登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

易水流川 / discourse-oauth2-basic

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 2
标签 0
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
.github/workflows
config
db/migrate
lib/validators/oauth2_basic
spec
.eslintrc
.gitignore
.prettierrc
.rubocop.yml
.streerc
.template-lintrc.js
Gemfile
Gemfile.lock
LICENSE
README.md
package.json
plugin.rb
translator.yml
yarn.lock
Loading...
README
MIT

discourse-oauth2-basic

This plugin allows you to use a basic OAuth2 provider as authentication for Discourse. It should work with many providers, with the caveat that they must provide a JSON endpoint for retrieving information about the user you are logging in.

This is mainly useful for people who are using login providers that aren't very popular. If you want to use Google, Facebook or Twitter, those are included out of the box and you don't need this plugin. You can also look for other login providers in our Github Repo.

Usage

Part 1: Basic Configuration

First, set up your Discourse application remotely on your OAuth2 provider. It will require a Redirect URI which should be:

http://DISCOURSE_HOST/auth/oauth2_basic/callback

Replace DISCOURSE_HOST with the appropriate value, and make sure you are using https if enabled. The OAuth2 provider should supply you with a client ID and secret, as well as a couple of URLs.

Visit your Admin > Settings > Login and fill in the basic configuration for the OAuth2 provider:

  • oauth2_enabled - check this off to enable the feature

  • oauth2_client_id - the client ID from your provider

  • oauth2_client_secret - the client secret from your provider

  • oauth2_authorize_url - your provider's authorization URL

  • oauth2_token_url - your provider's token URL.

If you can't figure out the values for the above settings, check the developer documentation from your provider or contact their customer support.

Part 2: Configuring the JSON User Endpoint

Discourse is now capable of receiving an authorization token from your OAuth2 provider. Unfortunately, Discourse requires more information to be able to complete the authentication.

We require an API endpoint that can be contacted to retrieve information about the user based on the token.

For example, the OAuth2 provider SoundCloud provides such a URL. If you have an OAuth2 token for SoundCloud, you can make a GET request to https://api.soundcloud.com/me?oauth_token=A_VALID_TOKEN and will get back a JSON object containing information on the user.

To configure this on Discourse, we need to set the value of the oauth2_user_json_url setting. In this case, we'll input the value of:

https://api.soundcloud.com/me?oauth_token=:token

The part with :token tells Discourse that it needs to replace that value with the authorization token it received when the authentication completed. Discourse will also add the Authorization: Bearer HTTP header with the token in case your API uses that instead.

There is one last step to complete. We need to tell Discourse what attributes are available in the JSON it received. Here's a sample response from SoundCloud:

{
  "id": 3207,
  "permalink": "jwagener",
  "username": "Johannes Wagener",
  "uri": "https://api.soundcloud.com/users/3207",
  "permalink_url": "http://soundcloud.com/jwagener",
  "avatar_url": "http://i1.sndcdn.com/avatars-000001552142-pbw8yd-large.jpg?142a848",
  "country": "Germany",
  "full_name": "Johannes Wagener",
  "city": "Berlin"
}

The oauth2_json_user_id_path, oauth2_json_username_path, oauth2_json_name_path and oauth2_json_email_path variables should be set to point to the appropriate attributes in the JSON.

The only mandatory attribute is id - we need that so when the user logs on in the future that we can pull up the correct account. The others are great if available -- they will make the signup process faster for the user as they will be pre-populated in the form.

Here's how I configured the JSON path settings:

  oauth2_json_user_id_path: 'id'
  oauth2_json_username_path: 'permalink'
  oauth2_json_name_path: 'full_name'

I used permalink because it seems more similar to what Discourse expects for a username than the username in their JSON. Notice I omitted the email path: SoundCloud do not provide an email so the user will have to provide and verify this when they sign up the first time on Discourse.

If the properties you want from your JSON object are nested, you can use periods. So for example if the API returned a different structure like this:

{
  "user": {
    "id": 1234,
    "email": {
      "address": "test@example.com"
    }
  }
}

You could use user.id for the oauth2_json_user_id_path and user.email.address for oauth2_json_email_path.

Part 3: Test it with Google OAuth 2.0 Server

To test this plugin in your local dev environment you can use Google OAuth 2.0 Server. Follow this guide to create new OAuth client id & secret.

  • While creating it choose "Web application" as "Application type".
  • Add http://localhost:3000 in "Authorized JavaScript origins" and http://localhost:3000/auth/oauth2_basic/callback in "Authorized redirect URIs" fields.
  • Then add following site settings in your admin panel.
{
  "oauth2_enabled": true,
  "oauth2_client_id": "YOUR_PROJECT_CLIENT_ID",
  "oauth2_client_secret": "YOUR_PROJECT_CLIENT_SECRET",
  "oauth2_authorize_url": "https://accounts.google.com/o/oauth2/auth",
  "oauth2_token_url": "https://www.googleapis.com/oauth2/v3/token",
  "oauth2_user_json_url": "https://www.googleapis.com/userinfo/v2/me",
  "oauth2_json_user_id_path": "id",
  "oauth2_json_user_name_path": "name",
  "oauth2_json_user_email_path": "email",
  "oauth2_json_user_avatar_path": "picture",
  "oauth2_email_verified": true,
  "oauth2_scope": "https://www.googleapis.com/auth/userinfo.email"
}

That's it! You can check it now in your browser.

Good luck setting up custom OAuth2 on your Discourse!

Issues

Please use this topic on meta to discuss issues with the plugin, including bugs and feature requests.

How to run tests

Make sure the plugin has been installed, then from the discourse directory run:

LOAD_PLUGINS=1 bundle exec rspec plugins/discourse-oauth2-basic/spec/plugin_spec.rb

License

MIT

The MIT License (MIT) Copyright (c) 2016 Civilized Discourse Construction Kit, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Starred
0
Star
0
Fork
0

简介

discourse插件 展开 收起
暂无标签
Ruby
Ruby
100.0%
MIT
使用 MIT 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
1
https://gitee.com/ljq1998/discourse-oauth2-basic.git
git@gitee.com:ljq1998/discourse-oauth2-basic.git
ljq1998
discourse-oauth2-basic
discourse-oauth2-basic
main
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部