WordPress integration installations don't work

[gazayas]

Context

https://discord.com/channels/836637622432170028/836637623048601633/1033079004296654858

Steps to reproduce

rails g model Oauth::WordpressHostedAccount uid:string data:jsonb user:references
rails g model Integrations::WordpressHostedInstallation team:references oauth_wordpress_hosted_account:references name:string
rails g model Webhooks::Incoming::Oauth::WordpressHostedAccountWebhook data:jsonb processed_at:datetime verified_at:datetime oauth_wordpress_hosted_account:references

bin/super-scaffold oauth-provider omniauth-wordpress_hosted wordpress_hosted WORDPRESS_API_KEY WORDPRESS_API_SECRET

Since the gem isn't technically released, you have to go to the Gemfile and update it to this:

gem 'omniauth-wordpress_hosted', github: 'jwickard/omniauth-wordpress-oauth2-plugin'

bundle install
rails db:migrate

Update your config/application.yml with the values from the WordPress Application Manager ("Client ID" and "Client Secret")

Set the redirect URLS

https://yourdomain.co/users/auth/wordpress_hosted/callback
OR
http://localhost:3000/users/auth/wordpress_hosted/callback

Most likely an issue with the gem

The gem is omniauth-wordpress-oauth2-plugin

The calls were being made to WordPress, but I kept getting this error:

I made sure the Client ID and Client Secret, along with the environment variable names were correct.

In short, we're getting an authentication error. I looked at the repository and 1, it hasn't been updated in 4 years, and 2, there are a handful of issues other people are experiencing similar to ours:

This was the error from the server:

12:47:20 web.1              | Started POST "/users/auth/wordpress_hosted?team_id=1" for ::1 at 2022-10-21 12:47:20 -0400
12:47:20 web.1              | I, [2022-10-21T12:47:20.763564 #62920]  INFO -- omniauth: (wordpress_hosted) Request phase initiated.
12:47:20 web.1              | Started GET "/oauth/authorize?client_id=DNd9vU5Xpur6dMdGpyxUaIudAGxa2UYNOLoakZNz&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fwordpress_hosted%2Fcallback%3Fteam_id%3D1&response_type=code&state=6a1bc0c5493600e1bac927be524047eb021cb726fae49819" for ::1 at 2022-10-21 12:47:20 -0400
12:47:20 web.1              | Processing by Doorkeeper::AuthorizationsController#new as HTML
12:47:20 web.1              |   Parameters: {"client_id"=>"DNd9vU5Xpur6dMdGpyxUaIudAGxa2UYNOLoakZNz", "redirect_uri"=>"http://localhost:3000/users/auth/wordpress_hosted/callback?team_id=1", "response_type"=>"code", "state"=>"6a1bc0c5493600e1bac927be524047eb021cb726fae49819"}
12:47:20 web.1              | Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfigured.
12:47:20 web.1              |   Platform::Application Load (0.9ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 LIMIT $2  [["uid", "DNd9vU5Xpur6dMdGpyxUaIudAGxa2UYNOLoakZNz"], ["LIMIT", 1]]

However, we don't have to configure Doorkeeper.configure.resource_owner_authentication for, for example, the Google OAuth2 integration:

https://github.com/bullet-train-co/bullet_train/blob/a417a93dba45d331ce5a207ee85ce55613c29b32/config/initializers/doorkeeper.rb#L8-L14

I bypassed this with the following code (although I don't think we need to be touching this in the first place)

resource_owner_authenticator do
# raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
# Put your resource owner authentication logic here.
# Example implementation:
  unless (session[:user_id].present?)
    User.find_by(id: session[:user_id])
  else
    redirect_to(:back)
  end
end

Still, I got the error on the WordPress page from above.

All of this leads me to believe that the gem itself is outdated, and we'll either have to edit it ourselves or maybe monkey patch Doorkeeper to get things working.

[gazayas]

FWIW, this post refers to a fork that might work, but I haven't tried it out yet.

[jackm767]

To follow up on this the fork mentioned in that post seems to be returning the same error