OAuth2 Basic Support

official

(Jay Pfaffman) #156

Sounds challenging. Have you added the cert and environment variable inside the container?


(Tegebe) #157

Yes, and tested it using https://github.com/mislav/ssl-tools

root@discourse:/ssl-tools# ruby doctor.rb login.xyz.de:443
/usr/local/bin/ruby (2.5.1-p57)
OpenSSL 1.0.2g  1 Mar 2016: /usr/lib/ssl
SSL_CERT_DIR=""
SSL_CERT_FILE="/shared/cacert.pem"

HEAD https://login.xyz.de:443
OK

(Jay Pfaffman) #158

I’d include the directory rather than hope you put the cert where discourse is looking. I believe that the cert will need to be readable by her discourse.


(Tegebe) #159

Bitnami recently released new Docker images using Discourse 2.1.x. (former was 1.9.4). Oauth2 stopped working there as well, coming up with same error. For now I will try SAML instead of OAuth2.


#160

Did you try offloading the SSL to a frontend Nginx? In this case the certificate should live outside docker with the Nginx.

As your official certificate is a wildcard you can easily use it locally by adding your fake domain that matches the certificate’s to point to localhost (or whatever private IP you’re using) in /etc/hosts which will bypass the DNS lookup, effectively getting rid of the self-signed certificate issue.


(Tegebe) #161

That’s a good idea.
That means the “oauth2 authorize url” will still be the same as this one is only used in the browser. The “oauth2 token url” and “oauth2 user json url” will be unsecure (http) between Discourse and Nginx (outgoing traffic) and from Nginx to the OAuth2 provider it will be secure (https).


(Alex Markessinis) #162

Would it be possible to add some settings to customize the button? Things like:

  • Change the button color
  • Select an icon (Font Awesome?) or upload a small png to sit in front of the text to match other OAuth buttons