search

Meteor-Community-Packages / stratosphere

Meteor private package server
MIT License
28 stars 7 forks source link

meteor-tool OAuth issue #6

Closed hellogerard closed 9 years ago

hellogerard commented 9 years ago

Hi,

I decided to create a new issue to track this rather than use the one on Meteor's repo.

I am running meteor-tool from a local copy of meteor 1.2.0.2 so that I can debug the OAuth flow with console.log. I am trying to see the same error as the one in https://github.com/meteor/meteor/issues/4497, but I cannot get past the authorize request step. I am looking mainly in the tools/meteor-services/auth.js file. When meteor-tool makes the first authorize request (sendAuthorizeRequest method), instead of getting back an authenticate redirect URI, I am getting back Invalid redirect URI.

Here is a sample authorize request:

https://www.meteor.com/oauth2/authorize?state=09300eff231a7ef9eb13eca34a777236&response_type=code&client_id=<APPID>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F_oauth%2Fmeteor-developer%3Fclose

I have tried other domains other than localhost, and have tried modifying my OAuth app on meteor.com to match each time, but no luck.

Does the OAuth provider have to exist on the public Internet and not just locally? Doesn't seem that it should, since everything works fine in a web browser via accounts-ui. What am I doing wrong?

sebakerckhof commented 9 years ago

Do you have this url set as redirect url in your meteor app ( https://www.meteor.com/account-settings/apps ): http://localhost:3000/_oauth/meteor-developer?close

Because, I just tested with only this url and here it works. It seems the oAuth problem is solved in meteor-tool 1.1.9... At least for me.

Are you using the oauth branch and are the settings in settings.json correct?

hellogerard commented 9 years ago

Wow! Great!

I kept going anyway. I added that URL (I was missing the ?close), and it worked!

I also had to add accounts-meteor-developer to Stratosphere. Is that right? If so, should it be added as part of the repo?

Awesome. Getting excited now.

sebakerckhof commented 9 years ago

In the oauth branch I'd added accounts-meteor-developer in the imply section of the stratosphere:lib package (umbrella package): https://github.com/sebakerckhof/stratosphere/blob/oauth/packages/stratosphere_lib/package.js#L23

Was this not sufficient are were you not using that branch?

Anyway, glad it is working. Now that oAuth is working I hope to add more security features and have a beta 2 by the end of the week if I can find some time to work on it. Maybe I'll make a script that automatically creates the database file, so the installation process will be much simpler.

hellogerard commented 9 years ago

Ah, ok. I was on the master branch so that makes sense. Security features sounds nice!