Solaris it's hard to give advice based on just that. Can you maybe share a screenshot of your settings in Flarum (with tokens redacted) ? Did you assign the client to a valid Laravel user when creating it (ID 1 likely?)
FoF passport, the Laravel passport oauth extension
clarkwinkelmann Yes, I assigned it to valid user 1. Then created the second user and tested Client app with him. Still, no luck =/
5 days later
- Edited
Just figured out what is going wrong with the request. My specifications of redirect url are correct but flagrow passport first request to the oauth/authorize misses a part of it;
/authorize?approval_prompt=auto&client_id=3&redirect_uri=https%3A%2F%2Fquarks.app%2Fauth%2Fpassport
I didn't notice it at first. But my app url includes /uk/. As in config.php: 'url' => 'https://quarks.app/uk'
Not sure which method grabs url but it doesn't work with my current nginx rewriting rule.
upd. I created PR for it. As it was already fixed for facebook and twitter with url generator. Now works fine.
clarkwinkelmann changed the title to FoF passport, the Laravel passport oauth extension .
- Edited
Version 0.3.0 released with the fix for subfolder installs and a new option to customize the icon of the login button. Incidentally, the default icon was no longer visible since multiple betas because the name had not been updated for FontAwesome 5.
This update also brings Passport into FriendsOfFlarum.
The update is beta 12+ only because I updated the Zend namespaces to Laminas.
Updating from Flagrow
This extension replaces Flagrow Passport.
To upgrade from the old extension to the new one:
Backup your data!
Disable the Passport extension in the admin panel.
Run:
composer require fof/passportComposer should let you know that flagrow/passport has been automatically removed.
Enable the new extension in the admin panel.
Your existing settings will be migrated to FoF Passport automatically.
You should be good to go! All URLs stay the same.
8 days later
Hello,
Hope you're doing well. I decided to play around with custom OAuth server built with Django. I've managed to integrate it with FoF Passport but noticed some strange behavior which is might not be a bug but I'd appreciate your help.
- Trying to log in with newly registered (OAuth server side resource) users after authorization FoF extension authenticated some users from Flarum database. So that for every resource user token there were assigned flarum user (but with different email and username).
- After cleaning access tokens and users on both sides it began to work normally. So my guess it was either tokens or ID.
I've looked through extension source code but I'm lacking php skills to understand why FoF passport needs user ID from JSON response in the first place and how it utilizes it. Could it be the issue that users with same ID where wrongly connected?
Solaris it does standardise these three into methods, but they aren't used in Flarum to authorize: see https://github.com/FriendsOfFlarum/passport/blob/b7f31082736542984734f4169d3c4fc081eb17e7/src/Controllers/PassportController.php#L92
It only uses the email address to set up Registration/Log in.
3 months later
I am currently trying to get this to work on NextClouds OAuth2, but I cannot figure it out.
What do I have to enter when there's the /api/user information?
a month later
- Edited
Hello. I'm trying to integrate this fof/passport with a Django based authentication provider (Django OAuth Toolkit).
Apparently, I'm stuck at the final step: getting information from the user, which should be done through the "Api URL providing user details".
I cannot figure out how this information should be provided. Apparently, the authorization provider should yield some JSON data about the user, but the client of the HTTP request (Flarum) does not pass any authorization detail (such as an access token) when it performs the API request to get user info. How can the authentication server know what user the request is about, from the "blank" HTTP request it gets?
2 months later
LucaAllulli Not sure if it is still an issue for you. But you can DM me and I'll explain this. Extension works just fine. There's a final step requires to code your own endpoint for it.
- Edited
Sorry for the late reply for the last few questions. The best way to know exactly what URL and other parameters you need is to check out the source code of this extension as well as the documentation for the league oauth2 library that's used behind the scenes.
This extension's oauth provider basically just extends League's AbstractProvider by using the provided URL for getResourceOwnerDetailsUrl. We also use the BearerAuthorizationTrait trait that sends the token as part of an Authorization: Bearer token header, like Laravel's Passport does.
The expected response type is JSON. We're not using the ACCESS_TOKEN_RESOURCE_OWNER_ID feature of League's oauth package. Maybe we should, but while the ID is stored it's not actually used by Flarum later on at this point. The important bit is that we access the email and name attributes of the JSON object via ResourceOwner. We also trigger an event that could be used to alter the response in case your JSON object doesn't match what this extension expects. It's very likely that name isn't actually used by Flarum, so that basically leaves only email that's really required.
If your oauth system doesn't work with this extension, it should be quite easy to fork it, then customize the oauth provider and/or resourceowner code.
I hope this clarifies things.
a month later
- Edited
Can someone help me understand the utility of this package? What does it allow me to accomplish that core does not?
A separate question, can this be added to an existing forum, or would it mess up the login for existing users?
This passport extension is a generic oauth 2 client that allows users to log in with credentials from another website that has an oauth2 server. This is exceptionally useful if you own the other website and are able to add oauth 2 server capabilities there; for Laravel a package exists that offers that functionality which is named passport, hence the name of this extension.
You should be able to use this with existing users just fine.
luceos Gotcha, that makes sense. So as an example, if T-Mobile wants to use Flarum as a discussion community, they can have people logged into their website automatically logged into the forum when they go to discuss.tmobile.com (assuming they use oauth 2).
cmwetherell almost. They can't log in automatically; they would still need to click a button (log in with your t-mobile account) and then be directed to the t-mobile website (or auth platform), log in if they haven't and then be redirected to the forum to be automatically logged in. Only with some settings of the oauth 2 server and already being logged in there might give the impression of full automatic log in.
24 days later
0.4.0
- beta 14 ready
a month later
- Edited
Thank you for the update, but the following raw error appears in the HTML when attempting to enter the forum. Testing FreeFlarum beta.14 update. Any clue what might be wrong?
Flarum encountered a boot error (FastRoute\BadRouteException)
Static route "/auth/passport" is shadowed by previously defined variable route "/auth/([^/]+)" for method "GET"
thrown in /app/vendor/nikic/fast-route/src/DataGenerator/RegexBasedAbstract.php on line 64
FastRoute\BadRouteException: Static route "/auth/passport" is shadowed by previously defined variable route "/auth/([^/]+)" for method "GET" in /app/vendor/nikic/fast-route/src/DataGenerator/RegexBasedAbstract.php:64
Stack trace:
#0 /app/vendor/nikic/fast-route/src/DataGenerator/RegexBasedAbstract.php(18): FastRoute\DataGenerator\RegexBasedAbstract->addStaticRoute('GET', Array, Object(Closure))
#1 /app/vendor/flarum/core/src/Http/RouteCollection.php(69): FastRoute\DataGenerator\RegexBasedAbstract->addRoute('GET', Array, Object(Closure))
#2 /app/vendor/flarum/core/src/Extend/Routes.php(82): Flarum\Http\RouteCollection->addRoute('GET', '/auth/passport', 'auth.passport', Object(Closure))
#3 /app/vendor/illuminate/container/Container.php(1102): Flarum\Extend\Routes->Flarum\Extend\{closure}(Object(Flarum\Http\RouteCollection), Object(Illuminate\Container\Container))
#4 /app/vendor/illuminate/container/Container.php(1048): Illuminate\Container\Container->fireCallbackArray(Object(Flarum\Http\RouteCollection), Array)
#5 /app/vendor/illuminate/container/Container.php(701): Illuminate\Container\Container->fireResolvingCallbacks('flarum.forum.ro...', Object(Flarum\Http\RouteCollection))
#6 /app/vendor/illuminate/container/Container.php(629): Illuminate\Container\Container->resolve('flarum.forum.ro...', Array)
#7 /app/vendor/flarum/core/src/Forum/ForumServiceProvider.php(45): Illuminate\Container\Container->make('flarum.forum.ro...')
#8 /app/vendor/illuminate/container/Container.php(690): Flarum\Forum\ForumServiceProvider->Flarum\Forum\{closure}(Object(Flarum\Http\UrlGenerator), Object(Illuminate\Container\Container))
#9 /app/vendor/illuminate/container/Container.php(629): Illuminate\Container\Container->resolve('Flarum\\Http\\Url...', Array)
#10 /app/vendor/flarum/core/src/Frontend/FrontendServiceProvider.php(70): Illuminate\Container\Container->make('Flarum\\Http\\Url...')
#11 /app/vendor/illuminate/container/BoundMethod.php(36): Flarum\Frontend\FrontendServiceProvider->boot()
#12 /app/vendor/illuminate/container/Util.php(37): Illuminate\Container\BoundMethod::Illuminate\Container\{closure}()
#13 /app/vendor/illuminate/container/BoundMethod.php(93): Illuminate\Container\Util::unwrapIfClosure(Object(Closure))
#14 /app/vendor/illuminate/container/BoundMethod.php(37): Illuminate\Container\BoundMethod::callBoundMethod(Object(Illuminate\Container\Container), Array, Object(Closure))
#15 /app/vendor/illuminate/container/Container.php(590): Illuminate\Container\BoundMethod::call(Object(Illuminate\Container\Container), Array, Array, NULL)
#16 /app/vendor/flarum/core/src/Foundation/Application.php(327): Illuminate\Container\Container->call(Array)
#17 /app/vendor/flarum/core/src/Foundation/Application.php(310): Flarum\Foundation\Application->bootProvider(Object(Flarum\Frontend\FrontendServiceProvider))
#18 [internal function]: Flarum\Foundation\Application->Flarum\Foundation\{closure}(Object(Flarum\Frontend\FrontendServiceProvider), 12)
#19 /app/vendor/flarum/core/src/Foundation/Application.php(311): array_walk(Array, Object(Closure))
#20 /app/vendor/flarum/core/src/Foundation/InstalledSite.php(148): Flarum\Foundation\Application->boot()
#21 /app/vendor/flarum/core/src/Foundation/InstalledSite.php(81): Flarum\Foundation\InstalledSite->bootLaravel()
#22 /app/vendor/flarum/core/src/Http/Server.php(56): Flarum\Foundation\InstalledSite->bootApp()
#23 /app/vendor/flarum/core/src/Http/Server.php(33): Flarum\Http\Server->safelyBootAndGetHandler()
#24 /app/public/index.php(22): Flarum\Http\Server->listen()
#25 {main}Flarum core 0.1.0-beta.14.1
PHP version: 7.2.24-0ubuntu0.18.04.7
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, pcntl, Reflection, SPL, sodium, session, standard, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, json, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcache
+-------------------------------------+------------------+--------+
| Flarum Extensions | | |
+-------------------------------------+------------------+--------+
| ID | Version | Commit |
+-------------------------------------+------------------+--------+
| flarum-approval | v0.1.0-beta.14 | |
| flarum-bbcode | v0.1.0-beta.12 | |
| flarum-emoji | v0.1.0-beta.14 | |
| flarum-lang-english | v0.1.0-beta.14.1 | |
| flarum-flags | v0.1.0-beta.14.1 | |
| flarum-likes | v0.1.0-beta.14 | |
| flarum-lock | v0.1.0-beta.14 | |
| flarum-markdown | v0.1.0-beta.14 | |
| flarum-mentions | v0.1.0-beta.14 | |
| flarum-statistics | v0.1.0-beta.14 | |
| flarum-sticky | v0.1.0-beta.14 | |
| flarum-subscriptions | v0.1.0-beta.14 | |
| flarum-suspend | v0.1.0-beta.14 | |
| fof-sitemap | 0.5.4 | |
| migratetoflarum-canonical | 0.2.2 | |
| clarkwinkelmann-author-change | 0.2.1 | |
| clarkwinkelmann-create-user-modal | 1.1.0 | |
| madnest-lang-czech | v0.1.0-beta.14.1 | |
| clarkwinkelmann-emojionearea | 0.3.0 | |
| fof-doorman | 0.2.0 | |
| askvortsov-moderator-warnings | v0.3.2 | |
| fof-analytics | 0.10.1 | |
| fof-bbcode-details | 0.1.0 | |
| fof-ban-ips | 0.3.0 | |
| kakifrucht-de | 0.13.1 | |
| michaelbelgium-discussion-views | v5.0.0 | |
| flarum-embed | v0.1.0-beta.14 | |
| fof-best-answer | 0.2.0 | |
| fof-default-group | 0.2.0 | |
| fof-default-user-preferences | 0.2.0 | |
| fof-drafts | 0.2.1 | |
| fof-filter | 0.1.0-beta.3 | |
| fof-upload | 0.11.2 | |
| clarkwinkelmann-first-post-approval | 0.1.2 | |
| flarum-tags | v0.1.0-beta.14 | |
| askvortsov-categories | v1.1.0 | |
| fof-byobu | 0.6.0-beta.2 | |
| fof-formatting | 0.2.0 | |
| fof-forum-statistics-widget | 0.3.0 | |
| fof-linguist | 0.4.4 | |
| customworld-lang-slovak | v1.5.2 | |
| tiu-ram0n-brazilian-portuguese | 1.1.22 | |
| neercsys-lang-bosanski | v0.14 | |
| neercsys-bosanski | v0.37 | |
| fof-links | 0.4.2 | |
| fof-mason | 0.4.2 | |
| fof-masquerade | 0.3.5 | |
| fof-merge-discussions | 0.4.0 | |
| fof-nightmode | 0.6.0 | |
| fof-oauth | 0.1.0 | |
| fof-pages | 0.5.0 | |
+-------------------------------------+------------------+--------+I have removed passport because of this issue (I used latest version - 0.4.0).
SKevo the issue is being discussed here FriendsOfFlarum/oauth9