Page MenuHomePhabricator
Create Task
Maniphest T8926

Issues configuring external auth providers
Closed, InvalidPublic
Actions

Description

Hi everyone,

I'm having a hard time implementing the following external authentication providers:

  • Twitter
  • Google
  • Bitbucket
  • Amazon

Provider "Github" is working. The others (eg. Wordpress, Disquss, ...) I did not test, since I do not have an account for them.

I'm running an up-to-date instance of Phabricator at https://phabricator.marc-richter.info. It is using a self-signed SSL certificate and it is hosted behind an nginx reverse_proxy. This proxy adds SSL encryption to the connection; the proxy gets it's data unencrypted (HTTP) from the Webserver serving Phabricator.

I've created a Mockup to show what's happening when I try to setup Twitter; I guess the others will have similar issues, so they are not listed there, for the sake of overseeable.

Can someone eventually think of what might be missing / wrong here? I always followed the instructions shown at the external provider setup site in Phabricator exactly.

Related Objects

Mocks
Restricted Pholio Mock

Event Timeline

Judge created this task.Jul 22 2015, 8:52 AM
Judge raised the priority of this task from to Needs Triage.
Judge updated the task description. (Show Details)
Judge added a project: Auth.
Judge added a mock: Restricted Pholio Mock.
Judge updated the task description. (Show Details)
Judge added a subscriber: Judge.
tycho.tatitscheff added a subscriber: tycho.tatitscheff.Jul 22 2015, 11:42 AM

I would say that :

They are not compatible together.

Judge added a comment.Jul 22 2015, 12:47 PM

I added the error from Google and Bitbucket to the Mockup.

Since three of the most common major OAuth providers do not work with my setup, I believe more in the fact that I (or even the Phacility) made a mistake during setup or the code than all three of these.

epriestley added a subscriber: epriestley.Jul 22 2015, 1:22 PM

To address two things immediately:

@tycho.tatitscheff is incorrect. PhutilTwitterAuthAdapter is an OAuth1 client, and expected to work correctly.

Using self-signed SSL should have no bearing on OAuth. OAuth flows do not require the remote server (Twitter, GitHub, etc.) to directly connect to your Phabricator install. The expectation is that they will work fine with self-signed certificates or installs on a private network which Twitter, etc., can not possibly access directly.

epriestley renamed this task from Issues implementing external auth providers to Issues configuring external auth providers.Jul 22 2015, 2:15 PM
Judge added a comment.Jul 22 2015, 3:02 PM

Thanks @epriestley for choosing a better issue description; sorry for my english ...

chad added a subscriber: chad.Jul 22 2015, 9:01 PM

FWIW, We use Google and Amazon here, and I just tested them without issue.

Judge added a comment.Jul 23 2015, 8:15 AM

Thanks @chad for your effords!
Maybe it's related to the reverse proxy? Since I'm not very familiar with the techniques behind OAuth, I have no ideas what to test or look for - suggestions welcome!

epriestley closed this task as Invalid.Apr 3 2016, 1:07 PM

This report doesn't have enough information for us to move forward or resolve it. See Providing Reproduction Steps for help with writing complete, self-contained reproduction steps that we can follow to reproduce an issue.

In particular, these providers work fine on this install and we haven't seen reports from other installs about issues with them, so it doesn't seem likely that this is an upstream issue. See Support Resources for help with installing and configuring Phabricator.

Phabricator · Built by Phacility