Oauth2 plugin sso, how to switch off email verification

hi blake,

thanks for that. I did actually switch that on, but still get the message on the login page about email being unverified?

What do you have set in the “oauth2 json email path” box?

Maybe that isn’t set correctly

Does that assume the upstream Oauth2 IdP has verified email addresses?

yes thats the case i believe.

Okay can you look in your logs and see if you see anything? Also could you look at one of the new users and see if they actually have an email address?

is the user record in discourse only created after the verification? if i go in as admin, should i see the record?

They should be in there before verification. You may need to click on the new tab and/or sort by created date /admin/users/list/new?order=created

interesting… as the users are not there

hmm okay. See what you can find in /logs. I’m not really sure what is going on. I’ll have to login into my auth0 account and see if I can get it working again and see if I run into a similar issue.

thanks, will check the logs and update.

Hi
taking a look at the logs below, does it seem as if the json call to the authentication provider for user info is not returning anything?

(oauth2_basic) Callback phase initiated.

Processing by Users::OmniauthCallbacksController#complete as HTML

Parameters: {"code"=>"P-xxxxxxxxx-4", "state"=>"b65xxxxxxxxxaa

5769cxxxxxxx9", "provider"=>"oauth2_basic"}

OAuth2 Debugging: after_authenticate response:

creds: {"token"=>"wPxxxxxxxxxxxxwq7", "expires_at"=>1526490618, ""

expires"=>true}

info: {"id"=>nil, "name"=>nil}

extra: {}

OAuth2 Debugging: user_json_url: GET https://xxxxxxxxx/userinfo

OAuth2 Debugging: user_json: {}

Rendering users/omniauth_callbacks/complete.html.erb within layouts/no_ember

Rendered users/omniauth_callbacks/complete.html.erb within layouts/no_ember (00

.5ms)

Rendered layouts/_head.html.erb (0.2ms)

Rendered common/_special_font_face.html.erb (0.2ms)

Rendered common/_discourse_stylesheet.html.erb (0.1ms)

Rendered application/_header.html.erb (0.1ms)

Completed 200 OK in 201ms (Views: 2.3ms | ActiveRecord: 11.1ms)

Started GET "/discussion/srv/status" for 127.0.0.1 at 2018-05-15 17:10:23 +0000

Yes, it doesn’t look like it is returning anything since user_json is empty

Okay I figured out a couple of the issues and one of them may require a code fix. I’ll post my findings tomorrow.

2 Likes

hi blake,

so that i dont misunderstand, are you saying this will not work until a fix is made on your side?

regards
shahid

strangely, when the auth0 lock widget pops up through oauth2 login, when i enter the username/password a fresh, i get valid json back. But if i click on the username that it already remembers (so not re-entering username/password) it gives me blank json.

hi blake, i have this working now, just need to figure out the silent auth bit (when auth lock widget comes up remembering previously used login), which i think is calling the authentication provider without the necessary scopes for the end point…

I have another issue though. The userId that is coming back from the userInfo json endpoint is a url namespace e.g. https://domain.user.id.
In the oauth2 plugin config i am specifying this domain as the userId field, but i think instead of taking that field from the json it seems to be trying to find “.id” at the “https://domain” --> “user” --> “id” node.

How do i get around this issue?

regards

That’s one of the issues that needs a code fix. Auth0 used to return and id but now they return a user_id inside of an identities array and you can’t just use the user_id inside of the main hash because it changes depending on which provider they used to login with (auth0, google, Facebook, etc)

2 Likes

A post was merged into an existing topic: How to use Auth0 with the OAuth2 Basic Plugin