Oauth Redirecting to /login after successful user JSON call

My configuration for Oauth basic is behaving quite odd, I had a few errors initially during setup and have resolved them. However, now I can see the flow going from Discourse -> Cognito Authorize Endpoint -> Discourse Callback -> Discourse /login. There is no warning or errors in the log, and when checking the logs, I can see that there is a successful JSON call to grab the user data.

Given that it appears to have a successful token and has loaded the JSON data, I would expect the user account to be successfully registered, instead the user is redirected to the login page.

Please see logs below.

OAuth2 Debugging: after_authenticate response: creds: {"token"=>"eyJraWQiOiJ3YW8zbVBRWmh2Z2F6YldNaU5jS3ZOdVdRMXRmcm1ya2ZVZ2RvVjVYSG1RPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJkNzhkZDliNS03Mjc2LTQ5OWEtYjdiN
3:48 pm
OAuth2 Debugging: user_json_url: GET https://api.lifebac.com/token/details?token=eyJraWQiOiJ3YW8zbVBRWmh2Z2F6YldNaU5jS3ZOdVdRMXRmcm1ya2ZVZ2RvVjVYSG1RPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJkNzhkZDliNS03Mjc
3:48 pm
OAuth2 Debugging: user_json_response: #<Excon::Response:0x00007f36a7608a30 @data={:body=>"{\"id\":\"d78dd9b5-7276-499a-b7b6-02da38e03ce9\", ...}", :cookies=>[], :host=>"api.lifebac.com", :headers=>{"Conten
3:48 pm
OAuth2 Debugging: user_json: {"id"=>"d78dd9b5-7276-499a-b7b6-02da38e03ce9", ...}

Any help on what is occurring would be incredibly helpful. More than happy to supply the backtraces if needed.

The redirection is normal, but there should also be a registration popup. Are you seeing that?

The user account is only created after the user confirms the account details and presses create.

Hi David,

Unfortunately, that information is coming up blank with nothing to confirm without entering it all their information.

Also, is it possible to auto-confirm the user? Their email is already verified on our side and I’d like to keep this experience as seamless as possible for our users?

It’s not possible to skip the popup (yet), but it should all be automatically populated with data from your identity provider.

What are the values for your oauth2 settings? Let’s take oauth2_json_email_path as an example.

Also, can you share the complete “user_json” line from the log, so we can see all the keys. (feel free to scrub the emails)

The full data was

{"id"=>"d78dd9b5-7276-499a-b7b6-02da38e03ce9", "username"=>"patrick2"}

and the field values were “id” and “username” for the applicable fields.

I’m currently updating the endpoint to add email and name, but I was under the impression that only a id and username were required.

Thanks

Patrick

The minimum data to connect the account to a Discourse account is just the id. However, Discourse needs a username and email. That’s why we pop the sign-up modal.

If you can add that information to the OAuth API then that would make things much smoother for your users

Yep, on that one right now! Will update the endpoint to include email as well and see if that resolves this.

Though in that case, surely the username should at least be coming through to the signup page?

Thanks

Patrick

Yes it should. Have you configured oauth2_json_username_path to be username?

@david, cheers mate! Got that one all working with the data.

What is the correct way to request a flag to auto-confirm oauth users?

Thanks

Patrick

What do you mean by auto-confirm? Skip email confirmation? Or skip the registration modal?

The first can be done already. The second is on our radar to implement soon.

Perfect! I meant the second! But if it’s already on your radar, then we’re all good!

Is the new external_auth_skip_create_confirm setting from Automatically provision accounts with external SSO provider? (skip Create New Account prompt) supported on
Oauth2?

It sure is! It’s supported on every single Discourse auth provider (even Facebook, Github, Google, etc.)