I think I’ll start by erasing our current Droplet and set it up from scratch again since this docker was set up a few years back. I’ll report back when I have done that and tested it.
2 个赞
Sounds like a good plan. For most communities we recommend sticking to the default tests-passed branch, because it gives you the latest and greatest Discourse features and bug fixes. There have been a lot of changes to authentication since the last stable release, so you might find things start working by themselves.
3 个赞
@david, I’ve taken the time to take another go at it today. I am now using a fresh Discourse install (latest on stable-passed, as you suggested).
I’ve set up Oauth2 using the plugin, just like before with the following settings:
oauth2 client id: MY-CLIENT-ID
oauth2 client secret: MY-CLIENT-SECRET
oauth2 authorize url: https://MY-NEON-ID.z2systems.com/np/oauth/auth
oauth2 token url: https://www.z2systems.com/np/oauth/token
If I use the manually formatted URL, I get this (which is new):
Authorization timed out, or you have switched browsers. Please try again.
And the usual error in the logs:
(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
On the other hand, if I use the OAuth2 button in the Discourse login window, I get:
Oops
The software powering this discussion forum encountered an unexpected problem. We apologize for the inconvenience.
Detailed information about the error was logged, and an automatic notification generated. We'll take a look at it.
1 个赞
I also get the following errors logged in /logs:
ArgumentError (Invalid URI: ) /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.71.0/lib/excon.rb:126:in `new'
and
Failed to handle exception in exception app middleware : Invalid URI:
1 个赞
@david I tried your earlier suggestion regarding setting oauth2_user_json_url and disabling oauth2_fetch_user_details, and I got a bunch of (new) errors after trying it:
ActiveRecord::NotNullViolation (PG::NotNullViolation: ERROR: null value in column “provider_uid” violates not-null constraint
DETAIL: Failing row contains (1, oauth2_basic, null, null, 2019-12-19 01:00:49.076659, {}, {“token”: “9607”, “expires”: false}, {}, 2019-12-19 01:00:49.077107, 2019-12-19 01:00:49.077107).
)
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-mini-profiler-1.1.4/lib/patches/db/pg.rb:69:in `async_exec_params’
Failed to handle exception in exception app middleware : PG::NotNullViolation: ERROR: null value in column “provider_uid” violates not-null constraint
DETAIL: Failing row contains (1, oauth2_basic, null, null, 2019-12-19 01:00:49.076659, {}, {“token”: “9607”, “expires”: false}, {}, 2019-12-19 01:00:49.077107, 2019-12-19 01:00:49.077107).
And of course the usual:
(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
However I noticed in this last one (CSRF Detected) that in the env tab, it says:
hostname forum-app
process_id 762
application_version db7d00a8dce2cc1f7b9d86192cde1f55dd57408b
HTTP_HOST forum.efao.ca
Is it normal for the hostname to not match the HTTP_HOST name? Could that be why I get CSRF error?
1 个赞
嘿,Denis,
有进展吗?
我遇到了同样的错误:
ActiveRecord::NotNullViolation (PG::NotNullViolation: 错误:列 “provider_uid” 中的空值违反了非空约束
你是怎么解决的?
谢谢,
Beam
1 个赞
Denis 和我发现 NeonCRM 并没有真正遵循 OAuth2 规范……他们把 user_id 放在 access_token 变量中发送,但这不能用作实际的访问令牌。
因此,你需要禁用 oauth2_fetch_user_details,并将 oauth2_callback_user_id_path 设置为 token(不是 access_token,因为 oauth2 Ruby 库在内部使用时会重命名它)
这样设置后,功能应该可以正常运行,但无法获取用户的邮箱和姓名。
嘿,Denis,
我使用的是 Mattermost,所以表现有所不同。
不过,你的信息让我更仔细地查看了设置,现在它已经可以正常工作了,谢谢!!
以下是我将 Mattermost 配置为 OAuth2 提供商以对接 Discourse 的设置:
供搜索引擎检索的文本设置:
oauth2 client id: <来自 Mattermost OAuth2 提供商设置的客户端 ID>
oauth2 client secret: <来自 Mattermost OAuth2 提供商设置的客户端密钥>
oauth2 authorize url:https://chat.animalrebellion.org/oauth/authorize
oauth2 token url:https://chat.animalrebellion.org/oauth/access_token
oauth2 token url method: POST
oauth2 callback user id path:
oauth2 callback user info paths
oauth2 fetch user details: 已勾选
oauth2 user json url:https://chat.animalrebellion.org/api/v4/users/me
oauth2 user json url method: GET
oauth2 json user id path: id
oauth2 json username path: username
oauth2 json name path: username
oauth2 json email path: email
oauth2 json email verified path: email_verified
oauth2 json avatar path:
oauth2 email verified: 已勾选
在 Mattermost 一侧,回调 URL 设置为:
https://base.animalrebellion.org/auth/oauth2_basic/callback
我仍然希望能看到如何将 first_name 和 last_name 合并到“JSON name path”中以生成 full_name,不过目前仅使用“username”或“first_name”属性也可以接受。
希望这能帮到你!
祝好!
Beam
相关资源链接:
插件链接:GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse · GitHub
Discourse 插件安装指南:Install plugins on a self-hosted site
1 个赞
很高兴你解决了这个问题,@Beam!