Erudika / scoold

A Stack Overflow clone for teams (self-hosted or hosted)
https://scoold.com
Apache License 2.0
862 stars 239 forks source link

para doesn't redirect back to scoold #353

Closed gormus closed 2 years ago

gormus commented 2 years ago

Hi,

I'm running Scoold locally with an instance of paraio.com development account.

When I try to login at http://localhost:8000/ I get redirected to my oauth provider as expected, and it successfully redirects back to paraio.com/oauth2_auth with a 200 status. But it doesn't redirect back to my localhost instance, and just stays on para.

  1. Start at http://localhost:8000/signin?returnto=/
  2. https://my-oauth-vendor.com/v1/oauth2/authorize?response_type=code&client_id=demo_community&scope=offline%20identity.read%20identity%20coreservice&state=answers&redirect_uri=https://paraio.com/oauth2_auth
  3. https://paraio.com/oauth2_auth?code=*****OMITTED*****&state=answers&locale=en&session_state=*****OMITTED*****
scoold.app_secret_key = "*****OMITTED*****"
scoold.para_access_key = "app:demo1"
scoold.para_secret_key = "*****OMITTED*****"
scoold.host_url = "http://localhost:8000"
scoold.para_endpoint = "https://paraio.com"

# OAuth login
scoold.oa2_app_id = "demo_community"
scoold.oa2_secret = "*****OMITTED*****"
scoold.security.oauth.authz_url = "https://my-oauth-vendor.com/v1/oauth2/authorize"
scoold.security.oauth.token_url = "https://my-oauth-vendor.com/v1/oauth2/token"
scoold.security.oauth.profile_url = "https://my-oauth-vendor.com/v1/users/[:id]/public-profile"
scoold.security.oauth.scope = "offline identity.read identity coreservice"

I'm clearly missing something out. Could you help?

gormus commented 2 years ago

I also tried the same Oauth configuration on a cloud instance using the same paraio.com account. But the results are the same.

albogdano commented 2 years ago

Are you sure your OAuth2 settings are correct? For example this doesn't look right to me:

scoold.security.oauth.profile_url = "https://my-oauth-vendor.com/v1/users/[:id]/public-profile"

The [:id] will not be replaced with anything nor is it correct to query a single user profile. Try with another scope value like openid email profile

gormus commented 2 years ago

you were correct @albogdano. I changed the scoold.security.oauth.profile_url value with another API endpoint available by my vendor, and it just worked afterwords :) Cheers