OAuth2 integration with Drupal


(Tarek Loubani) #1

Special thanks to @dashohoxha for his help!!

Continuing the discussion from OAuth2 Basic Support:

I will use this thread to document my steps and progress in integrating Discourse and Drupal via OAuth2.

At present, the status of my implementation is WORKING.

Installation on Discourse:
For installation on Discourse, do the following:

  1. Install OAuth2 Basic plugin as per this thread. See Install a plugin for details on how to install a plugin

  2. Configure OAuth2 plugin:

  • You should see an “OAuth2” section in “Login” in Settings when logged in as an administrative user.
  • Enable “Custom OAuth2 is enabled”
  • Set client ID as “discourse”.
  • Create a client secret that is a random series of letters and numbers. You can use apg -a 0 -m 20 to generate one.
  • oauth2 authorize url: https://DRUPAL/oauth2/authorize where DRUPAL = your Drupal site’s base URL
  • oauth2 token url: https://DRUPAL/oauth2/token
  • oauth2 user json url: https://DRUPAL/oauth2/user_profile.json
  • oauth2 json user id path: uid
  • oauth2 json username: name
  • oauth2 json name path:[ You can leave this blank]
  • oauth2 json email path: mail
  • oauth2 email verified: [Check this on]

When you hit ‘login’, you should now see a ‘login with OAuth2’ option.

Installation on Drupal

  1. Install the following plugins:
  1. Add client at /oauth2-servers/manage/oauth2/clients
  • Call the client discourse
  • Enter the same client secret as above
  • Set Redirect URIs as http://DISCOURSE/auth/oauth2_basic/callback where DISCOURSE = your discourse forum’s base URL

Status and Known Issues:
If you follow the steps above, you should see a “with OAuth2” badge on the login screen. Clicking on it should redirect you to your Drupal site for login that asks “Authorize discourse to use your account?” Clicking “Yes” results in either association to an existing account with the same email or creation of a new account with that email.

STATUS: WORKING

KNOWN ISSUES:

  • Must be authorized with each login.
  • Does not honour ‘groups’ / ‘roles’

tarek : )


Any experience with Drupal to Discourse integration?
SSO against Drupal
SSO Drupal site while keeping Facebook Login and Google+ Login
OAuth2 Basic Support
Trouble connecting drupal and discourse
[Invalid] Omniauth callback does not support POST, only GET
(Dashamir Hoxha) #2

Are you sure that this is the correct Redirect URI?

What does it do? Where is its code?


(Tarek Loubani) #3

This is correct. Quoting directly from the install guide for OAuth2 Basic:


(Tarek Loubani) #4

OK, there seems to be some good information from the maker of the Drupal plugin (@dashohoxha) in response to my filed bug:

So, I will look and see if there’s a way to make this POST instead of GET.

tarek : )


(Tarek Loubani) #5

It appears that there is no way to force POST instead of GET. I have filed this as a bug.

UPDATE: Bug invalid. Refiled as a bug in OAuth2 Basic

tarek : )


(Dashamir Hoxha) #6

Near the top of the other thread about oauth2, I saw something related to sending the header “Authentication: Bearer <oauth2_token>” to the server. Maybe this is what you are looking for.
Otherwise you have to look at the code or ask the other guys about how it works, and maybe fix it.


(Tarek Loubani) #7

This is an option that doesn’t seem to change the GET vs. POST behaviour. I just tried.

tarek : )


(Tarek Loubani) #8

@dashohoxha Would you consider adding GET support to OAuth2_loginprovider?

I have filed a bug with OAuth2 basic to ask for them to add POST support.

tarek : )


(Dashamir Hoxha) #9

I can try it, but I am not sure whether it will work and how long it will take.


(Tarek Loubani) #10

Excellent!!

In the meantime, I am trying to get a Ruby dev environment to figure out how to do this.

tarek : )


(Tarek Loubani) #11

Ok, I have success!!! However, @dashohoxha, I’m not sure how to figure out the output of user/profile in OAuth2_loginprovider… Could you give me some advice?

See OAuth2 Basic Support for the patch to make this work.

tarek : )


(Dashamir Hoxha) #12

The output should be a JSON that contains the fields of the user profile. Can you print it somewhere for debugging? I am not familiar with RoR, so I cannot help you with this.


(Tarek Loubani) #13

I really have no idea how to debug RoR either. I’m trying now to figure that out… Currently, that looks like where I’m stuck.

I also am having no luck trying to manually get the data out with a REST client… What do you use to test?

tarek : )


(Dashamir Hoxha) #14

For testing I use this: B-Translator API Examples
See the section OAuth2/user/profile (on the left). Then check the javascript code and the output.


(Dashamir Hoxha) #15

I have extended the Drupal module to accept both POST /oauth2/user/profile and GET /oauth2/user_profile (see the description at OAuth2 LoginProvider | Drupal.org).


(Tarek Loubani) #16

WOW WOW WOW!!! That’s so wonderful!

Thank you so much!! Now I’m just trying to figure out where each path is, and then I’ll update above.

tarek : )


(Tarek Loubani) #17

I have updated the first post with the new error. In essence, Drupal is NOT giving json, but IS giving XML. Here is the output:

757: unexpected token at '<?xml version="1.0" 
encoding="utf-8"?>
<result><uid>555</uid><name>testuser</name><mail>testuser@testuser.org</mail><theme></theme><signature></signature><signature_format/><created>1273090</created><access>1465263</access><login>1462493892</login><status>1</status><timezone/><language></language><picture><fid>23</fid><uid>0</uid><filename>picture-555-profile.png</filename><uri>public://pictures/picture-picture-555-profile.png</uri><filemime>image/png</filemime><filesize>206962</filesize><status>1</status><timestamp>14164658</timestamp><rdf_mapping/><url>https://DRUPAL/sites/DRUPAL/files/pictures/picture-555-profile.png</url></picture><init></init><data><ckeditor_default>t</ckeditor_default>

We are way closer now!! Thank you!

tarek : )


(Tarek Loubani) #18

GOT IT!!!

just needed a .json at the end!

Will update above!

tarek : )


(Dashamir Hoxha) #19

This is related to the configuration of the Drupal module Services at /admin/structure/services/list/oauth2_login_provider/server By default all types of request and response formats are enabled, and if the HTTP request does not specify a response format, XML is used by default. Either you can restrict this on the server, or make the client specify that they want JSON. In one of my JavaScript example I do it like this: B-Translator.github.io/get_user_profile.js at master · B-Translator/B-Translator.github.io · GitHub

Apparently it also works if you append the extension .json to the URL (you discovered this). As long as it works, it is fine.


(Tarek Loubani) #20

I tried this and could not get it to work, neither in my own REST client, nor in your b-translator, as dataType will always default to json (I tried ‘xml’, for example).

Regardless, mercifully this is behind me! I also got my Kunena posts redirected, which is also merciful. So no problems!

tarek : )