Discourse OAuth2 Basic

I just got this to work with Authentik OAuth2, however there were some hiccups with the oauth2 user json url setting. I used the user_info endpoint of Authentik for that (/application/o/userinfo/), however I did not know how to map the fields. For anyone looking how to set up Discourse with Authentik’s OAuth2, here’s the summary:

  • User id path: preferred_username
  • Username path: preferred_username
  • Name path: name
  • Email path: email
  • Email verified path: email_verified
  • Avatar: empty.

I had the following issues:

  1. At the beginning, I forgot the trailing slash in the json url https://DOMAIN/application/o/userinfo/. This lead to the user info request (permalink to the source) to return a 301 HTTP code, which caused the login to fail. I do not know whether the trailing slash should be there by spec, but perhaps it would be good to handle 301 correctly.
  2. Debugging this turned out tricky. The oauth2 debug auth settings was a lifesaver but… Logster truncates the debug log before actually dumping the meaningful response data. I had to modify manually in the container the log line to
    log("user_json_response: #{user_json_response.status} #{user_json_response.headers} #{user_json_response.body}")
    
    Perhaps that log line could be updated? I guess it could help other people figure out the json attributes path.
3 Likes