OAuth2 integration with Drupal

tarek · May 4, 2016, 4:08am

Special thanks to @dashohoxha for his help!!

Continuing the discussion from OAuth2 Basic Support:

I will use this thread to document my steps and progress in integrating Discourse and Drupal via OAuth2.

At present, the status of my implementation is WORKING.

Installation on Discourse:
For installation on Discourse, do the following:

Install OAuth2 Basic plugin as per this thread. See Install a plugin for details on how to install a plugin
Configure OAuth2 plugin:

You should see an “OAuth2” section in “Login” in Settings when logged in as an administrative user.
Enable “Custom OAuth2 is enabled”
Set client ID as “discourse”.
Create a client secret that is a random series of letters and numbers. You can use apg -a 0 -m 20 to generate one.
oauth2 authorize url: https://DRUPAL/oauth2/authorize where DRUPAL = your Drupal site’s base URL
oauth2 token url: https://DRUPAL/oauth2/token
oauth2 user json url: https://DRUPAL/oauth2/user_profile.json
oauth2 json user id path: uid
oauth2 json username: name
oauth2 json name path:[ You can leave this blank]
oauth2 json email path: mail
oauth2 email verified: [Check this on]

When you hit ‘login’, you should now see a ‘login with OAuth2’ option.

Installation on Drupal

Install the following plugins:

Add client at /oauth2-servers/manage/oauth2/clients

Call the client discourse
Enter the same client secret as above
Set Redirect URIs as http://DISCOURSE/auth/oauth2_basic/callback where DISCOURSE = your discourse forum’s base URL

Status and Known Issues:
If you follow the steps above, you should see a “with OAuth2” badge on the login screen. Clicking on it should redirect you to your Drupal site for login that asks “Authorize discourse to use your account?” Clicking “Yes” results in either association to an existing account with the same email or creation of a new account with that email.

STATUS: WORKING

KNOWN ISSUES:

Must be authorized with each login.
Does not honour ‘groups’ / ‘roles’

tarek : )

dashohoxha · May 4, 2016, 8:36am

Are you sure that this is the correct Redirect URI?

What does it do? Where is its code?

tarek · May 4, 2016, 11:27pm

This is correct. Quoting directly from the install guide for OAuth2 Basic:

tarek · May 5, 2016, 3:12pm

OK, there seems to be some good information from the maker of the Drupal plugin (@dashohoxha) in response to my filed bug:

So, I will look and see if there’s a way to make this POST instead of GET.

tarek : )

tarek · May 5, 2016, 3:39pm

It appears that there is no way to force POST instead of GET. I have filed this as a bug.

UPDATE: Bug invalid. Refiled as a bug in OAuth2 Basic

tarek : )

dashohoxha · May 5, 2016, 3:46pm

Near the top of the other thread about oauth2, I saw something related to sending the header “Authentication: Bearer <oauth2_token>” to the server. Maybe this is what you are looking for.
Otherwise you have to look at the code or ask the other guys about how it works, and maybe fix it.

tarek · May 5, 2016, 4:11pm

This is an option that doesn’t seem to change the GET vs. POST behaviour. I just tried.

tarek : )

tarek · May 5, 2016, 5:03pm

@dashohoxha Would you consider adding GET support to OAuth2_loginprovider?

I have filed a bug with OAuth2 basic to ask for them to add POST support.

tarek : )

dashohoxha · May 5, 2016, 5:28pm

I can try it, but I am not sure whether it will work and how long it will take.

tarek · May 5, 2016, 5:52pm

Excellent!!

In the meantime, I am trying to get a Ruby dev environment to figure out how to do this.

tarek : )

tarek · May 5, 2016, 7:36pm

Ok, I have success!!! However, @dashohoxha, I’m not sure how to figure out the output of user/profile in OAuth2_loginprovider… Could you give me some advice?

See OAuth2 Basic Support for the patch to make this work.

tarek : )

dashohoxha · May 5, 2016, 9:06pm

The output should be a JSON that contains the fields of the user profile. Can you print it somewhere for debugging? I am not familiar with RoR, so I cannot help you with this.

tarek · May 5, 2016, 9:11pm

I really have no idea how to debug RoR either. I’m trying now to figure that out… Currently, that looks like where I’m stuck.

I also am having no luck trying to manually get the data out with a REST client… What do you use to test?

tarek : )

dashohoxha · May 5, 2016, 9:18pm

For testing I use this: http://info.btranslator.org/api-examples-js/
See the section OAuth2/user/profile (on the left). Then check the javascript code and the output.

dashohoxha · May 5, 2016, 11:58pm

I have extended the Drupal module to accept both POST /oauth2/user/profile and GET /oauth2/user_profile (see the description at https://www.drupal.org/project/oauth2_loginprovider).

tarek · May 5, 2016, 11:59pm

WOW WOW WOW!!! That’s so wonderful!

Thank you so much!! Now I’m just trying to figure out where each path is, and then I’ll update above.

tarek : )

tarek · May 6, 2016, 12:49am

I have updated the first post with the new error. In essence, Drupal is NOT giving json, but IS giving XML. Here is the output:

757: unexpected token at '<?xml version="1.0" 
encoding="utf-8"?>
<result><uid>555</uid><name>testuser</name><mail>testuser@testuser.org</mail><theme></theme><signature></signature><signature_format/><created>1273090</created><access>1465263</access><login>1462493892</login><status>1</status><timezone/><language></language><picture><fid>23</fid><uid>0</uid><filename>picture-555-profile.png</filename><uri>public://pictures/picture-picture-555-profile.png</uri><filemime>image/png</filemime><filesize>206962</filesize><status>1</status><timestamp>14164658</timestamp><rdf_mapping/><url>https://DRUPAL/sites/DRUPAL/files/pictures/picture-555-profile.png</url></picture><init></init><data><ckeditor_default>t</ckeditor_default>

We are way closer now!! Thank you!

tarek : )

tarek · May 6, 2016, 1:21am

GOT IT!!!

just needed a .json at the end!

Will update above!

tarek : )

dashohoxha · May 6, 2016, 5:58am

This is related to the configuration of the Drupal module Services at /admin/structure/services/list/oauth2_login_provider/server By default all types of request and response formats are enabled, and if the HTTP request does not specify a response format, XML is used by default. Either you can restrict this on the server, or make the client specify that they want JSON. In one of my JavaScript example I do it like this: B-Translator.github.io/api-examples-js/examples/oauth2/get_user_profile.js at master · B-Translator/B-Translator.github.io · GitHub

Apparently it also works if you append the extension .json to the URL (you discovered this). As long as it works, it is fine.

tarek · May 6, 2016, 6:03am

I tried this and could not get it to work, neither in my own REST client, nor in your b-translator, as dataType will always default to json (I tried ‘xml’, for example).

Regardless, mercifully this is behind me! I also got my Kunena posts redirected, which is also merciful. So no problems!

tarek : )

Topic		Replies	Views
Trouble connecting drupal and discourse Support	9	6216	November 24, 2019
Discourse OAuth2 Basic Plugin official , oauth2 , auth-plugins	26	60625	August 21, 2024
Configure sign up and log in with Auth0 using the OAuth2 Basic Plugin Integrations sso , oauth2 , auth-plugins , how-to	71	18215	August 15, 2024
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , discourseconnect , configuring , how-to	7	436672	September 12, 2024
Login to Discourse with custom Oauth2 provider Feature oauth2 , completed	24	273806	July 6, 2020

OAuth2 integration with Drupal

Related Topics