HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

oAuth 2 - 404 when redirected back to forum

Hello,

I signed up with Okta with intent of being my own authentication provider for several services.

Using Oauth2 SSO Plugin I set up the details provided to me by Okta.

Watching the network monitor in chrome I can see that all my connections to Okta OAuth Service seem OK. I get 302'd a couple times back to the forum, with a final url like myforum.com/index.php?p=/entry/oauth2&code=blabla

However, as I land back on my forum, and I can see from my okta account that the authentication was successful, my forum itself just says

HTTP Error communicating Code: 404

I can see that the 404 is to my forum itself, there's no 404 to any external service.

Not sure what's not configured right here..?

Best

Roboko.

Tagged:

Comments

  • KasparKaspar Moderator

    Pretty url are not enabled

    I don't know whether it does anything in the above case.

  • Hey, thank you.


    After fiddling with .htaccess for a while I can now access my forum via /discussions instead of getting 404. However, I could not find a line like $Configuration['Garden']['RewriteUrls'] = false; to delete.


    My forum still defaults to url's like /index.php?p?= .... is there any other config i must change to enable this?

  • PS I tried signing in with oAuth2 again. This time I don't get a 404, but I get a red error box with 'UniqueID required'. I tried searching the forum and there is mention of enabling curl.


    curl - V gives

    curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3

    Release-Date: 2018-01-24

    Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp

    Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL


    suggesting to me it's installed. Any other ideas?

  • KasparKaspar Moderator

    Enabled for/in PhP?

  • I explicitly set

    $Configuration['Garden']['RewriteUrls'] = true;

    in config.php and now pretty urls work.


    Still getting the UniqueID error though. Feeling a bit mystified by this one.

  • RobokoRoboko New
    edited July 2019

    Uncommented curl from /etc/php/7.1/apache2/php.ini along with /etc/php/7.1/cli/php.ini

    For reference, I've added phpinfo file so you can see what is enabled, in case I am missing something:-

    https://forum.kokoro.academy/phpinfo.php

  • When I was messing around, I wondered if the UniqueID error had anything to do with UserID field setting in the oAuth plugin.

    I could not spot on okta oauth provider an id attribute for users. However I went snooping through json response when viewing my profile in browser's network inspector. Spotted a field called id and used that. Still the same error about UniqueID.

    Stupidly, I did not note what the field was set to by default. If you happen to know what this field should be by default would appreciate it if you told me. Sorry about that.

  • R_JR_J Admin

    You are on the right track. The UniqueID is the UserID.

    The plugin shows "user_id" by default, but you need to know which fieldname okta is using.

  • Coming back to this to have another go.


    I can see from Okta documentation that the standard response looks like this:-

    {
      "id": "00ub0oNGTSWTBKOLGLNR",
      "status": "STAGED",
      "created": "2013-07-02T21:36:25.344Z",
      "activated": null,
      "statusChanged": null,
      "lastLogin": null,
      "lastUpdated": "2013-07-02T21:36:25.344Z",
      "passwordChanged": null,
      "profile": {
        "firstName": "Isaac",
        "lastName": "Brock",
        "email": "isaac.brock@example.com",
        "login": "isaac.brock@example.com",
        "mobilePhone": "555-415-1337"
      },
      "credentials": {
        "provider": {
          "type": "OKTA",
          "name": "OKTA"
        }
      },
      "_links": {
        "activate": {
          "href": "https://dev-270663.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
        }
      }
    }
    

    What I notice is that, id key is just in this general overall array, whilst firstName, lastName is under a profile array.

    I'm not sure how oAuth plugin works in Vanilla Forums - Because the labels just say "The Key in the JSON array" for each field.. Is it perhaps only looking at the profile json array as that's where the other fields like firstName, lastName etc are?

Sign In or Register to comment.