.domain.com, Blog.domain.com, Users Unified Auth Authorization
Can be realized?
1. yes, the documentation is here >> https://opensso.nanowebdev.eu.org
2. yes, it can be done to deploy this script into sub domain.
Hello,
I noticed that the GET /api/user/profile/<username> endpoint does not seem to be protected with an X-Token. Since it returns data from the users table (excluding the password field), shouldn’t it have some form of protection?
Hi,
Yes, that API was created for public purpose, so it doesn’t need any protection like x-token header.
in current version there is no way to disable it, but there is workaround,
edit file at src/routes/user.js, then give comment from line 1313 – 1355.
or find code like this
server.get(’/api/user/profile/:username’, {
if you can’t find it, just email me, I’ll help you.
Does this system function like Google Social Login?
We have seven different websites plus mobile apps, and I want to integrate this system into my platform. However, I don’t want to display “Sign in with Google” directly on any of these sites. Instead, I want the authentication process to show “Sign in with mydomain.com.”
If a user clicks “Create New Account,” they should be redirected to a dedicated directory website (which hosts this script). Only on that site will they see the “Sign in with Google” option. Once the user completes the sign-in process there, they should be redirected back to the mobile app to log in using their newly created credentials.
- Does this system natively support this authentication flow, or would modifications be required?
- Does it support deep linking for seamless redirection back to mobile apps?
Customization & Third-Party Integration
I’m interested in integrating biometric face and ID card verification using a third-party provider.
- Does the script provide hooks or APIs to extend authentication methods?
- Would it be possible to implement multi-factor authentication (MFA) as an additional security layer?
- Does the script support WebAuthn for biometric authentication?
Super Admin Control & Data Permissions
For developers: Does the Super Admin panel include a GUI feature to limit the data any website can collect from users? For example, if I integrate another website into this system and require additional user parameters such as:
- Date of birth
- Mother’s name
- Father’s name
Can the Super Admin control access to these fields to protect sensitive user data?
- Can user permissions be customized per website (e.g., one site requests name & email, while another site requests full profile details)?
- Does the system provide logs or analytics to track which websites have accessed user data?
- Is there a way to notify users when a third-party site requests additional personal information?
Security & Compliance
Given that authentication and sensitive user data are involved:
- Does this script comply with GDPR, CCPA, or other privacy regulations?
- Does it support OAuth 2.0 and OpenID Connect for secure authentication?
- What encryption methods are used to protect stored and transmitted user data?
Hi,
Sorry for the late response.
by the way, thanks for asking many questions for OpenSSO.
1. I don’t want to display “Sign in with Google”
Yes, as default the login form ui is not using Sign in with Google or whatever third party social login. you can use OpenSSO login to connect directly for all your apps.
2. Does this system natively support this authentication flow, or would modifications be required?
Yes, once you successfully login using OpenSSO login page, it will redirect to your apps with the generated token. what you would do the next is just validate the token is it valid or not.
modification might be required if you have an additional flow. i.e OTP, etc.
3. Does it support deep linking for seamless redirection back to mobile apps?
as default there is no deep linking. but it doesn’t mean you can’t use OpenSSO login without deep linking, I did many flutter projects using OpenSSO and it works.
4. Does the script provide hooks or APIs to extend authentication methods?
No
5. Would it be possible to implement multi-factor authentication (MFA) as an additional security layer?
MFA already implemented, by OTP via email and/or TOTP Authenticator.
6. Does the script support WebAuthn for biometric authentication?
Not yet
7. Does the Super Admin panel include a GUI feature to limit the data any website can collect from users?
No, you have to modify this by yourself.
8. Can user permissions be customized per website (e.g., one site requests name & email, while another site requests full profile details)?
No, you have to modify this by yourself.
9. Does the system provide logs or analytics to track which websites have accessed user data?
No, you have to modify this by yourself.
10. Is there a way to notify users when a third-party site requests additional personal information?
No, you have to modify this by yourself.
11. Does this script comply with GDPR, CCPA, or other privacy regulations?
yes, OpenSSO collect only email. OpenSSO do not collect user information unless they do so with their consent in their profile and they could delete their account at anytime.
12. Does it support OAuth 2.0 and OpenID Connect for secure authentication?
yes, OpenSSO follow the JWT standard for Oauth 2.0 as describe in RFC7519 and RFC9068.
OpenID Connect and OpenID Connect Provider is currently not supported. but I have plan to deliver this in the future (No ETA).
13. What encryption methods are used to protect stored and transmitted user data?
as default is HMAC and RSA256, but you can use other than this through configuration,
For more information, please see >> https://opensso.nanowebdev.eu.org/docs/guides/integration
impressive.. how much would it cost to implement some of these features and also is it possible to collect users id photo?..
no, opensso doesn’t have upload photo feature, but it uses their gravatar email or google mail.
I’m sorry, currently I’m not available for custom work.
Hello friend. Is it possible to use this software for integration with Active Directory (SAML)?
hi, currently this version doesn’t support SAML.
Not now, but I have plan it.
Hello Author,
I wonder why my website you installed is now not working.
Please check it for me.
Ok, send the details to my email aalfiann@gmail.com
Thank you very much for your help.
Hello, how to using this script for authentication Mobile App?
Hi,
There is two ways,
1. Use SSO URL (required browser) >> https://opensso.nanowebdev.eu.org/docs/guides/integration
2. Use API >> https://opensso.nanowebdev.eu.org/docs/category/api
You can learn from this example / starter template >> https://opensso.nanowebdev.eu.org/docs/guides/integration#example-or-starter-template
In login page of SSO : I see function : function continueUser() { location.href = ’< =it.callback_url >?token=’ + getToken(); } Not security, better than if using POST method, do you thing about that? Some body have token value they can access other app…
API function /api/auth/verify always success, include when user logout or user de-active account . Do you think is problem?
it’s okay, because JWT in OpenSSO has default 8 hours to expire.
Hello, I have some questions: a) This software builds a user database independent of the systems that it will allow to make a single login?
b) What happens then with the user databases of each system and its user administration logic where it will provide a single login? That is, apart from registering users in your software, must they also register in the logic and business rules of each system where it is embedded? How can this be done? Does it mean that each system must register its own user and also in your software?
c) Do you have any documentation of use? Thank you.
Hi,
1. Yes, OpenSSO has independent user database. this will allow you to migrate or separate user into another service like how microservices works.
2. Yeah, that’s correct. OpenSSO only authenticate user. if your user wants to use the centralized login (SSO), it must registered first in OpenSSO. For more details please see >> https://opensso.nanowebdev.eu.org/docs/guides/integration
3. Yes absolutely we have documentation. Please read here >> https://opensso.nanowebdev.eu.org/
presales question, how about mobile number sign in?
currently is not supportted, opensso using an email address or username only for sign in.
Hello,
I have a VPS running aaPanel, and I’m having trouble putting Open SSO online correctly. Do you have any step-by-step guide on how to implement it?
I have already followed the tips on the website https://opensso.nanowebdev.eu.org/docs/get-started and the guide provided in the project. I do everything as instructed, but when I try to access the site, I get the following message:
{message, Something went wrong!”,error read properties of undefined (reading ‘forEach’)”,statusCode}
There is no a spesific guide for aaPanel.
But, I can try to setup OpenSSO to your aaPanel. If you don’t mind, just send the detail information via email aalfiann@gmail.com
when i try to activate the account via email i get this messsage: {message GET:/api/user/activation not found!”,statusCode Found”}
can we talk private via email? I need more information about this. thank you
Hello, i need to add a new i role called premium, is there any way i can add it? also i want to have the ability to change the role of the user from the admin dashboard. Thank you
not now,
but already on my list update.
is it possible to enable social media login ?
Still working on this, it will possible in the next version release.
when you plan to release ?
no ETA, but I’ll make sure not longer than 6 months for update periods.
Great , Thank you
sorry, forgot to tell you that the social logins now has been added in version 1.6.
ohh , thank you very much
Pre-sales question:
We currently have a toolkit of over 20 applications, including one Joomla 4 application and others built with Laravel, CodeIgniter, and Node.js. For each application, we create separate user accounts, requiring multiple logins, password storage, and frequent re-authentication due to session timeouts.
How can your application be integrated to enable automatic login for users across all these applications?
Hi
It would be very long if I explain everything in this comment.
So please read at here >> https://opensso.nanowebdev.eu.org/docs/guides/integration
Thanks
