[TH] OAuth Integration 1.0.1

[Jake B.]

Thanks guys. One question for @mattrogowski. Is the bare minimum scope user:read in order for us to authenticate them and grab their userid and username?

Yeah, I believe that should work. All API endpoints and scopes are stock XenForo, this add-on doesn't change anything with that

Also is it possible to confirm what the token url is,

/api/audapi-oauth2/token

isn't working for me as suggested earlier

Can you elaborate on what you mean when you say it "ins't working"? Is there an error message or anything? That is the correct endpoint, so it should work

 

[churningwallet]

Could this work to allow those who are logged in to my XF cloud site to also authenticate to a bookstack wiki server I host?

 

[KensonPlays]

Would this allow me to integrate with a service from a company a friend and I are building? He's the coder, not me. But we do plan on our own login system between the multiple sites.

 

[mattrogowski]

Could this work to allow those who are logged in to my XF cloud site to also authenticate to a bookstack wiki server I host?

It would need an integration on the Wiki itself, but it would allow the forum to be an OAuth provider, yes.

Would this allow me to integrate with a service from a company a friend and I are building? He's the coder, not me. But we do plan on our own login system between the multiple sites.

Very hard to say with such limited information, it would depend entirely on how the system was actually structured and where the source of truth for users was, i.e. where the central account is stored that you use to log in to the other services with. If the actual user is stored elsewhere then you'd need a connected account provider for XenForo rather than using XenForo as the provider.

 

[churningwallet]

Hmmm the wiki itself doesn't support general oauth i dont think.

Third Party Authentication · BookStack

Enabling and configuring third-party authentication for easier logins

www.bookstackapp.com

OpenID Connect Authentication · BookStack

How to use an OpenID Connect identity provider as your primary way to access BookStack

www.bookstackapp.com

LDAP Authentication · BookStack

How to use LDAP as your primary way to register and login to BookStack

www.bookstackapp.com

SAML 2.0 Authentication · BookStack

How to use SAML2 as an authentication option in BookStack

www.bookstackapp.com

 

[KensonPlays]

you'd need a connected account provider for XenForo

Yea I'd likely need that then, thanks.

 

[Ciaran Baker]

First of all, I’d like to say thank you for creating this add-on, I’ve been searching for something like this for months.

At first I was rather confused due to the lack of documentation, however after a few hours of trial and error and reading through the source code I managed to figure it out.

Is there a way for users to view their authorisations and revoke them? I feel as though this could become a security/privacy issue.

 

[Sprisa]

Anyone had any luck with it? Since there werent documentation for it

 

[mattrogowski]

What are you having trouble with?

 

[Sprisa]

What are you having trouble with?

generally getting it to work

 

[Sprisa]

I'm trying to add xenforo to Auth.js but its just confusing me since I havent made OAuth into something before and without docs I dont really know how it works etc.

 

[mattrogowski]

The only thing you should really need is the Client ID and Client secret when setting up the application, and the OAuth endpoint URLs:

Authorization: /audapi/oauth2/authorize
Token: /api/audapi-oauth2/token

 

[Sprisa]

The only thing you should really need is the Client ID and Client secret when setting up the application, and the OAuth endpoint URLs:

Authorization: /audapi/oauth2/authorize
Token: /api/audapi-oauth2/token

So like this?

 

[mattrogowski]

Looks about right as far as I can tell from that yes.

 

[Sprisa]

Looks about right as far as I can tell from that yes.

Great!

 

[Sprisa]

Looks about right as far as I can tell from that yes.

What all data does it return by the way?

 

[mattrogowski]

It doesn't return anything other than the token, you'd use it to make requests to XenForo's API with Bearer token authentication.

 

[Sprisa]

It doesn't return anything other than the token, you'd use it to make requests to XenForo's API with Bearer token authentication.

Ah, and the token is just "token" in the response?

 

[mattrogowski]

Ah, and the token is just "token" in the response?

It might be called access_token, but it's the standard OAuth response so any library you're using will handle it. It should provide you with the token, which you'd then use in calls to XenForo's API.

 

[Sprisa]

It might be called access_token, but it's the standard OAuth response so any library you're using will handle it. It should provide you with the token, which you'd then use in calls to XenForo's API.

Can't find the openid scope