Resource icon

[TH] OAuth Integration 1.0.1

No permission to download
Overview History Discussion
Looks like whatever library you’re using is requesting a scope that doesn’t exist, this isn’t an OpenID implementation so there is no openid scope.
 
Sprisa said:
Can't find the openid scope
View attachment 292056
Click to expand...
To resolve this issue, you can take one of the following approaches:
  1. Hardcode the scopes in the params object like this:
    1. JavaScript: 
      authorization: {  url: "https://<your_xf_forum_domain>/audapi/oauth2/authorize",  params: { scope: "user:read thread:read etc:etc" }}
  2. Allow NextAuth to use all the scopes enabled in your OAuth2 Client setup for this addon during the authorization process by leaving the scopes property in the params object as an empty string:
    1. JavaScript: 
      authorization: {  url: "https://<your_xf_forum_domain>/audapi/oauth2/authorize",  params: { scope: "" }}
However, I haven't yet found a solution to make this work beyond the authorization stage of the OAuth2 workflow. I'm encountering a 401 unauthorized error as soon as it redirects back to my Next.js app. Does anyone have any insights on how to resolve this issue with NextAuth.js?
 
Last edited:
W35K3R said:
To resolve this issue, you can take one of the following approaches:
  1. Hardcode the scopes in the params object like this:
    1. JavaScript: 
      authorization: {  url: "https://<your_xf_forum_domain>/audapi/oauth2/authorize",  params: { scope: "user:read thread:read etc:etc" }}
  2. Allow NextAuth to use all the scopes enabled in your OAuth2 Client setup for this addon during the authorization process by leaving the scopes property in the params object as an empty string:
    1. JavaScript: 
      authorization: {  url: "https://<your_xf_forum_domain>/audapi/oauth2/authorize",  params: { scope: "" }}
However, I haven't yet found a solution to make this work beyond the authorization stage of the OAuth2 workflow. I'm encountering a 401 unauthorized error as soon as it redirects back to my Next.js app. Does anyone have any insights on how to resolve this issue with NextAuth.js?
Click to expand...
Just got back to this old project. Can't go past it. Hopefully the native OAuth api will fix it
 
Not sure what you mean, are you referring to the ability to use XenForo as an OAuth server in 2.3? From what's been covered about that you'll still need to send scopes. Either way, the issues you had here were entirely due to the client library you're using, so you'll likely continue having the same issues.
 
mattrogowski said:
Not sure what you mean, are you referring to the ability to use XenForo as an OAuth server in 2.3? From what's been covered about that you'll still need to send scopes. Either way, the issues you had here were entirely due to the client library you're using, so you'll likely continue having the same issues.
Click to expand...
I'm finally able to send scopes, with the suggestion @W35K3R gave earlier. It's that I still get 401 everywhere. The xenforo's native oauth will also probably be better documented so I might have a better chance than navigating trough php code as a javascript developer.
 
What step is throwing the 401? I'm not sure what else you would like us to document as OAuth is an open standard so every implementation works the same way by definition. Aside from the endpoint URLs, there's nothing specific for us to document that's unique to this addon.
 
mattrogowski said:
What step is throwing the 401? I'm not sure what else you would like us to document as OAuth is an open standard so every implementation works the same way by definition. Aside from the endpoint URLs, there's nothing specific for us to document that's unique to this addon.
Click to expand...
Callback is throwing 401
 
Is there a specific error message as well as the status code? There should be a message explaining the error too.
 
The issue is likely that when you call the user info endpoint (i.e. /api/me), you need to pass through the XenForo API key header too. That would need to be implemented into the library as the API calls are all standard XenForo, this addon just gives you the OAuth token aspect.

Actually that might not be the case - if you can clarify if there's a specific error message, that might make it clearer what the issue is.
 
Last edited:
If it helps, check to make sure the client credentials are being sent in the Body, not the Header. For example the miniOrange OAuth Client WordPress plugin has this option:

1701824947770.webp

If this is set to Header it doesn't work. See if your library has a similar option and make sure it's set to Body.
 
Sprisa said:
Callback is throwing 401
Click to expand...

What "callback"? Is there a specific XF endpoint you're using? There should be an error message to go with it. Not really much we can provide if we're given no details on the issue, sadly.

Best guess would be if you're using Apache it will sometimes eat the Authorization header in certain configurations, there is a line in the default XenForo .htaccess file that you can uncomment to resolve this, nothing to do with this add-on, just a server configuration problem.

The line you can try to uncomment is below:
Code: 
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 
Jake B. said:
What "callback"? Is there a specific XF endpoint you're using? There should be an error message to go with it. Not really much we can provide if we're given no details on the issue, sadly.

Best guess would be if you're using Apache it will sometimes eat the Authorization header in certain configurations, there is a line in the default XenForo .htaccess file that you can uncomment to resolve this, nothing to do with this add-on, just a server configuration problem.

The line you can try to uncomment is below:
Code: 
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Click to expand...
I'm using nginx, and it didn't return anything other than 401 Unauthorized
 
It should definitely be returning a message string in the response body too, log out the full response and it should be there. Also check my previous post about how your library is sending the credentials to get the token. Ultimately there's not a lot we can do if we have no idea what the client library you're using is doing and how it's formatting the requests, or what the error message received is.
 
mattrogowski said:
It should definitely be returning a message string in the response body too, log out the full response and it should be there. Also check my previous post about how your library is sending the credentials to get the token. Ultimately there's not a lot we can do if we have no idea what your client library you're using is doing and how it's formatting the requests, or what the error message received is.
Click to expand...
Do you know of any other libraries?
 
@Sprisa, my developer buddy figured out how to make this work with NextAuth. I'll generalize the custom provider code he created, and I'll get back to you on this as soon as I can. In the meantime, and if you haven't already done so, can you post what you have set up for the XenForo OAuth2 provider in regards to this add-on for your project? @mattrogowski, the add-on is not the issue; rather, there's a peculiar workflow implementation with NextAuth that has to be done a certain way to get the two to work together. You'd think they'd make this easy to integrate with custom OAuth2 providers lol, but it's never that easy, unfortunately :(
 
Last edited:
W35K3R said:
@Sprisa, my developer buddy figured out how to make this work with NextAuth. I'll generalize the custom provider code he created, and I'll get back to you on this as soon as I can. In the meantime, and if you haven't already done so, can you post what you have set up for the XenForo OAuth2 provider in regards to this add-on for your project? @mattrogowski, the add-on is not the issue; rather, there's a peculiar workflow implementation with NextAuth that has to be done a certain way to get the two to work together. You'd think they'd make this easy to integrate with custom OAuth2 providers lol, but it's never that easy, unfortunately :(
Click to expand...
Oh great! Is it still working?
 
You must log in or register to reply here.

Similar threads

Foxtrek_64
Add-on Generic OAuth2 Client Provider
Replies
0
Views
264
Foxtrek_64
Foxtrek_64
Chernabog
  • Question Question
XF 2.2 oAUTH for registration??
Replies
2
Views
339
Chernabog
Chernabog
Ozzy47
[OzzModz] Profile Post Pin [Paid]
Replies
2
Views
187
Ozzy47
Ozzy47
SpecialK
  • Solved
XF 2.2 Best way to handle forced login via connected account?
Replies
8
Views
740
mattrogowski
mattrogowski
Ozzy47
[OzzModz] XFRM: Resource Banner [Paid]
Replies
1
Views
200
Ozzy47
Ozzy47
Top Bottom