Wordpress OAuth 3.1.96: Unable to Authenticate

[phillc73]

Your Rocket.Chat version: 0.25.0

I'm having trouble authenticating using the Wordpress OAuth Server plugin, v3.1.96. I've been following the information in #747 but am still striking issues. I don't know if this is because the WP OAuth Server is now a later version that the one tested in the instructions.

On the WP side:

• I've added $me_data['id'] = $me_data['ID']; to the filters.php file and uploaded a plugin zip with this change.
• I also tried adding the code from the Gist to functions.php, but outcomes are the same.
• I've checked all the Grant Types in the Advanced Configuration menu.
• I've double and triple checked my Client ID and secret between WP and my RC instance.
• I'm positive I've added the default RC redirect URL to the WP Client Details dialogue and saved it.

Scenario 1

• In WP under Advanced Settings / Misc Settings I have "Require Exact Redirect URI" checked.

When attempting to login, the new window launched from RC and displays the following error:

{"error":"redirect_uri_mismatch","error_description":"The redirect URI provided is missing or does not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-3.1.2"}

Nothing in the RC logs.

Scenario 2

• In WP I have unchecked "Require Exact Redirect URI"

This time I am taken to the WP login form in the pop-up window, where I am able to login. However, after logging in, no re-direct occurs. I am simply shown my WP website content in this pop-up window.

RocketChat has not logged in, in the other window.

Scenario 3

• As per Scenario 2, however I am still logged in to the WP website.

This time, when clicking the WP icon from the RC sign-in page, the pop-up window launches, then closes.

RocketChat shows an "Internal Server Error" message.

RC logs:

I20160408-15:13:43.047(0) at: cl7sculdskpuygnlmll8f9cklmmi0yyleiecfpol W20160408-15:13:43.897(0) (oauth_server.js:398) Error in OAuth Server: Failed to fetch identity from wordpress at http://mywebsiteurl.com/oauth/me. failed [400] {"error":"invalid_request","error_description":"Missing or invalid parameter(s)"} I20160408-15:13:44.077(0) Exception while invoking method 'login' Error: Failed to fetch identity from wordpress at http://mywebsiteurl.com/oauth/me. failed [400] {"error":"invalid_request","error_description":"Missing or invalid parameter(s)"} at CustomOAuth.getIdentity (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:92:16) at Object.handleOauthRequest (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:101:20) at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1) at middleware (packages/oauth/oauth_server.js:173:1) at packages/oauth/oauth_server.js:146:1

Scenario 4

• When adding a new Client to the WP OAuth Server, there is a field to input the "Redirect URI:". The default text for this field says, "Leave Blank for Client Credentials." Therefore, in this scenario, I am leaving it blank.

The outcome is the same as Scenarios 2 and 3.

Scenario 5

• The same setup as Scenario 4 with the blank client credentials, however, I am also re-checking the "Require Exact Redirect URI" checkbox under Advanced / Misc settings.

The outcome is the same as Scenarios 2 and 3.

Not sure what other information to provide. Have tested in the latest versions of both Firefox and Chromium.

Any assistance much appreciated.

[phillc73]

I installed the older 3.1.7 version and still receive the error:

{"error":"redirect_uri_mismatch","error_description":"The redirect URI provided is missing or does not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-3.1.2"}

The URL in the pop-up login window includes the following:

redirect_uri=http://myrcinstance.com/_oauth/wordpress

This is exactly the same URL I have entered in the "Redirect URI:" field in the WP OAuth Client details screen.

[phillc73]

I have followed the instructions in #747 and created a custom RC OAuth entry, just calling it "wordpresscustom". I updated the details in my WP OAuth Client details with the new redirect URI.

This has overcome the "redirect_uri_mismatch" error. The pop-up window presented me with the WP login screen. This is with "Require Exact Redirect URI" checked in the WP OAuth Server settings.

Unfortunately, after logging in, the pop-up did not disappear, rather it just showed me a page of my WP website content.

After closing the pop-up, and clicking the "WP Custom Login" button on my RC login page (this time already logged into WP), I once again see the Internal Server error in the RC logs:

I20160408-20:41:52.431(0) at: 80svsrmoy0fzgn37um89un7xrlcglsv0okgnwyo1 W20160408-20:41:53.215(0) (oauth_server.js:398) Error in OAuth Server: Failed to fetch identity from wordpresscustom at http://mywpwebsite.com/oauth/me. failed [400] {"error":"invalid_request","error_description":"Missing or invalid parameter(s)"} I20160408-20:41:53.385(0) Exception while invoking method 'login' Error: Failed to fetch identity from wordpresscustom at http://mywpwebsite.com/oauth/me. failed [400] {"error":"invalid_request","error_description":"Missing or invalid parameter(s)"} at CustomOAuth.getIdentity (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:92:16) at Object.handleOauthRequest (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:101:20) at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1) at middleware (packages/oauth/oauth_server.js:173:1) at packages/oauth/oauth_server.js:146:1

Pretty much the same as Scenario 3 above.

I have successfully setup a GitHub OAuth on my RC instance, just to check that worked. However, I would really like WP to work, as my subscribers already have accounts on my WP site.

[marceloschmidt]

Just to be on the safe side here, you guys tried using the built-in Wordpress OAuth, right? meanwhile, I'll try to run a few tests with our demo.

[lovetheidea]

Looking at custom_oauth_server.coffee state: query.state is requested in getAccessToken. So on the WP side:

• Checking the Enforce State Parameter seemed to work for me.

[lovetheidea]

Following on from above -- I get a Register Username form. Username cannot be read / undefined in log files but is used / set in Wordpress:

Exception while invoking method 'getUsernameSuggestion' TypeError: Cannot read property 'length' of undefined at generateSuggestion (server/methods/getUsernameSuggestion.coffee:27:14) at [object Object].Meteor.methods.getUsernameSuggestion (server/methods/getUsernameSuggestion.coffee:88:10) at [object Object].methodsMap.(anonymous function) (server/lib/debug.js:17:26) at maybeAuditArgumentChecks (livedata_server.js:1698:12) at livedata_server.js:708:19 at [object Object]._.extend.withValue (packages/meteor/dynamics_nodejs.js:56:1) at livedata_server.js:706:40 at [object Object]._.extend.withValue (packages/meteor/dynamics_nodejs.js:56:1) at livedata_server.js:704:46 at tryCallTwo (/app/.meteor/heroku_build/app/programs/server/npm/promise/node_modules/meteor-promise/node_modules/promise/lib/core.js:45:5)

[flantascience]

Did anyone ever get WP Oauth working???

[wargamesqcf]

The plugin on WP side has been updated alot and doesn't want to give rocket what it needs I think.

[flantascience]

Would someone be willing to send me an older version of the plugin that works? I did pay for a license but the plugin developers haven't been responding to me about this.

[wargamesqcf]

I no longer has the old plugin sadly, but something needs to be done to allow easy wordpress user to rocket chat. Oauth, Saml, CAS anything.

[flantascience]

es, I tried those steps but I got this error:

{"error":500,"reason":"Internal server error","message":"Internal server error [500]","errorType":"Meteor.Error"}

[wargamesqcf]

At sing.li request I will talk about the timeline of going from a semi-working plugin to one that doesn't work and cost money.

The last time I got oauth to work between WP and RC was verison 3.1.98 this was back in june. As time goes on software gets updated and WP updated changing some things around I do believe they changed the way they handle usernames and passwords a little. So the oauth plugin for WP updated to deal with those changes and put a lot of features behind a paywall. So the Oauth plugin no longer provides all the info that RC needs to have a complete checklist at least on the free version the paid version as stated above also does not work but for unknown reasons.

Here is the plugin in question

https://wordpress.org/plugins/oauth2-provider/ https://wp-oauth.com/

also Flantascience here is the older version please tell me if you can get it too work.

https://downloads.wordpress.org/plugin/oauth2-provider.3.1.98.zip

[Sing-Li]

@RocketChat/core We need to consider an "officially supported" way of doing SSO (hopefully without involving a paid plugin on the WP side) with WordPress - as the population of community users integrating Rocket.Chat to their WordPress site is growing daily.

[wargamesqcf]

Well I can show you two way that some other have done integration with WP, the forums I use uses this WP plugin

https://wordpress.org/plugins/wp-w3all-phpbb-integration/

my wiki uses this and was by far the easiest and least obtuse way.

https://www.mediawiki.org/wiki/Extension:WPMW

[flantascience]

@wargamesqcf Still not working. I may have come across something though. I checked the RocketChat logs and saw this. I added the bold around 'self signed certificate.' I wonder if it is not working since I have a self-signed cert? I set it up specifically for testing purposes. I already paid $60 for the plugin, I guess I didn't want to pay another $60 for an SSL just for testing. Do you think that's the issue?

W20161226-19:35:26.131(0) (oauth_server.js:398) Error in OAuth Server: Failed to complete OAuth handshake with wordpresscustomlog at https://forumthing.flimjannery.com/oauth/token. self signed certificate I20161226-19:35:26.344(0) Exception while invoking method 'login' Error: Failed to complete OAuth handshake with wordpresscustomlog at https://forumthing.flimjannery.com/oauth/token. self signed certificate at CustomOAuth.getAccessToken (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:71:16) at Object.handleOauthRequest (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:106:23) at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1) at middleware (packages/oauth/oauth_server.js:173:1) at packages/oauth/oauth_server.js:146:1

[flantascience]

I also just noticed my Pro license doesn't work on this older version of WPOAuth. Not sure if that is impacting it.

[flantascience]

Is there a way to do the reverse? Maybe to log into WordPress using a Meteor account?

[logankoester]

I spent a lot of time messing about with this also, and in the end I found it made my life a lot easier to just plug Rocket.Chat, WordPress, and all my other services into https://auth0.com/, rather than randomly elect one of them given that managing accounts is orthogonal to any of their actual purpose in my stack.

[wargamesqcf]

My issue is right now WP is already handling accounts for my forums and wiki, don't want to jump over to a 3rd party oauth unless WP can push accounts to that and then back to rocket.

[flantascience]

So this actually is working now. It is not exactly what I desired but I think it's what you are after @wargamesqcf

The main thing causing a problem was that I used a self-signed SSL certificate. I got this because I just wanted to test things out. I got a real SSL and it worked. I also maybe did an adjustment on my checkboxes, so let me post what I've got.

The trouble I still had... i actually want the reverse. I was hoping that all my meteor users would be able to login to WordPress with their meteor accounts. This lets them login to Meteor using WordPress.

Here are the settings on WordPress. This is for OAuth Server 3.2. Grant Types - everything checked Misc Settings - token length: 30, check for 'enforce state parameter' Open ID connect - lifetime: 3600 seconds Token Lifetimes - access token: 3600 seconds, Refresh token lifetime: 86400

I am not sure if I had 'enforce state parameter' checked before when I was receiving errors. But it is checked off now and it works.

I also have 'require exact url' UNchecked.

On my RocketChat, I did not use the WordPress OAuth, I created a custom one.

URL: https://peerunschooling.net Token Path: /oauth/token Identity Path: /oauth/me Authorize Path: /oauth/authorize Scope: openid Token Sent Via: Payload Login Style: Popup

My app is at https://members.peerunschooling.net and I was able to successful embed the app as an iframe here: https://peerunschooling.net/chat-app

I just gotta find a way to do the reverse. Or maybe this auth0.com thing is the answer. I would like to keep it simple, this has become more time consuming that I expected.

[wargamesqcf]

Just doesn't work on the non-pro verison.

[johnlund]

I've been having this issue, and I've got it working with the settings listed from @flantascience above on non-pro WP Oauth server 3.2.001. The strange thing is: it works fine with the desktop Rocket.chat app, but the iOS app gives me:

error=invalid_request&error_description=Invalid+or+missing+response+type

[Sing-Li]

Anyone actually using the WordPress OAuth section of the settings (not a custom oauth one) and is able to authenticate with the latest version of WP Oauth server?

[Sing-Li]

@wargamesqcf we are thinking of switching to Method 2 endpoint format as documented here to improve compatibility - https://wp-oauth.com/kb/endpoint-formats/ Especially with the non-pro version of the popular plugin.

Have you had any experience with it? Thanks.

[wargamesqcf]

Tried method 1 and method 2 got this as an error, also using verison 3.2002 of WP Oauth server, and 54.2 of rocketchat {"error":"invalid_client","error_description":"The client id supplied is invalid"}

My settings http://i.imgur.com/gRlkOwe.png?1

[Sing-Li]

@wargamesqcf What did you have to do to the permalink setting to get Method 1 working with the non-pro version ? Also did you have to tinker with your .htaccess file?

[Sing-Li]

@wargamesqcf This PR, thanks to @sampaiodiego , should allow method 2 to work with your settings. #6684 Please test. Thanks.

[wargamesqcf]

I never got it working on verison 3.2+ of WP oauth non-proversion only ever got it working on the older 3.1.96.

[Sing-Li]

I never got it working on verison 3.2+ of WP oauth non-proversion only ever got it working on the older 3.1.96.

@wargamesqcf Good to know. Thanks. Please try the PR with your custom oauth settings - using method 2 format - it should now work with any version of the plugin.

[wargamesqcf]

What do you mean by PR?

[Sing-Li]

@wargamesqcf PR = Pull Request = code fix when merged

Please click this to see the details and track the branch that it lands on:

6684

[wargamesqcf]

Tried method 1 and method 2 got this as an error, also using verison 3.2002 of WP Oauth server, and 55.1 of rocketchat {"error":"invalid_client","error_description":"The client id supplied is invalid"}

My settings http://i.imgur.com/gRlkOwe.png?1

From my logs I get this error

�[34mW20170421-02:18:26.645(0) (oauth.js:431) �[35mError in OAuth Server: Failed to fetch identity from wordpress at http://www.five-rings-online.net?oauth=me. Unexpected token < �[34mI20170421-02:18:27.835(0) Exception while invoking method 'login' Error: Failed to fetch identity from wordpress at http://www.five-rings-online.net?oauth=me. Unexpected token < at CustomOAuth.getIdentity (/app/bundle/programs/server/packages/rocketchat_custom-oauth.js:206:17) at Object.handleOauthRequest (/app/bundle/programs/server/packages/rocketchat_custom-oauth.js:222:25) at OAuth._requestHandlers.(anonymous function) (packages/oauth2.js:27:31) at middleware (packages/oauth.js:203:5) at packages/oauth.js:176:5

[Bluer-RC]

Here is what works for me after experimentation in RC's #wordpress channel. Thanks @Sing-Li

Tested in browser only with Ubuntu 16.04, WordPress 4.7.4, Rocket.Chat 0.55.1 (docker) and the free wpoauth plugin at version 3.2.002

In RC add Custom OAuth, don't use the WordPress one. For the name use something else than wordpress like your site name. (otherwise it might bug)

Enable: True URL: http://yourwordpress.com/ Token Path: ?oauth=token Identity Path: ?oauth=me Authorize Path: ?oauth=authorize Scope: openid Token Sent Via: Payload

I also use Login style: Redirect

In Wordpress install WP OAuth Server plugin ver 3.2.002. Go to OAuth Server > Clients > Add new client and for the Redirect URI copy Callback URL from the top of your Custom OAuth page in RC for example. http://yourwordpress.com:3000/_oauth/myoauth (i have ssl: https://chat.mysite.com/_oauth/myoauth)

Copy Id & Secret (hover mouse over client to see secret) and put them into your RC Custom OAuth settings.

After saving changes for the client you might have to update permalink structure in WP > settings > permalink > 'Save Changes'

Create new WP user with simple password and email that isn't used by any RC users. Finally clear all cookies/history and go to your RC login page and the new button should redirect you with WP.

Extra: putting user_login in custom oauth "Username field" automatically forces WP username when authenticating for the first time. Might require "Merge users" to be set to false.

[Sing-Li]

Thank YOU! @Bluer-RC ! (and @wargamesqcf !) for all your extensive help in testing this!

@phillc73 @lovetheidea @johnlund @flantascience and others ....

We know WordPress is the current leader for websites creation. Ongoing, we're committed to make sure that the current FREE edition of the wpoauth plugin work with Rocket.Chat.

As of Rocket.Chat 0.55.1 - and wpoauth FREE 3.2.002, things should be working as detailed by @Bluer-RC . We will follow up with formal documentation soon (we are short of doc staff, and can use any documentation contribution here : https://github.com/RocketChat/Rocket.Chat.Docs ).

As the Rocket.Chat version and wpoauth server versions evolve independently, if you should find any breaking changes - please report them asap on new tickets. Thanks in advance for your help.

[RichardFoxworthy]

Is there a known method to make WP use RC as an oauth provider? - ie log into WP usig a RC/meteor account?

[weismannweb]

I can confirm that using the name "Wordpress" as a custom oauth in RC fails and probably because it conflicts with the built in Wordpress.com oauth. Notice the call back url is the same https://rcdomain.chat/_oauth/wordpress so of course, it would conflict. I reneamed my custom oauth to "wordpressoauth" and it worked fine. I can also tell it is conflicting because my custom oauth, when named Wordpress, is showing the Wordpress logo on the button even though its custom and it knows not that it is for Wordpress....the built-in Wordpress button is being used. Now I only have one more issue. I CAN NOT delete the custom oauth I created named Wordpress. I click remove and nothing happens. I imagine this is probably because of the conflict too since the built-in one is not allowed to be deleted and this has the same name. I guess moving forward creating a custom OAuth named "Wordpress" or "wordpress" should be blocked by RC but as far as people who already did we need a way to delete it.

Also correct me if I am wrong but isnt the built in one for wordpress.com not wordpress.org (hosted not self hosted).

[flantascience]

I'm having an issue with this.... I've got the OAuth working as a "Custom" OAuth. PROBLEM: when logging in via the Rocket.Chat mobile application, the WebView for logging in doesn't close. So someone logging in for the first time, clicks on "Login with WordPress', the WebView pops up asking for their WordPress login info, and then they get logged intot he WordPress site in the WebView but never go back to the app. The have to manually close the WebView. I know this may not seem like a big deal, but its a particular problem for NEW users.... because they don't fully realize they're entering the website instead of the Rocket.Chat app. Any ideas?

Jim Flannery

jim-flannery.com p. 860-578-4966 e. jim@jim-flannery.com s. jim_flannery

On Mon, May 14, 2018 at 1:36 AM, Henry Weismann notifications@github.com wrote:

I can confirm that using the name "Wordpress" as a custom oauth in RC failes and probably because it conflicts with the built in Wordpress.com oauth. Notice the call back url us the same https://rcdomain.chat/_oauth/ wordpress so of course, it would conflict. I reneamed my custom oauth to "wordpressoauth" and it worked fine. Now I only have one more issue. I CAN NOT delete the custom oauth I created named Wordpress. I click remove and nothing happens. I imagine this is probably because of the conflict too since the built-in one is not allowed to be deleted and this has the same name. I guess moving forward creating a custom OAuth named "Wordpress" or "wordpress" should be blocked by RC but as far as people who already did we need a way to delete it.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/RocketChat/Rocket.Chat/issues/2815#issuecomment-388702142, or mute the thread https://github.com/notifications/unsubscribe-auth/AL_pYoEu0Btbpl3AIxZmP3waZhQ40nfFks5tyRf1gaJpZM4IDG4E .

[flantascience]

I'm revisiting this because now that I'm trying to get the mobile app working, this error has returned: {"error":"redirect_uri_mismatch","error_description":"The redirect URI provided is missing or does not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-3.1.2"}

Desktop works fine. But this error prevents the mobile app from connecting.

[geekgonecrazy]

@flantascience ios or android?

[flantascience]

@geekgonecrazy This is on IOS

[geekgonecrazy]

@rocketchat/ios thoughts?

[rafaelks]

@flantascience On the OAuth settings section for Wordpress, what's the value you're using for Server Type? Have you tried changing it?

[flantascience]

@rafaelks where do you see "Server Type"?

I've tried this using both WP OAuth Server and WP OAuth Server Pro. Neither has a setting for "Server Type" that I see.

Inside of Rocket.Chat, I don't see a setting for "Server Type" either.

[franckadil]

Just to keep this thread updated:

• neither Rocketchat guide or Mini Orange documentation have worked for us.

• This is the solution that currently works as of 2020 🏅 https://wp-oauth.com/docs/how-to/rocket-chat-oauth-setup/

[clarm060]

Following the above link for instructions, and with the paid version I am seeing this issue still. do we know if this is an issue with WP-Oauth or RocketChat?

I am using a custom OAuth and using the settings in https://wp-oauth.com/docs/how-to/rocket-chat-oauth-setup/ and continue to get errors.