Oauth and FusionAuth - undefined callback url
-
Hi all, I' m trying to get myself capable to understand the Oauth2 mechanism but I'm stuck with an issue on URL callback.
For the scope of the conversation I' ve used the FusionAuth as identity server and I've modifed my nodebb-plugin-sso-oauth plugin from @julian (thanks a lot!!!) based on the notes on his original github repo.
Based on the FusionAuth guide I've also created the proper application entry on the server with the following parameters
Although the nodeBB plugin is loaded as confirmed by the Alternative Logins section
and I' m redirected to the FusionAuth login page
as soon as I enter the credentials of a user which is " registered" with the nodeBB application entry the user is authenticated as the URL in the browser confirms (http://localhost:4567/auth/fusionauth/callback?code=D6FnIZc1Q6-9HE7ObsHnbzovIhXtw72qocQiRDR-78g&locale=en_US&state=9CHMOxaF-59gVurTmHVZo1CaFhdd4vXZCP0Y&userState=Authenticated
) but in nodeBB I' m forwarded to an internal error page as in the screenshot below
I can' t move any further in understanding the Oauth2 mechanism and any comment on the mistake I' m currently doing is really appreciated!
Cheers, Riccardo
-
@julian said in Oauth and FusionAuth - undefined callback url:
nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth
NodeBB Plugin that allows users to login/register via any configured OAuth provider. - nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth
GitHub (github.com)
This gave me an idea...
@KnickKnack in your version of the plugin - can you just print out what the
data
value is that is passed into theOAuth.parseUserReturn
?Looks like you can just un-comment this line:
https://github.com/rgigante/nodebb-plugin-sso-oauth/blob/3781e63994869db1c0f7b6d4bc3eb7ff135ee2a4/library.js#L175The UserInfo response in OIDC (which is what FusionAuth will be returning) will looks like this:
{ "applicationId": "90c2fca8-d6b3-4af4-9a70-25cfde3f237f", "email": "[email protected]", "name" : "John Doe", "roles": [ "role 1", "role 2" ], "sub": "6ad9fa59-dee2-475b-861b-43d7cb75b899" }
This can vary depending upon your user, etc. See more here: UserInfo endpoint
If you're not getting to this point, then the callback is not being handled and it has not yet exchanged the auth code for the token and you're likely failing in the main strategy.
passport-oauth2/lib/strategy.js at master · jaredhanson/passport-oauth2
OAuth 2.0 authentication strategy for Passport and Node.js. - passport-oauth2/lib/strategy.js at master · jaredhanson/passport-oauth2
GitHub (github.com)
-
@knickknack Actually, the fine folks at FusionAuth have a plugin for this too:
https://fusionauth.io/blog/2020/05/13/setting-up-single-sign-on-for-nodebb/
https://github.com/FusionAuth/nodebb-plugin-fusionauth-oidc
Have you given that one a try?
-
@julian thanks for the follow-up! I actually didn’t had a look because I
wasn’t aware of it and also because the FusionAuth was just a test platform to practice before trying to interface with 10duke.I’ll have a look at the plugin but do you have any remarks or comments about my setup? Did I overlooked something?
Cheers, R
-
@knickknack Hm, in that case, you'd have to look at the server-side logs and see what is output...
undefined
isn't a particularly helpful error, unfortunately. -
Hi @Julian, thanks for helping here.
Find below the log obtained by running nodeBB in dev mode under the following steps:
- clear cookies on firefox
- start FusionAuth server
- start nodeBB server
- go to Login page
- use credentials from FusionAuth users
- on credentials being authenticated get the error page
What it looks like to me is that nodeBB can process the URL specified in the callback and it's unable to move further.
Cheers, R
$ ./nodebb dev NodeBB v1.14.3 Copyright (C) 2013-2014 NodeBB Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. For the full license, please visit: http://www.gnu.org/copyleft/gpl.html Clustering enabled: Spinning up 1 process(es). 2020-10-22T09:50:25.980Z [4567/4301] - verbose: * using configuration stored in: /home/standarduser/nodebb/config.json 2020-10-22T09:50:26.078Z [4567/4301] - info: Initializing NodeBB v1.14.3 http://localhost:4567 2020-10-22T09:50:26.078Z [4567/4301] - verbose: * using mongo store at 127.0.0.1:27017 2020-10-22T09:50:26.079Z [4567/4301] - verbose: * using themes stored in: /home/standarduser/nodebb/node_modules 2020-10-22T09:50:28.317Z [4567/4301] - verbose: [minifier] utilizing a maximum of 3 additional threads 2020-10-22T09:50:28.477Z [4567/4301] - verbose: Checking dependencies for outdated modules 2020-10-22T09:50:28.991Z [4567/4301] - verbose: [notifications.init] Registering jobs. 2020-10-22T09:50:28.992Z [4567/4301] - verbose: [user/jobs] (Re-)starting user jobs... 2020-10-22T09:50:28.994Z [4567/4301] - verbose: [user/jobs] Starting job (digest.daily) 2020-10-22T09:50:28.996Z [4567/4301] - verbose: [user/jobs] Starting job (digest.weekly) 2020-10-22T09:50:28.998Z [4567/4301] - verbose: [user/jobs] Starting job (digest.monthly) 2020-10-22T09:50:28.999Z [4567/4301] - verbose: [user/jobs] Starting job (reset.clean) 2020-10-22T09:50:29.000Z [4567/4301] - verbose: [user/jobs] 4 jobs started 2020-10-22T09:50:29.001Z [4567/4301] - verbose: [emailer] Setting up SMTP fallback transport 2020-10-22T09:50:29.087Z [4567/4301] - info: [themes] Using theme nodebb-theme-persona 2020-10-22T09:50:29.088Z [4567/4301] - verbose: [plugins] Initializing plugins system 2020-10-22T09:50:29.124Z [4567/4301] - verbose: [emailer] Built custom email templates 2020-10-22T09:50:29.199Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-composer-default 2020-10-22T09:50:29.203Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-theme-persona 2020-10-22T09:50:29.245Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-markdown 2020-10-22T09:50:29.325Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-mentions 2020-10-22T09:50:29.329Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-widget-essentials 2020-10-22T09:50:29.333Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-rewards-essentials 2020-10-22T09:50:29.337Z [4567/4301] - verbose: [plugins] Found 3 sound file(s) for plugin nodebb-plugin-soundpack-default 2020-10-22T09:50:29.338Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-soundpack-default 2020-10-22T09:50:29.417Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-emoji 2020-10-22T09:50:29.437Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-emoji-android 2020-10-22T09:50:29.453Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-sso-oauth 2020-10-22T09:50:29.456Z [4567/4301] - verbose: [plugins] Loaded plugin: nodebb-plugin-custom-pages 2020-10-22T09:50:29.458Z [4567/4301] - verbose: [plugins/fireHook] filter:sanitize.config 2020-10-22T09:50:29.459Z [4567/4301] - info: [plugins] Plugins OK 2020-10-22T09:50:29.459Z [4567/4301] - verbose: [plugins/fireHook] static:assets.prepare 2020-10-22T09:50:29.460Z [4567/4301] - verbose: [plugins/fireHook] static:app.preload 2020-10-22T09:50:29.462Z [4567/4301] - verbose: [plugins/fireHook] static:app.load 2020-10-22T09:50:29.506Z [4567/4301] - verbose: [plugins/fireHook] action:markdown.updateParserRules 2020-10-22T09:50:29.513Z [4567/4301] - verbose: [emoji] Building emoji assets 2020-10-22T09:50:29.513Z [4567/4301] - verbose: [plugins/fireHook] filter:emoji.packs 2020-10-22T09:50:29.535Z [4567/4301] - verbose: [emoji] Loaded packs {"0":"a","1":"n","2":"d","3":"r","4":"o","5":"i","6":"d"} 2020-10-22T09:50:29.571Z [4567/4301] - verbose: [plugins] All plugins reloaded and rerouted 2020-10-22T09:50:29.572Z [4567/4301] - verbose: [plugins/fireHook] filter:auth.init 2020-10-22T09:50:29.625Z [4567/4301] - info: Routes added 2020-10-22T09:50:29.628Z [4567/4301] - verbose: [meta/blacklist] Loading 0 blacklist rule(s) 2020-10-22T09:50:29.629Z [4567/4301] - verbose: [plugins/fireHook] filter:flags.getFilters 2020-10-22T09:50:29.629Z [4567/4301] - info: NodeBB Ready 2020-10-22T09:50:29.630Z [4567/4301] - verbose: [plugins/fireHook] action:nodebb.ready 2020-10-22T09:50:29.631Z [4567/4301] - info: Enabling 'trust proxy' 2020-10-22T09:50:29.634Z [4567/4301] - info: NodeBB is now listening on: 0.0.0.0:4567 2020-10-22T09:50:38.334Z [4567/4301] - verbose: [middleware/autoLocale] Retrieves languages list for middleware 2020-10-22T09:50:38.338Z [4567/4301] - verbose: [plugins/fireHook] filter:user.getSettings 2020-10-22T09:50:38.339Z [4567/4301] - verbose: [plugins/fireHook] filter:user.notificationTypes 2020-10-22T09:50:38.356Z [4567/4301] - verbose: [plugins/fireHook] filter:config.get 2020-10-22T09:50:38.359Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.buildHeader 2020-10-22T09:50:38.369Z [4567/4301] - verbose: [plugins/fireHook] action:middleware.pageView 2020-10-22T09:50:38.370Z [4567/4301] - verbose: [plugins/fireHook] response:router.page 2020-10-22T09:50:38.381Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges:isUserAllowedTo 2020-10-22T09:50:38.382Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges:isUserAllowedTo 2020-10-22T09:50:38.392Z [4567/4301] - verbose: [plugins/fireHook] filter:topic.getFields 2020-10-22T09:50:38.394Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges:isUserAllowedTo 2020-10-22T09:50:38.394Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges:isUserAllowedTo 2020-10-22T09:50:38.395Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges.topics.filter 2020-10-22T09:50:38.395Z [4567/4301] - verbose: [plugins/fireHook] filter:topic.getFields 2020-10-22T09:50:38.398Z [4567/4301] - verbose: [plugins/fireHook] filter:post.getFields 2020-10-22T09:50:38.400Z [4567/4301] - verbose: [plugins/fireHook] filter:user.whitelistFields 2020-10-22T09:50:38.403Z [4567/4301] - verbose: [plugins/fireHook] filter:user.getFields 2020-10-22T09:50:38.404Z [4567/4301] - verbose: [plugins/fireHook] filter:users.get 2020-10-22T09:50:38.405Z [4567/4301] - verbose: [plugins/fireHook] filter:parse.post 2020-10-22T09:50:38.450Z [4567/4301] - verbose: [plugins/fireHook] filter:teasers.get 2020-10-22T09:50:38.453Z [4567/4301] - verbose: [plugins/fireHook] filter:categories.build 2020-10-22T09:50:38.454Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.render 2020-10-22T09:50:38.455Z [4567/4301] - verbose: [plugins/fireHook] filter:meta.getMetaTags 2020-10-22T09:50:38.455Z [4567/4301] - verbose: [plugins/fireHook] filter:meta.getLinkTags 2020-10-22T09:50:38.461Z [4567/4301] - verbose: [plugins/fireHook] filter:widget.render:html 2020-10-22T09:50:38.469Z [4567/4301] - verbose: [plugins/fireHook] filter:user.whitelistFields 2020-10-22T09:50:38.473Z [4567/4301] - verbose: [plugins/fireHook] filter:user.whitelistFields 2020-10-22T09:50:38.476Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.renderFooter 2020-10-22T09:50:38.476Z [4567/4301] - verbose: [plugins/fireHook] filter:topics.getUnreadTids 2020-10-22T09:50:38.476Z [4567/4301] - verbose: [plugins/fireHook] filter:scripts.get 2020-10-22T09:50:38.477Z [4567/4301] - verbose: [plugins/fireHook] filter:user.getFields 2020-10-22T09:50:38.477Z [4567/4301] - verbose: [plugins/fireHook] filter:user.getFields 2020-10-22T09:50:38.478Z [4567/4301] - verbose: [plugins/fireHook] filter:users.get 2020-10-22T09:50:38.479Z [4567/4301] - verbose: [plugins/fireHook] filter:users.get 2020-10-22T09:50:38.480Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges:isUserAllowedTo 2020-10-22T09:50:38.480Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges.global.get 2020-10-22T09:50:38.484Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.renderHeader 2020-10-22T09:50:41.241Z [4567/4301] - verbose: [plugins/fireHook] static:sockets.validateSession 2020-10-22T09:50:41.288Z [4567/4301] - verbose: [middleware/autoLocale] Retrieves languages list for middleware 2020-10-22T09:50:41.294Z [4567/4301] - verbose: [plugins/fireHook] action:middleware.pageView 2020-10-22T09:50:41.294Z [4567/4301] - verbose: [plugins/fireHook] response:router.page 2020-10-22T09:50:41.299Z [4567/4301] - verbose: [plugins/fireHook] filter:login.build 2020-10-22T09:50:41.299Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.render 2020-10-22T09:50:41.300Z [4567/4301] - verbose: [plugins/fireHook] filter:meta.getMetaTags 2020-10-22T09:50:41.300Z [4567/4301] - verbose: [plugins/fireHook] filter:meta.getLinkTags 2020-10-22T09:50:41.303Z [4567/4301] - verbose: [plugins/fireHook] filter:config.get 2020-10-22T09:50:41.308Z [4567/4301] - verbose: [plugins/fireHook] filter:widget.render:html 2020-10-22T09:50:44.324Z [4567/4301] - verbose: [middleware/autoLocale] Retrieves languages list for middleware 2020-10-22T09:50:51.640Z [4567/4301] - verbose: [middleware/autoLocale] Retrieves languages list for middleware 2020-10-22T09:50:51.938Z [4567/4301] - verbose: [plugins/fireHook] filter:error.handle 2020-10-22T09:50:51.938Z [4567/4301] - error: /auth/fusionauth/callback undefined 2020-10-22T09:50:51.939Z [4567/4301] - verbose: [plugins/fireHook] filter:config.get 2020-10-22T09:50:51.939Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.buildHeader 2020-10-22T09:50:51.945Z [4567/4301] - verbose: [plugins/fireHook] filter:500.build 2020-10-22T09:50:51.945Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.render 2020-10-22T09:50:51.945Z [4567/4301] - verbose: [plugins/fireHook] filter:meta.getMetaTags 2020-10-22T09:50:51.946Z [4567/4301] - verbose: [plugins/fireHook] filter:meta.getLinkTags 2020-10-22T09:50:51.948Z [4567/4301] - verbose: [plugins/fireHook] filter:widget.render:html 2020-10-22T09:50:51.950Z [4567/4301] - verbose: [plugins/fireHook] filter:user.whitelistFields 2020-10-22T09:50:51.951Z [4567/4301] - verbose: [plugins/fireHook] filter:user.whitelistFields 2020-10-22T09:50:51.952Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.renderFooter 2020-10-22T09:50:51.952Z [4567/4301] - verbose: [plugins/fireHook] filter:topics.getUnreadTids 2020-10-22T09:50:51.952Z [4567/4301] - verbose: [plugins/fireHook] filter:scripts.get 2020-10-22T09:50:51.953Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges:isUserAllowedTo 2020-10-22T09:50:51.953Z [4567/4301] - verbose: [plugins/fireHook] filter:user.getFields 2020-10-22T09:50:51.953Z [4567/4301] - verbose: [plugins/fireHook] filter:user.getFields 2020-10-22T09:50:51.954Z [4567/4301] - verbose: [plugins/fireHook] filter:privileges.global.get 2020-10-22T09:50:51.954Z [4567/4301] - verbose: [plugins/fireHook] filter:users.get 2020-10-22T09:50:51.954Z [4567/4301] - verbose: [plugins/fireHook] filter:users.get 2020-10-22T09:50:51.955Z [4567/4301] - verbose: [plugins/fireHook] filter:middleware.renderHeader 2020-10-22T09:50:52.828Z [4567/4301] - verbose: [middleware/autoLocale] Retrieves languages list for middleware 2020-10-22T09:51:03.122Z [4567/4301] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised. 2020-10-22T09:51:03.130Z [4567/4301] - info: [app] Web server closed to connections. 2020-10-22T09:51:03.130Z [4567/4301] - info: [app] Live analytics saved. 2020-10-22T09:51:03.141Z [4567/4301] - info: [app] Database connection closed. 2020-10-22T09:51:03.141Z [4567/4301] - info: [app] Shutdown complete.
-
Hiya,
I'm a FusionAuth employee and saw this come up.
It looks like you have
nodebb-plugin-sso-oauth
installed, but from the github page, it looks like this is not a fully functioning plugin:"Please note that this is not a complete plugin, but merely a skeleton with which you can create your own OAuth SSO plugin for NodeBB (and hopefully share it with others!)"
GitHub - julianlam/nodebb-plugin-sso-oauth: NodeBB Plugin that allows users to login/register via any configured OAuth provider.
NodeBB Plugin that allows users to login/register via any configured OAuth provider. - julianlam/nodebb-plugin-sso-oauth
GitHub (github.com)
It looks like you configured
library.js
as mentioned in the github readme? Can your share those settings changes (with anything secret obscured, of course)? Just want to make sure the config is set up correctly.An alternative to try would be the fusionauth nodebb plugin, but it sounds like you really want the SSO plugin to work since you're planning to go to production against 10duke.
Cheers,
Dan -
Hi @mooreds, thanks a lot for looking into this!
The changes I've done in the code are visible in my very first post where I've linked my GitHub repo where the changes have been pushed. I think that FusionAuth just give the proper authorisation but then when the ball rolls back to nodeBB something in the plugin goes...well.. wrong.
If you can double check them that would be awesome because I'm completely stuck.Cheers, R
-
ah, sorry, I missed that you'd linked to your github repo.
Hmmm. An easy thing to troubleshoot would be to just put console.log statements throughout your plugin. That is what I would do first, as that would narrow down the area that is causing the issue.
The oauth2 endpoints look good here: https://github.com/rgigante/nodebb-plugin-sso-oauth/blob/master/library.js
But the profile information looks a bit suspect. From git blame it looks like you didn't change that.
This page documents the profile data you'll get back, so I think you need to update the profile information extraction section.
Here's how the fusionauth plugin does this: https://github.com/FusionAuth/nodebb-plugin-fusionauth-oidc/blob/master/library.js#L91
Cheers!
-
I don't know exactly what your end goal is, and how you will interface with 10duke, but I will note - in case it wasn't understood, you don't have to use FusionAuth to use the FusionAuth NodeBB OIDC plugin.
We chose to use NodeBB for the FusionAuth community forum, and we wanted to contribute our work back to the NodeBB community... and because we wanted our users to login using FusionAuth.
We started with the plugin that @julian published, and just extended it a bit, added OIDC features and made the configuration available in the NodeBB UI. There isn't anything in the code that is unique or custom for FusionAuth.
It should work with any OAuth2/OIDC IdP, if you find that it does not, open a bug and we'll be happy to fix it for you! This is sort of our specialty! https://github.com/FusionAuth/nodebb-plugin-fusionauth-oidc
As @julian mentioned - w/out a bit more debug, hard to say what is happening. It would be nice to know what module is logging the error:
2020-10-22T09:50:51.938Z [4567/4301] - error: /auth/fusionauth/callback undefined
-
What I will say is that the sso-oauth plugin, as @mooreds mentioned, is not meant to be complete, there's a bit of customizing that needs to be done before you can use it.
What it should do out of the box once you enter your IDs and keys in the code (ideally not in the code, but using env vars)... is send you to the authentication endpoint, and bounce you back to NodeBB, where you should get a pre-defined error message saying "this is as far as this plugin will go":
nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth
NodeBB Plugin that allows users to login/register via any configured OAuth provider. - nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth
GitHub (github.com)
-
@julian said in Oauth and FusionAuth - undefined callback url:
nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth
NodeBB Plugin that allows users to login/register via any configured OAuth provider. - nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth
GitHub (github.com)
This gave me an idea...
@KnickKnack in your version of the plugin - can you just print out what the
data
value is that is passed into theOAuth.parseUserReturn
?Looks like you can just un-comment this line:
https://github.com/rgigante/nodebb-plugin-sso-oauth/blob/3781e63994869db1c0f7b6d4bc3eb7ff135ee2a4/library.js#L175The UserInfo response in OIDC (which is what FusionAuth will be returning) will looks like this:
{ "applicationId": "90c2fca8-d6b3-4af4-9a70-25cfde3f237f", "email": "[email protected]", "name" : "John Doe", "roles": [ "role 1", "role 2" ], "sub": "6ad9fa59-dee2-475b-861b-43d7cb75b899" }
This can vary depending upon your user, etc. See more here: UserInfo endpoint
If you're not getting to this point, then the callback is not being handled and it has not yet exchanged the auth code for the token and you're likely failing in the main strategy.
passport-oauth2/lib/strategy.js at master · jaredhanson/passport-oauth2
OAuth 2.0 authentication strategy for Passport and Node.js. - passport-oauth2/lib/strategy.js at master · jaredhanson/passport-oauth2
GitHub (github.com)
-
Thanks a lot everybody for the contributions to this discussion!
Your recommendations were all useful to better understanding the plugin and finally realise a prototype against 10Duke.
Cheers, R