FUMO FUNGUS on Nostr: hey lain Haelwenn /элвэн/ :triskell: any of you two could give a quick help with ...
hey lain (npub1wah…xc8t) Haelwenn /элвэн/ :triskell: (npub1ysu…2jyl) any of you two could give a quick help with Pleroma and OAuth please?
I try to use Pleroma as a provider for oauth2-proxy but end a weird situation I don't understand
that's how I start oauth2-proxy:
oauth2-proxy --provider oidc \
--provider-display-name 'Udongein.xyz' \
--client-id 'thatstheclientid' \
--client-secret 'thatstheclientsecretdonotleak!' \
--skip-oidc-discovery=true \
--login-url 'https://udongein.xyz/oauth/authorize'; \
--oidc-jwks-url 'https://udongein.xyz/oauth/token'; \
--redeem-url 'https://udongein.xyz/oauth/token'; \
--oidc-issuer-url 'https://udongein.xyz'; \
--redirect-url 'https://secretprojecthehecat.udongein.xyz/'; \
--cookie-secure=false \
--cookie-secret='asdfasdfasdfasdf' \
--email-domain=*
The flow is /really/ weird, when I try to log-in I'm well redirect to Pleroma (attachment 1, URL as alt), but when I approve (authorize) I have an authentication error (attachment 2, URL as alt) and lose the state. Browser's network tab shows me 401 on authorize document.
apps according to Pleroma (DB)
pleroma=# select * from apps where client_id='thatstheclientid';
-[ RECORD 1 ]-+-----------------------------------------------
id | 42
client_name | emojiquest
redirect_uris | https://secretprojecthehecat.udongein.xyz/oauth/callback
scopes | {read}
website |
client_id | thatstheclientid
client_secret | thatstheclientsecretdonotleak
inserted_at | 2023-12-18 18:15:13
updated_at | 2023-12-18 18:15:13
trusted | t
user_id |
my first assumption is the redirect uri being wrong, but I'm lost without insight
if you could help me it would be awesome (and I'll do my best to backport knowledge in documentation)
I try to use Pleroma as a provider for oauth2-proxy but end a weird situation I don't understand
that's how I start oauth2-proxy:
oauth2-proxy --provider oidc \
--provider-display-name 'Udongein.xyz' \
--client-id 'thatstheclientid' \
--client-secret 'thatstheclientsecretdonotleak!' \
--skip-oidc-discovery=true \
--login-url 'https://udongein.xyz/oauth/authorize'; \
--oidc-jwks-url 'https://udongein.xyz/oauth/token'; \
--redeem-url 'https://udongein.xyz/oauth/token'; \
--oidc-issuer-url 'https://udongein.xyz'; \
--redirect-url 'https://secretprojecthehecat.udongein.xyz/'; \
--cookie-secure=false \
--cookie-secret='asdfasdfasdfasdf' \
--email-domain=*
The flow is /really/ weird, when I try to log-in I'm well redirect to Pleroma (attachment 1, URL as alt), but when I approve (authorize) I have an authentication error (attachment 2, URL as alt) and lose the state. Browser's network tab shows me 401 on authorize document.
apps according to Pleroma (DB)
pleroma=# select * from apps where client_id='thatstheclientid';
-[ RECORD 1 ]-+-----------------------------------------------
id | 42
client_name | emojiquest
redirect_uris | https://secretprojecthehecat.udongein.xyz/oauth/callback
scopes | {read}
website |
client_id | thatstheclientid
client_secret | thatstheclientsecretdonotleak
inserted_at | 2023-12-18 18:15:13
updated_at | 2023-12-18 18:15:13
trusted | t
user_id |
my first assumption is the redirect uri being wrong, but I'm lost without insight
if you could help me it would be awesome (and I'll do my best to backport knowledge in documentation)