FoF passport, the Laravel passport oauth extension

jordanjay29

Brightside56 You mean Laravel Passport? That's Laravel's, not luceos'.

clarkwinkelmann

ceerker is the redirect url on the exact same domain you used to open Flarum (clicking login from no-www and being redirected to www subdomain could cause this for example I believe)

clarkwinkelmann

ceerker I don't know if it is the case, but suppose you go to https://indieclub.one, click the login inside Flarum, get redirected to account.indieclub.one for login, and then get redirected to https://www.indieclub.one, this could cause an error like the one you have.

If you have setup canonical urls correctly (I suppose you have) it should always redirect to www so this wouldn't be possible.

luceos

Invalid state is often caused by a misconfiguration, it's hard to tell without any additional information ceerker

luceos

ceerker OAuth authorization url | https://account.indieclub.one/auth/indieClubONE

Is this a redirect? Can you try using the exact non redirected url?

clarkwinkelmann

If you want to sync data between Laravel and Flarum, you'll have to implement your own logic. An easy solution would be to disallow password or email change on Flarum side (I don't think this extension does it, it requires some additional Flarum code). Then when it's edited in the Laravel app, just do an API call from Laravel to Flarum with an API Key to update the user's details. If you only use Passport for login, there's no need to even have a password on Flarum side.

clarkwinkelmann

ceerker some people have done it on their forum but I don't think anyone has released the changes as an extension.

Solaris

Hi, I just need some portion of guidance putting Laravel Passport server and my flarum app altogether. At this point I created Laravel app with Passport and generated client credentials ID and secret. I also installed Flagrow passport and specified all fields in it.
When I try to login I'm being redirected to my passport server in popup. Then I enter my user creds from Laravel site and get

Invalid error "invalid_client"
error_description "Client authentication failed"

For generating Access tokens I used php artisan php artisan passport:client and specified callback url to my flarum instance. I'm badly familiar with Laravel, so my guess there is a permission issue. Since the first question of artisian command is "Which user ID should the client be assigned to?". I don't fully understand the logic of the API. I just want all users of the laravel site (i.e. https://pass.myflarum.com) to be able to login to flarum app (https://myflarum.com) as was discussed in this thread. I just want to create general ID and secret and authorize users without Permission grant step.

clarkwinkelmann

Solaris it's hard to give advice based on just that. Can you maybe share a screenshot of your settings in Flarum (with tokens redacted) ? Did you assign the client to a valid Laravel user when creating it (ID 1 likely?)

Solaris

clarkwinkelmann Yes, I assigned it to valid user 1. Then created the second user and tested Client app with him. Still, no luck =/

Solaris

Just figured out what is going wrong with the request. My specifications of redirect url are correct but flagrow passport first request to the oauth/authorize misses a part of it;
/authorize?approval_prompt=auto&client_id=3&redirect_uri=https%3A%2F%2Fquarks.app%2Fauth%2Fpassport

I didn't notice it at first. But my app url includes /uk/. As in config.php: 'url' => 'https://quarks.app/uk'
Not sure which method grabs url but it doesn't work with my current nginx rewriting rule.

upd. I created PR for it. As it was already fixed for facebook and twitter with url generator. Now works fine.

clarkwinkelmann

Version 0.3.0 released with the fix for subfolder installs and a new option to customize the icon of the login button. Incidentally, the default icon was no longer visible since multiple betas because the name had not been updated for FontAwesome 5.

This update also brings Passport into FriendsOfFlarum.

The update is beta 12+ only because I updated the Zend namespaces to Laminas.

Updating from Flagrow

This extension replaces Flagrow Passport.

To upgrade from the old extension to the new one:

Backup your data!
Disable the Passport extension in the admin panel.
Run:

composer require fof/passport

Composer should let you know that flagrow/passport has been automatically removed.

Enable the new extension in the admin panel.
Your existing settings will be migrated to FoF Passport automatically.
You should be good to go! All URLs stay the same.

Solaris

Hello,
Hope you're doing well. I decided to play around with custom OAuth server built with Django. I've managed to integrate it with FoF Passport but noticed some strange behavior which is might not be a bug but I'd appreciate your help.

Trying to log in with newly registered (OAuth server side resource) users after authorization FoF extension authenticated some users from Flarum database. So that for every resource user token there were assigned flarum user (but with different email and username).
After cleaning access tokens and users on both sides it began to work normally. So my guess it was either tokens or ID.
I've looked through extension source code but I'm lacking php skills to understand why FoF passport needs user ID from JSON response in the first place and how it utilizes it. Could it be the issue that users with same ID where wrongly connected?

luceos

Solaris If I'm not mistaken it uses the resourceOwner, which usually is based on the email address. Creating users in Flarum is required so that these accounts can be shown as the author of content (not sure you are debating that).

Solaris

luceos Somehow it logged in users with different email than the resource owner, so I started looking for the reason. There is no concern in creating users with same email in Flarum. But ResourceOwner.php does take resource user getId() along with getEmail() and getName() from response.

luceos

Solaris it does standardise these three into methods, but they aren't used in Flarum to authorize: see https://github.com/FriendsOfFlarum/passport/blob/b7f31082736542984734f4169d3c4fc081eb17e7/src/Controllers/PassportController.php#L92

It only uses the email address to set up Registration/Log in.

chronikum

I am currently trying to get this to work on NextClouds OAuth2, but I cannot figure it out.
What do I have to enter when there's the /api/user information?

LucaAllulli

Hello. I'm trying to integrate this fof/passport with a Django based authentication provider (Django OAuth Toolkit).

Apparently, I'm stuck at the final step: getting information from the user, which should be done through the "Api URL providing user details".

I cannot figure out how this information should be provided. Apparently, the authorization provider should yield some JSON data about the user, but the client of the HTTP request (Flarum) does not pass any authorization detail (such as an access token) when it performs the API request to get user info. How can the authentication server know what user the request is about, from the "blank" HTTP request it gets?

Solaris

LucaAllulli Not sure if it is still an issue for you. But you can DM me and I'll explain this. Extension works just fine. There's a final step requires to code your own endpoint for it.

« Previous Page Next Page »