Conversation

Notices

hey @lain @lanodan any of you two could give a quick help with Pleroma and OAuth please?

I try to use Pleroma as a provider for oauth2-proxy but end a weird situation I don't understand

that's how I start oauth2-proxy:

oauth2-proxy --provider oidc \ --provider-display-name 'Udongein.xyz' \ --client-id 'thatstheclientid' \ --client-secret 'thatstheclientsecretdonotleak!' \ --skip-oidc-discovery=true \ --login-url 'https://udongein.xyz/oauth/authorize' \ --oidc-jwks-url 'https://udongein.xyz/oauth/token' \ --redeem-url 'https://udongein.xyz/oauth/token' \ --oidc-issuer-url 'https://udongein.xyz' \ --redirect-url 'https://secretprojecthehecat.udongein.xyz/' \ --cookie-secure=false \ --cookie-secret='asdfasdfasdfasdf' \ --email-domain=*

The flow is /really/ weird, when I try to log-in I'm well redirect to Pleroma (attachment 1, URL as alt), but when I approve (authorize) I have an authentication error (attachment 2, URL as alt) and lose the state. Browser's network tab shows me 401 on authorize document.

apps according to Pleroma (DB)

pleroma=# select * from apps where client_id='thatstheclientid'; -[ RECORD 1 ]-+----------------------------------------------- id | 42 client_name | emojiquest redirect_uris | https://secretprojecthehecat.udongein.xyz/oauth/callback scopes | {read} website | client_id | thatstheclientid client_secret | thatstheclientsecretdonotleak inserted_at | 2023-12-18 18:15:13 updated_at | 2023-12-18 18:15:13 trusted | t user_id |

my first assumption is the redirect uri being wrong, but I'm lost without insight

if you could help me it would be awesome (and I'll do my best to backport knowledge in documentation) :cirno_please:

Public

Conversation

Notices

Feeds