Error using discourse-oauth2-basic plugin with NeonCRM

I’m trying to set up the discourse-oauth2-basic plugin so that our users can sign into our Discourse forum using their account credentials created and stored through NeonCRM.

A NeonCRM support tech explained to me that I can create the authorization URL manually using this format:

https://{{Org ID}}.z2systems.com/np/oauth/auth?response_type=code&client_id={{Client ID}}&redirect_uri={{Redirect URL}}

In Discourse, I set the following parameters for the plugin:

oauth2 client id: MY-CLIENT-ID
oauth2 client secret: MY-CLIENT-SECRET
oauth2 authorize url: https://MY-NEON-ID.z2systems.com/np/oauth/auth
oauth2 token url: https://www.z2systems.com/np/oauth/token

So I manually created this URL (which I censored):

https://MY-NEON-ID.z2systems.com/np/oauth/auth?response_type=code&client_id=MY-CLIENT-ID&redirect_uri=https://MY-FORUM.COM/auth/oauth2_basic/callback

And when I enter this URL in a browser, I get a Discourse page with the following message:

And my logs say:

(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Why?

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

So if I use this URL instead:

https://MY-NEON-ID.z2systems.com/np/oauth/auth?response_type=code&client_id=MY-CLIENT-ID&redirect_uri=https://MY-FORUM.COM/

(I removed the callback part at the end of my redirect_uri)

I actually make it to the NeonCRM login page, after which I enter my test user credentials and log in. I am then redirected to MY-FORUM.COM. But once I’m there I am not logged in at all. If I click on the “Login” button at the top of the page and click on the grey "login with OAtuh2: button, a new window opens with the following message:

And two errors show up in my logs:

ArgumentError (Invalid URI: )

/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon.rb:126:in `new’

and

Failed to handle exception in exception app middleware : Invalid URI:

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

This redirect_uri is wrong. You need to set it correctly for the flow to work.

In the plugin documentation it’s the first thing in the basic setup.

NeonCRM also documents how to set it on their docs

Thanks @Falco!

I did try to set the redirect_uri to:

https://MY-FORUM.COM/auth/oauth2_basic/callback

But that did not work, see my original post (which I just edited so it was less confusing, sorry if you missed it).

Is your forum running in HTTPS ?

Yes, it is @Falco.

Did you enable the force_https setting

@Falco, I found instructions to enable force_https, and I have set it to true.

Still get the same error though.

I’ve integrated the widget that NeonCRM suggests I use at the top of the forum (so you can try it yourself if you’d like) at

When I use the widget I get the same result as in my original post.

(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected