API authentication
I'm trying to authenticate another website users using their accounts on my UNA website. For this, I'm using Prosody module (mod_auth_oauthbearer) for Bearer authetnication. However, I cannot get the UNA OAuth server to work. The Prosody module requests these 3 inputs to communicate with OAuth server and I don't seem to be able to set them correctly.
oauth_client_id = "I put here the client key generated by UNA OAuth"
oauth_client_secret = "I put here the client secret generated by UNA OAuth "
oauth_url = "I tried a few urls here with no success, I've no idea on how to generate the full token url for OAuth. I tried UnaSite/modules/?r=oauth2/auth but couldn't generate the full url with the placeholders for client_id and client_secret"
Unfortunately, I have not been able to add the links for the Prosody Module because my UNA membership does not allow me to post links :(
Also, can someone help me tag Alex or Leonids in this post because my membership level does not allow me to tag any of them :(
-
Please use URLs for Custom OAuth module in Rocket.Chat, it should be the same:
https://una.io/cmts.php?sys=bx_forum&id=3923&cmt_id=20711 -
Unfortuantley, they don't work.
I'm trying to post a link to Prosody Module documentation to give you an example on how the module constructs the oauth_url .. but my membership level does not allow me to post links. I will try to send you a private message instead. -
Actually such params as password and client id need to be passed as POST params, not GET params, from your documentation it isn't clear how POST params are passed, however, it maybe POST params are passed automatically.
To generate key&secret with different grant type you need to generate it usual way in OAuth2 module, then you need to update some params manually via DB:
UPDATE bx_oauth_clients SET grant_types='password' WHERE client_id='<your client id>'; UPDATE bx_oauth_clients SET client_secret='' WHERE client_id='<your client id>';
Then you will be able to get access token using the following CURL command:
curl -X POST "https://you-una-site-domain/modules/?r=oauth2/token" -d "grant_type=password&scope=basic&client_id=<your client id>&username=<your login email>&password=<your login password>"
So try to set the following in your config:
oauth_client_id = "<your client id>" oauth_client_secret = "" oauth_url = "https://you-una-site-domain/modules/?r=oauth2/token"; authentication = "oauthbearer"
oauth_client_secret is empty when password grant type is used
If it will not work, ask them for the support, or they need to provide more complete documentation.
-
thanks a lot for your help. The curl command worked fine, but the module hasn't worked. I will contact the developers to get more support on the issue. thanks a lot for your help.
-
while we are here, I will add another degree of complexity, perhaps this has something to do with it..
the keypair generated by una oauth2 module and the key pair length generated by rocket chat instance seem to be differing lengths.
there may be a setting needed to "bring down" the length of the keypair bits value in rocket chat config, but I gave up last month and added the integration to my revolving "to do list" -
Please provide me the details about it, Omar Amer , it's very interesting to check it.
-
sorry to have missed this one!
in short while trying to set up oAuth for rocket chat:
i noticed the oAuth tokens rocket chat was generating were longer than the oAuth tokens generated by the Una Oauth2 module.
this suggests a mismatch in key generating algorithms, one weaker, one stronger.
and for making compatability with both, they would expect the same length keys.
:)
i dont have screenshots handy, this was over a month and a half ago i experienced this.