hi blake,
thanks for that. I did actually switch that on, but still get the message on the login page about email being unverified?
Does that assume the upstream Oauth2 IdP has verified email addresses?
yes thats the case i believe.
Okay can you look in your logs and see if you see anything? Also could you look at one of the new users and see if they actually have an email address?
is the user record in discourse only created after the verification? if i go in as admin, should i see the record?
They should be in there before verification. You may need to click on the new tab and/or sort by created date /admin/users/list/new?order=created
interesting… as the users are not there
hmm okay. See what you can find in /logs. I’m not really sure what is going on. I’ll have to login into my auth0 account and see if I can get it working again and see if I run into a similar issue.
thanks, will check the logs and update.
Hi
taking a look at the logs below, does it seem as if the json call to the authentication provider for user info is not returning anything?
(oauth2_basic) Callback phase initiated.
Processing by Users::OmniauthCallbacksController#complete as HTML
Parameters: {"code"=>"P-xxxxxxxxx-4", "state"=>"b65xxxxxxxxxaa
5769cxxxxxxx9", "provider"=>"oauth2_basic"}
OAuth2 Debugging: after_authenticate response:
creds: {"token"=>"wPxxxxxxxxxxxxwq7", "expires_at"=>1526490618, ""
expires"=>true}
info: {"id"=>nil, "name"=>nil}
extra: {}
OAuth2 Debugging: user_json_url: GET https://xxxxxxxxx/userinfo
OAuth2 Debugging: user_json: {}
Rendering users/omniauth_callbacks/complete.html.erb within layouts/no_ember
Rendered users/omniauth_callbacks/complete.html.erb within layouts/no_ember (00
.5ms)
Rendered layouts/_head.html.erb (0.2ms)
Rendered common/_special_font_face.html.erb (0.2ms)
Rendered common/_discourse_stylesheet.html.erb (0.1ms)
Rendered application/_header.html.erb (0.1ms)
Completed 200 OK in 201ms (Views: 2.3ms | ActiveRecord: 11.1ms)
Started GET "/discussion/srv/status" for 127.0.0.1 at 2018-05-15 17:10:23 +0000Yes, it doesn’t look like it is returning anything since user_json is empty
Okay I figured out a couple of the issues and one of them may require a code fix. I’ll post my findings tomorrow.
2 Likes
hi blake,
so that i dont misunderstand, are you saying this will not work until a fix is made on your side?
regards
shahid
strangely, when the auth0 lock widget pops up through oauth2 login, when i enter the username/password a fresh, i get valid json back. But if i click on the username that it already remembers (so not re-entering username/password) it gives me blank json.
hi blake, i have this working now, just need to figure out the silent auth bit (when auth lock widget comes up remembering previously used login), which i think is calling the authentication provider without the necessary scopes for the end point…
I have another issue though. The userId that is coming back from the userInfo json endpoint is a url namespace e.g. https://domain.user.id.
In the oauth2 plugin config i am specifying this domain as the userId field, but i think instead of taking that field from the json it seems to be trying to find “.id” at the “https://domain” --> “user” --> “id” node.
How do i get around this issue?
regards
That’s one of the issues that needs a code fix. Auth0 used to return and id but now they return a user_id inside of an identities array and you can’t just use the user_id inside of the main hash because it changes depending on which provider they used to login with (auth0, google, Facebook, etc)
2 Likes