Docs at http://horizon.io/docs/auth/ don't say what callback URL to use

[mlucy]

If you're doing OAuth with GitHub, you have to enter an "Authorizaton callback URL". It turns out that the correct one in this case is https://hostname/horizon/github, but that should be documented somewhere on the auth page.

[deontologician]

horizon.authEndpoint('github') will get you this url, since it's a configurable path, we shouldn't rely on hard-coding it

[deontologician]

Actually @mlucy is this the path you put into github auth and is it different from the 'authEndpoint' which redirects you to github?

[mlucy]

@deontologician -- this is the path I put into GitHub auth. It's the same as what's returned by authEndpoint. It wasn't obvious to me that that was what I was supposed to enter, though. I think we should at least document that the URL you're supposed to enter is https://hostname${RETURN_VAL_OF_AUTH_ENDPOINT}, and we should probably say what the default is since that's what most people will be looking for.

[danielmewes]

Is it actually necessary for this path to be the same as what you get from authEndpoint? I might be remembering this wrong, but I think when I tested GitHub auth with Horizon a bit back I just set the redirect path in GitHub to http://localhost:8181/ where I had my page that imported the Horizon client. The Horizon client picked up the auth parameters once it was instantiated by the page if I remember correctly.

Edit: So my question is: Can this just be any page that instantiates the Horizon client?

[chipotle]

If I'm understanding correctly, when you register an application for use with Github's OAuth service, you need to enter the actual URL into their registration form. I don't know whether other providers require this.

https://github.com/settings/applications/new

[deontologician]

I think github has to post some data to horizon, who can then redirect somewhere with the horizon-token in the parameters

[danielmewes]

Maybe @Tryneus knows which URL this actually has to be.

[Tryneus]

The URL you give to the Oauth provider should correspond to the path on your server that you configure for that provider. It is the same as the path option used when adding the auth provider via add_auth_provider (which is just a subpath below horizon). So if you do server.add_auth_provider(github, { path: 'github', ... }) on a Horizon server mounted at /horizon, then your Github Oauth Redirect URI should be https://<host>/horizon/github.