OAuth2 integration with Drupal

Special thanks to @dashohoxha for his help!!

Continuing the discussion from OAuth2 Basic Support:

I will use this thread to document my steps and progress in integrating Discourse and Drupal via OAuth2.

At present, the status of my implementation is WORKING.

Installation on Discourse:
For installation on Discourse, do the following:

  1. Install OAuth2 Basic plugin as per this thread. See Install a plugin for details on how to install a plugin

  2. Configure OAuth2 plugin:

  • You should see an ā€œOAuth2ā€ section in ā€œLoginā€ in Settings when logged in as an administrative user.
  • Enable ā€œCustom OAuth2 is enabledā€
  • Set client ID as ā€œdiscourseā€.
  • Create a client secret that is a random series of letters and numbers. You can use apg -a 0 -m 20 to generate one.
  • oauth2 authorize url: https://DRUPAL/oauth2/authorize where DRUPAL = your Drupal siteā€™s base URL
  • oauth2 token url: https://DRUPAL/oauth2/token
  • oauth2 user json url: https://DRUPAL/oauth2/user_profile.json
  • oauth2 json user id path: uid
  • oauth2 json username: name
  • oauth2 json name path:[ You can leave this blank]
  • oauth2 json email path: mail
  • oauth2 email verified: [Check this on]

When you hit ā€˜loginā€™, you should now see a ā€˜login with OAuth2ā€™ option.

Installation on Drupal

  1. Install the following plugins:
  1. Add client at /oauth2-servers/manage/oauth2/clients
  • Call the client discourse
  • Enter the same client secret as above
  • Set Redirect URIs as http://DISCOURSE/auth/oauth2_basic/callback where DISCOURSE = your discourse forumā€™s base URL

Status and Known Issues:
If you follow the steps above, you should see a ā€œwith OAuth2ā€ badge on the login screen. Clicking on it should redirect you to your Drupal site for login that asks ā€œAuthorize discourse to use your account?ā€ Clicking ā€œYesā€ results in either association to an existing account with the same email or creation of a new account with that email.

STATUS: WORKING

KNOWN ISSUES:

  • Must be authorized with each login.
  • Does not honour ā€˜groupsā€™ / ā€˜rolesā€™

tarek : )

8 Likes

Are you sure that this is the correct Redirect URI?

What does it do? Where is its code?

This is correct. Quoting directly from the install guide for OAuth2 Basic:

OK, there seems to be some good information from the maker of the Drupal plugin (@dashohoxha) in response to my filed bug:

So, I will look and see if thereā€™s a way to make this POST instead of GET.

tarek : )

It appears that there is no way to force POST instead of GET. I have filed this as a bug.

UPDATE: Bug invalid. Refiled as a bug in OAuth2 Basic

tarek : )

Near the top of the other thread about oauth2, I saw something related to sending the header ā€œAuthentication: Bearer <oauth2_token>ā€ to the server. Maybe this is what you are looking for.
Otherwise you have to look at the code or ask the other guys about how it works, and maybe fix it.

This is an option that doesnā€™t seem to change the GET vs. POST behaviour. I just tried.

tarek : )

@dashohoxha Would you consider adding GET support to OAuth2_loginprovider?

I have filed a bug with OAuth2 basic to ask for them to add POST support.

tarek : )

I can try it, but I am not sure whether it will work and how long it will take.

Excellent!!

In the meantime, I am trying to get a Ruby dev environment to figure out how to do this.

tarek : )

Ok, I have success!!! However, @dashohoxha, Iā€™m not sure how to figure out the output of user/profile in OAuth2_loginproviderā€¦ Could you give me some advice?

See OAuth2 Basic Support for the patch to make this work.

tarek : )

The output should be a JSON that contains the fields of the user profile. Can you print it somewhere for debugging? I am not familiar with RoR, so I cannot help you with this.

I really have no idea how to debug RoR either. Iā€™m trying now to figure that outā€¦ Currently, that looks like where Iā€™m stuck.

I also am having no luck trying to manually get the data out with a REST clientā€¦ What do you use to test?

tarek : )

For testing I use this: B-Translator API Examples
See the section OAuth2/user/profile (on the left). Then check the javascript code and the output.

I have extended the Drupal module to accept both POST /oauth2/user/profile and GET /oauth2/user_profile (see the description at https://www.drupal.org/project/oauth2_loginprovider).

4 Likes

WOW WOW WOW!!! Thatā€™s so wonderful!

Thank you so much!! Now Iā€™m just trying to figure out where each path is, and then Iā€™ll update above.

tarek : )

I have updated the first post with the new error. In essence, Drupal is NOT giving json, but IS giving XML. Here is the output:

757: unexpected token at '<?xml version="1.0" 
encoding="utf-8"?>
<result><uid>555</uid><name>testuser</name><mail>testuser@testuser.org</mail><theme></theme><signature></signature><signature_format/><created>1273090</created><access>1465263</access><login>1462493892</login><status>1</status><timezone/><language></language><picture><fid>23</fid><uid>0</uid><filename>picture-555-profile.png</filename><uri>public://pictures/picture-picture-555-profile.png</uri><filemime>image/png</filemime><filesize>206962</filesize><status>1</status><timestamp>14164658</timestamp><rdf_mapping/><url>https://DRUPAL/sites/DRUPAL/files/pictures/picture-555-profile.png</url></picture><init></init><data><ckeditor_default>t</ckeditor_default>

We are way closer now!! Thank you!

tarek : )

GOT IT!!!

just needed a .json at the end!

Will update above!

tarek : )

This is related to the configuration of the Drupal module Services at /admin/structure/services/list/oauth2_login_provider/server By default all types of request and response formats are enabled, and if the HTTP request does not specify a response format, XML is used by default. Either you can restrict this on the server, or make the client specify that they want JSON. In one of my JavaScript example I do it like this: https://github.com/B-Translator/B-Translator.github.io/blob/master/api-examples-js/examples/oauth2/get_user_profile.js#L10

Apparently it also works if you append the extension .json to the URL (you discovered this). As long as it works, it is fine.

1 Like

I tried this and could not get it to work, neither in my own REST client, nor in your b-translator, as dataType will always default to json (I tried ā€˜xmlā€™, for example).

Regardless, mercifully this is behind me! I also got my Kunena posts redirected, which is also merciful. So no problems!

tarek : )