XF 2.3 SSO token do_not_have_permission

W

WebDevMET

New member
Hello, I recently installed and started setting up a forum to supplement our training classes. We have an LMS provider for our online-portion that offers single sign on. Myself and one of the techs from that service tried for a while to connect our XF to them and just couldn't quite get it working. I'm fairly new at this stuff so definitely need a bit of a nudge in the right direction.

I looked for a while here trying to find if anyone had/solved this issue and couldn't, so feel free to direct me to somewhere if I did miss it.

Matching up all the required info in the fields in the admin panel and the LMS site, we got as far as getting to the authorization page but once you click authorize you hit an error 500 page.

Trying to run this:

grant_type:authorization_code
code:XXXXXXXXXXXXXXXXXXXXXXXX (I'm assuming best to leave all the actual numbers hidden)
redirect_uri:https://localhost:XXXXX/signin-sb
client_id:XXXXXXXXXXXXXXXXXXX
client_secret:XXXXXXXXXXXXXXXXXXXX

gets us to (https://ourxf2forum.com/api/oauth2/token) and displays the following:

{
"errors": [{
"code": "do_not_have_permission",
"message": "You do not have permission to view this page or perform this action.",
"params": []
}]
}

Do I need to set up an API between them as well to make it work? I'm just trying to figure out why it would be failing, presumably due to these permissions?

Thank you.
 
Sort by date Sort by votes
Your post is confusing (to me), but as far as I understand your question you are trying to setup a 3rd party service ("LMS Provider") to act as an OAuth2 Client for XenForo.

500 is an internal server error, this could be anything - find out which error happens exactly, this should be logged somewhere and somebody familiar with the 3rd party system(s) should be able to tell you where to find that.

You first need the redirect URLs from that 3rd party service.

Afterwards setup an OAuth2 client (most likely client type Confidential) in XenForo.

When you've done this, take the Authorization, Token and Token recovation endpoint URLs as well as Client ID and Client secret and configure those at that 3rd party service.

That's it basically.

If you are developing a new client you might find this thread somewhat useful:
B

XF 2.3 Thread 'XenForo OAuth troubleshooting help needed MediaWiki'

I'm new to XenForo; our whole forum is moving to XenForo from vBulletin in the next few weeks. We have run into a problem with OAuth talking to MediaWiki. So, after a lot of debugging and troubleshooting, I tried a different solution, using WordPress as an OAuth client and XenForo as the OAuth provider. I end up with the same problem. Data is not being sent back to MediaWiki or WordPress. I also tested via curl and Postman; all results were the same.

I'm trying to find a few things.
1) Any logs related to OAuth on XenForo
2) Is there a further configuration outside of the OAuth that I...
  • Like
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom