Discourse OAuth2 Basic

I have the exact same error as @qlands above.

My initial plan was to send the profile info in the token. Seeing it did not work, I stripped it down indenting to try the json approach. But it doesn’t even get to the point of calling the JSON file.

The error message is:

(oauth2_basic) Authentication failure! invalid_credentials: OAuth2::Error, {

Do you see anything wrong with the above reply?
Why would the plugin generate an invalid_credentials error while the OAuth2 server replied a 200 with a token?

I found the problem: the header was not set to “Content-Type: application/json”. And I can see it was the same for @qlands above.

The only remaining issue for me now is the same as @nodomain : the account is created successfully but the avatar is not included. Sample response:

Body: {
  "profile" : {
    "email": "...",
    "name": "...",
    "picture": "https://somedomain.com/somevalidpicture.jpg"

And it is correctly parsed, since it appears in the following log:

OAuth2 Debugging: after_authenticate response: 

creds: {"token"=>"...", "expires_at"=>1702053692, "expires"=>true}
uid: 1234
info: {"email"=>"...", "name"=>"...", "avatar"=>"https://somedomain.com/somevalidpicture.jpg"}
extra: {}

I checked that the picture address is correct, and it’s size is 300x300.

Any idea for that one?

Edit: someone just created an account, and it took the picture from Gravatar. Maybe the valid picture in the json gets overriden by a blank result from Gravatar?

Authentik as OAuth provider

I’m currently playing with Authentik and would like to ask if anyone else has any experience with it and discourse?

Unfortunately I haven’t found an official support document for discourse.

There are a lot of settings to mess around with :smiley:

Portainer has a much simpler implementation of OAuth.

Portainer, just for comparison: