Posts made by robotdan

robotdan

@julian said in Oauth and FusionAuth - undefined callback url:

nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth

NodeBB Plugin that allows users to login/register via any configured OAuth provider. - nodebb-plugin-sso-oauth/library.js at master · julianlam/nodebb-plugin-sso-oauth

GitHub (github.com)

This gave me an idea...

@KnickKnack in your version of the plugin - can you just print out what the data value is that is passed into the OAuth.parseUserReturn?

Looks like you can just un-comment this line:
https://github.com/rgigante/nodebb-plugin-sso-oauth/blob/3781e63994869db1c0f7b6d4bc3eb7ff135ee2a4/library.js#L175

The UserInfo response in OIDC (which is what FusionAuth will be returning) will looks like this:

{
  "applicationId": "90c2fca8-d6b3-4af4-9a70-25cfde3f237f",
  "email": "[email protected]",
  "name" : "John Doe",
  "roles": [ "role 1", "role 2" ],
  "sub": "6ad9fa59-dee2-475b-861b-43d7cb75b899"
}

This can vary depending upon your user, etc. See more here: UserInfo endpoint

If you're not getting to this point, then the callback is not being handled and it has not yet exchanged the auth code for the token and you're likely failing in the main strategy.

passport-oauth2/lib/strategy.js at master · jaredhanson/passport-oauth2

OAuth 2.0 authentication strategy for Passport and Node.js. - passport-oauth2/lib/strategy.js at master · jaredhanson/passport-oauth2

GitHub (github.com)

robotdan

I don't know exactly what your end goal is, and how you will interface with 10duke, but I will note - in case it wasn't understood, you don't have to use FusionAuth to use the FusionAuth NodeBB OIDC plugin.

We chose to use NodeBB for the FusionAuth community forum, and we wanted to contribute our work back to the NodeBB community... and because we wanted our users to login using FusionAuth.

We started with the plugin that @julian published, and just extended it a bit, added OIDC features and made the configuration available in the NodeBB UI. There isn't anything in the code that is unique or custom for FusionAuth.

It should work with any OAuth2/OIDC IdP, if you find that it does not, open a bug and we'll be happy to fix it for you! This is sort of our specialty! https://github.com/FusionAuth/nodebb-plugin-fusionauth-oidc

As @julian mentioned - w/out a bit more debug, hard to say what is happening. It would be nice to know what module is logging the error:

2020-10-22T09:50:51.938Z [4567/4301] - error: /auth/fusionauth/callback
undefined

robotdan

As far as I know there is not an official plugin yet to support OpenID Connect in NodeBB.

If anyone is still looking for a work-able OpenID Connection option, we've built one for production usage but it should work with any OpenID Connect identity provider.

Supports discovery using the .well-known/openid-configuration URL
Supports configurable email claim, defaults to email
Supports Logout URL
Optionally map roles by a named claim provided in the Userinfo endpoint response
Documented option to bypass the default login panel

Feel free to open an issue if you find it is missing anything.
https://github.com/FusionAuth/nodebb-plugin-fusionauth-oidc

robotdan

We've built an OpenID Connect plugin that supports discovery, configurable email claim name, role mapping and logout URL. There is some decent configuration details on the README.

GitHub - FusionAuth/nodebb-plugin-fusionauth-oidc: NodeBB Plugin that allows users to login/register via any configured OAuth provider.

NodeBB Plugin that allows users to login/register via any configured OAuth provider. - FusionAuth/nodebb-plugin-fusionauth-oidc

GitHub (github.com)

It should work with any OpenID Connect IdP - @Alexkin-Sky-Walker feel free to open an issue if something doesn't work for you.