0Auth2 user linking within Discourse

SSO
1

Occasionally a user will experience an issue where each time they attempt to login they are asked to setup a new Discourse account. This commonly happens either on legacy accounts which are just now logging back into Discourse, or they signed up with username and password and are now trying to login as OAuth. In the past to resolve this, their Auth0 OAuth2 credentials need to be linked to their user ID in Discourse by running the below command from rails console within the discourse instance:

PluginStore.set('oauth2_basic', 'oauth2_basic_user_google-apps|tony.danza@aol.com', {"user_id":7235})

The problem seems to be this is no longer sticking, in fact it returns =>True where previously it would return Ok. I am at a pry prompt where in the past I didn’t think that was the case. When I exit Pry it also removes me from Rails Console.

Any idea what may be occurring here? Thanks!

Leveraging this plugin: GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse

2

That command is outdated, now the plugin uses the user associations table.

1 Like
3

Can you share an example of the command that I will now run @Falco in replacement of it? Thank you for you help :bowing_man:

4

Following up for the latest command @Falco, thanks!

5

Any update or insight on the command @Falco?

6

This file shound give you an idea of how to construct the command you need:

https://github.com/discourse/discourse-oauth2-basic/blob/master/db/migrate/20190724055909_move_to_managed_authenticator.rb

1 Like
7

Sorry for the delay, I had to upgrade discourse before I tried again. I gave the change a shot but didn’t experience success. Below is the example of what I have since tried that return true.

[1] pry(main)> PluginStore.set('oauth2_basic', 'user_associated_accounts_google-apps|tony.danza@gmail.com', {"user_id":1234})
=> true
8

Following up on this topic, thanks for the help!

14

Damn you pinged me 7 times while I was on vacation…

Instead of using the PluginStore.set method, you need to create a new UserAssociatedAccount, like for example:

UserAssociatedAccount.create!(provider_name: 'oauth2_basic', provider_uid: 'google-apps|tony.danza@aol.com', user_id: 7235)
15

Sorry about that @Falco, we too have had a hard time when having Community members go on vacation and not being able to keep everyone in the loop. I hope you had a great vacation and I apologize.

I will give your suggestion a go tomorrow and share the results. Thank you again for your help :pray:

16

Hey there @Falco, following up on this front. When I try to run the above suggested command I receive the below:

root@ip-172-31-20-121-app:/var/www/discourse# rails c
NOTE: Inheriting Faraday::Error::ClientError is deprecated; use Faraday::ClientError instead. It will be removed in or after version 1.0
Faraday::Error::ClientError.inherited called from /var/www/discourse/plugins/discourse-github/gems/2.6.5/gems/octokit-4.14.0/lib/octokit/middleware/follow_redirects.rb:14.
[1] pry(main)> UserAssociatedAccount.create!(provider_name: 'oauth2_basic', provider_uid: 'google-apps|nico@auth0.com', user_id: 1722)
ActiveRecord::RecordNotUnique: PG::UniqueViolation: ERROR:  duplicate key value violates unique constraint "associated_accounts_provider_uid"
DETAIL:  Key (provider_name, provider_uid)=(oauth2_basic, google-apps|nico@auth0.com) already exists.
from /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-mini-profiler-1.1.3/lib/patches/db/pg.rb:69:in `async_exec_params'
Caused by PG::UniqueViolation: ERROR:  duplicate key value violates unique constraint "associated_accounts_provider_uid"
DETAIL:  Key (provider_name, provider_uid)=(oauth2_basic, google-apps|nico@auth0.com) already exists.

from /var/www/discours