How to use Auth0 with the OAuth2 Basic Plugin

(Ruth Cheesley) #22

Just tried that, saved changes and when I log in with Auth0, the user is created in Auth0 but fields are still not being populated. Thanks for the suggestion!

Ruth

0 Likes

(Ruth Cheesley) #23

Seems like this thread seems to be deprecated, I never found it before, hence why the discussions were elsewhere! This would have saved me a lot of time so thanks for flagging it up!

1 Like

(Serginho Cintra) #27

Hi @blake,

I did all the steps but I having two kind of problems:

  1. I can do the Auth0 authentication but it’s not copying user information to Discourse Dialog Window to create a new user. I have to write all the information on user creation.

  2. If I create a new user as I told in step 1, it’s receiving the email and user of the last user that was created. It’s sounds very weird.

If you have a tip to fix it or if I am doing something wrong, please let me know.

Thanks, Sergio

0 Likes

(Blake Erickson) #28

This usually means something somewhere isn’t quite hooked up right. Can you verify these settings are correct in your auth0 settings?

Please provide any other settings you have configured in auth0 so I can help debug.

0 Likes

(Serginho Cintra) #29

I looked now and “OIDC Conformant” is turned off.

0 Likes

(Serginho Cintra) #30

My configuration:

0 Likes

(Serginho Cintra) #31

0 Likes

(Serginho Cintra) #32

All the new users are authenticated in Auth0 and at Auth0’s log everything is fine. But the information is not copied to create a new user in Discourse.

0 Likes

(Blake Erickson) #33

On the Discourse side can you remove “oauth2 json username path” , “oauth2 json name path”, and “oauth2 json avatar path” for now. Then can you update “oauth2 json email path” to “email”. Let’s see if we can just get that working, then we can work on the other fields.

Also you can check “oauth2 email verified” because auth0 is already verifying the email addresses.

0 Likes

(Serginho Cintra) #34

Thanks for your return but unfortunately I am still stuck on it. I also create a new Auth0 account, just for text and the problem continuos. Is there a log where I can track this information?

0 Likes

(Blake Erickson) #35

Have you been to /logs on your forum? If you have the debug oauth setting turned on your should be able to see some entries from auth0.

3 Likes

(Serginho Cintra) #36

Yes, I tried to authenticate and I found 3 log entries:

Message

OAuth2 Debugging: after_authenticate response:

creds: {"token"=>"42mopR4vXo5Tl-FzNxJn6S6umkL2W4Sh", "expires_at"=>1532128992, "expires"=>true} info: {"id"=>nil, "name"=>nil} extra: {}

Message (6 copies reported)

OAuth2 Debugging: user_json_url: GET https://xulapa.eu.auth0.com/userinfo

Message (13 copies reported)

OAuth2 Debugging: user_json: {"sub"=>"google-oauth2|100582788655510862666"}

0 Likes

(Blake Erickson) #37

Auth0 should still send the user info whether you use google to auth or auth0 directly. But can you try and log in directly with auth0 username and pass instead of google and see what that sends to Discourse in the payload.

Your json should look something like above.

I have this working at https://discourse-test-prod-box.blakeerickson.com/ you can also try google auth via auth0 and see if it works there.

2 Likes

(Serginho Cintra) #38

I did two attemps. The first was by “Login” button and second with “Sign Up” button:

Login

OAuth2 Debugging: after_authenticate response: creds: {"token"=>"vqF7xblw0Ns6S4AP3YYR_TeMvw0IgopC", "expires_at"=>1532166218, "expires"=>true} info: {"id"=>nil, "name"=>nil} extra: {}

OAuth2 Debugging: user_json: {"sub"=>"auth0|5b51aeca9a0b8834e8faa33f"}

Sign up

OAuth2 Debugging: after_authenticate response: creds: {"token"=>"L0fY7Da7Sfh7lIra_C5QoCu2gc5aN1_0", "expires_at"=>1532166327, "expires"=>true} info: {"id"=>nil, "name"=>nil} extra: {}

OAuth2 Debugging: user_json_url: GET https://xulapa.eu.auth0.com/userinfo

OAuth2 Debugging: user_json: {}

if you want I can send you my credentials because it’s just a prof of concept

0 Likes

(Ruth Cheesley) #39

Sounds like @Serginho_Cintra is having the same problem as me.

I’ve been working through this with Auth0 support having upgraded to a paid account, and everything is working fine from the Auth0 end. We are now seeing something very strange in that, any time anybody uses the Auth0 login they are being logged in as another user (the same user every time) who is in no way connected to the person logging in (but that user was the one previously created before the new user we are trying to create, as in Serginho’s case). That user is a forum administrator.

Happy to share Auth0’s debugging info if this helps get to the bottom of it.

To recap we were getting

  • Auth0 user created successfully
  • Information is not populated through to the create user form
  • User is being logged in as a forum administrator (the previously created user) now when they use Auth0 login/signup

Obviously a pretty critical issue! It’s basically blocking us launching our Discourse community for the past few weeks while we’ve been debugging.

Ruth

1 Like

(Jay Pfaffman) #40

auth0 uses Discourse. It would seem like this should be a well-documented solution. Maybe @jerdog has some ideas?

1 Like

(Blake Erickson) #41

Do you happend to have an EU based auth0 account?

The only thing Serginho and I were able to figure out was that Serginho had an EU based auth0 account, as soon as it was switched back to the US based auth0 account it worked fine. I’m not saying there isn’t some bug somewhere on the Discourse side, but something appears to be different on the auth0 side between their US and EU versions.

0 Likes

(Jeremy M) #42

That doesn’t sound right at all - I am reaching out to one of our engineers to have a look, but it will probably be helpful if you could contact us through our forum so we can exchange the private tenant info needed to troubleshoot. We can then provide a summary back here of what was fixed.

2 Likes

(Blake Erickson) #43

From previous debugging, auth0 is sending an empty payload (or near empty) which is why the form isn’t being auto-populated. But what I think is happening is Discourse is inserting an empty value in the db as the unique id. So any user who then signs in again will authenticate against that empty value. Obviously there is some improvement to be made on the discourse side to make sure THAT doesn’t happen, but the root cause is auth0 isn’t sending a populated payload for some reason.

0 Likes

(Blake Erickson) #44

Awesome thanks!

Just made a topic on your forum :slight_smile:

4 Likes