Configuring OpenAuth login for your own Talkyard

2019-01-29 13:43:15.988Z2020-05-15 03:09:32.889Z

Here's brief info about how to configure Gmail, Facebook, Twitter and GitHub OpenAuth login, for your self hosted Talkyard server.

If you try to follow these instructions — mabye you'd like to contribute with images and screenshots that illustrates the different steps? If you have time. And don't forget to erase peronal data or the actual addresses you use, from any screenshots you might submit.

The instructions:

The Talkyard config file you need to copy-paste keys and secrets into, is /opt/talkyard/conf/play-framework.conf, at the end of the file. (On your server.)

The login callbacks that you will need to fill in, over at Google's, Facebook's etc OpenAuth configuration pages, are https://your.website.com/-/login-auth-callback/NAME where NAME is one of google, twitter, facebook, github.

Facebook:

Go to https://developers.facebook.com, and sign up or log in
Select the My Apps menu to the upper right
Click Add New App
Create a Products | Facebook Login app. (We should write more about this and
add screenshots.)
Copy-paste the Facebook app id into #facebook.clientID="..." and #facebook.clientSecret="..."
(instead of the ...), and activate ("comment in") each line by removing the #.

Helpful screenshots in KeyCloak's Facebook app instructions:
https://www.keycloak.org/docs/latest/server_admin/#facebook — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Add a New App".

If you have a blog comments Talkyard site, then, in Facebook's "website" field, only type the address to your Talkyard comments site
— e.g. comments.your-blog.com but not www.your-blog.com (the latter, i.e. the blog itself, is not a Talkayrd site).

Gmail / Google:

Go to https://console.developers.google.com
Click API & Services
Click Credentials, create an OAuth app for websites
Click Libraries, enable Google+ (not Google+ Domains, don't know what that is)
Copy-paste your client ID and secret into #google.clientID="..." and #google.clientSecret="...",
and remove the #.

Helpful screenshots in KeyCloak's add-Google-login instructions:
https://www.keycloak.org/docs/latest/server_admin/#google — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Let’s see first how to create a project with Google".

Twitter:

Go to https://apps.twitter.com, sign up or log in.
Click Create New App
As callback URL, specify: https://your.website.com/-/login-auth-callback/twitter
Copy-paste your key and secret into #twitter.consumerKey="..." and #twitter.consumerSecret="...",
and remove the #.

Helpful screenshots in KeyCloak's Twitter instructions:
https://www.keycloak.org/docs/latest/server_admin/#twitter — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Register Application".

GitHub:

Log in to GitHub. Click your avatar menu. Then Settings, then Developer Settings, OAuth Apps.
Copy-paste your client ID and secret into #github.clientID="..." and #github.clientSecret="...",
and remove the #.

Helpful screenshots in KeyCloak's GitHub instructions:
https://www.keycloak.org/docs/latest/server_admin/#github — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Add a New App".

Reply

3 replies

B
Helge Walter @bewalticus
2020-05-20 13:24:18.473Z
I'tried to configure Google authentication but end up with the following error:

In the Login pop-up there is a "Google" button

Clicking this button leads to the follwoing page: https://che.bewalticus.de/-/login-oauth-then-return/google?returnToOrigin=https%3A%2F%2Fche.bewalticus.de%3A443&xsrfToken=bla bla bla

It shows the following error:
403 Forbidden
You need to login via the login origin, which is: `Some(https://che.bewalticus.de)' [DwE50U2]

Any ideas what's wrong here?

PS: I use Talkyard as commenting system for the website https://www.bewalticus.de
Reply
1. KajMagnus @KajMagnus
  core-dev
  support-team
  2020-05-21 08:46:30.104Z
  Seems there's a problem with port number 443 getting included in the return-to query param in this URL:
  
  https://che.bewalticus.de/-/login-oauth-then-return/google?returnToOrigin=https%3A%2F%2Fche.bewalticus.de%3A443&xsrfToken=bla bla bla
  
  There's :443, after decoding: https://che.bewalticus.de:443.
  
  But Talkyard thinks the return-to origin should be https://che.bewalticus.de (without the port number :443).
  
  Is Talkyard possibly behind a reverse proxy, on port 443, over http (not https)?
  Sth like: proxy_pass http://talkard:443 ? Then would you like to try with http://talkard instead?
  
  And / or maybe you could send me the /opt/talkyard/conf/play-framework.conf file with passwords removed and the app secret removed? As a private message.
  And any Nginx or Apache reverse proxy config, if Talkyard is behind a reverse proxy?
  Reply
  B Helge Walter @bewalticus
  2020-05-21 09:06:20.032Z
  Yes, you are right. Talkyard is behind a nginx reverse proxy. I use this for certificate and virtual host management.
  I'll send you the configuration details via PM.
  
  Reply

ReplyAdd progress note