[Support Request]: Options to athenticate the user via another service #2446

New Issue

OVERLORD · 2026-02-05T04:10:18+03:00

OVERLORD commented

2026-02-05 04:10:18 +03:00

Originally created by @TheXires on GitHub (Oct 20, 2021).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Heyy,
is it possible to extend the Bookstack wiki with (e.g.) a nodejs api, so that a login can be done through it?

Specifically, I have an application in which I create users and manage them. However, now I want these users to also have access to the Bookstack wiki without having to register or log in separately. My application knows both the user name and password and should simply forward the user to the web browser via a link.

I could do the registration without any problems by having my api access the same database and create a user. With this user I can then log in without problems via the web interface.

The login works so far that I can check if a user exists and if the correct password was given. From there I would have to redirect to the browser and give a cookie or something so that Bookstack Wiki recognizes the user as logged in. But I don't understand how the login works exactly.

The problem is that I don't know Laravel nor PHP. Various tutorials on how to set up something similar with a fresh laravel project, I could not get working on the existing bookstack project.

Is there perhaps a solution to the problem or is it not possible in such a way? My guess was to simply generate a cookie or token with my API in the same way as bookstack does and pass it to my program, which then passes this cookie or token to the browser, but i did not get that working.

Exact BookStack Version

21.08.5

Log Content

No response

PHP Version

7.4 from dev docker file

Hosting Environment

using the official dev docker-compose file from github, added with my own nodejs api

Originally created by @TheXires on GitHub (Oct 20, 2021). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Heyy, is it possible to extend the Bookstack wiki with (e.g.) a nodejs api, so that a login can be done through it? Specifically, I have an application in which I create users and manage them. However, now I want these users to also have access to the Bookstack wiki without having to register or log in separately. My application knows both the user name and password and should simply forward the user to the web browser via a link. I could do the registration without any problems by having my api access the same database and create a user. With this user I can then log in without problems via the web interface. The login works so far that I can check if a user exists and if the correct password was given. From there I would have to redirect to the browser and give a cookie or something so that Bookstack Wiki recognizes the user as logged in. But I don't understand how the login works exactly. The problem is that I don't know Laravel nor PHP. Various tutorials on how to set up something similar with a fresh laravel project, I could not get working on the existing bookstack project. Is there perhaps a solution to the problem or is it not possible in such a way? My guess was to simply generate a cookie or token with my API in the same way as bookstack does and pass it to my program, which then passes this cookie or token to the browser, but i did not get that working. ### Exact BookStack Version 21.08.5 ### Log Content _No response_ ### PHP Version 7.4 from dev docker file ### Hosting Environment using the official dev docker-compose file from github, added with my own nodejs api

OVERLORD added the 🐕 Support label 2026-02-05 04:10:18 +03:00

OVERLORD closed this issue

2026-02-05 04:10:20 +03:00

OVERLORD commented

2026-02-05 04:10:25 +03:00

@ssddanbrown commented on GitHub (Oct 20, 2021):

Hi @TheXires,
There's no way to automatically authenticate a browser-visiting user from an external system/application at this time. It's probably not something we'd offer as it is not very desired, will likely be quite specific to the scenario thus require configuration, and it'll likely have some security concerns by introducing such an option.

I'd suggest the following potential options:

Delegate authentication for both applications to a standardised authentication service. BookStack supports LDAP/SAML2 and will soon support OIDC. Services & platforms like keycloak/okta/Auth0 can support providing these mechanisms. If your NodeJS application also supported these then authentication can primarily be done via those to provide a one-click-login on the app and on BookStack.
You could extend BookStack via the logical theme system to handle some kind of custom request. There's an example here of using this system to auto-authenticate via a HTTP header provided on a request. You'd need to ensure your logic is secure to prevent opening up potential holes in the system.

My guess was to simply generate a cookie or token with my API in the same way as bookstack does and pass it to my program, which then passes this cookie or token to the browser

It would likely be problematic attempting to do this. Achieving the right cookie format, on the right domain with the right properties would be tricky. Additionally it's not something I'd seem as stable so would likely often break upon update.

@ssddanbrown commented on GitHub (Oct 20, 2021): Hi @TheXires, There's no way to automatically authenticate a browser-visiting user from an external system/application at this time. It's probably not something we'd offer as it is not very desired, will likely be quite specific to the scenario thus require configuration, and it'll likely have some security concerns by introducing such an option. I'd suggest the following potential options: - Delegate authentication for both applications to a standardised authentication service. BookStack supports LDAP/SAML2 and will soon support OIDC. Services & platforms like keycloak/okta/Auth0 can support providing these mechanisms. If your NodeJS application also supported these then authentication can primarily be done via those to provide a one-click-login on the app and on BookStack. - You could extend BookStack via the [logical theme system](https://github.com/BookStackApp/BookStack/blob/master/dev/docs/logical-theme-system.md) to handle some kind of custom request. There's [an example here](https://github.com/BookStackApp/BookStack/pull/2289#issuecomment-857164663) of using this system to auto-authenticate via a HTTP header provided on a request. You'd need to ensure your logic is secure to prevent opening up potential holes in the system. > My guess was to simply generate a cookie or token with my API in the same way as bookstack does and pass it to my program, which then passes this cookie or token to the browser It would likely be problematic attempting to do this. Achieving the right cookie format, on the right domain with the right properties would be tricky. Additionally it's not something I'd seem as stable so would likely often break upon update.

OVERLORD commented

2026-02-05 04:10:28 +03:00

@TheXires commented on GitHub (Oct 20, 2021):

Thanks for your quick reply and suggestions. I will look at them more closely and see if I come to a solution.

@TheXires commented on GitHub (Oct 20, 2021): Thanks for your quick reply and suggestions. I will look at them more closely and see if I come to a solution.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2446