No internet connection
  1. Home
  2. Support

Configuring OpenAuth login for your own Talkyard

By KajMagnus @KajMagnus2019-01-29 13:43:15.988Z2020-05-15 03:09:32.889Z

Here's brief info about how to configure Gmail, Facebook, Twitter and GitHub OpenAuth login, for your self hosted Talkyard server.

If you try to follow these instructions — mabye you'd like to contribute with images and screenshots that illustrates the different steps? If you have time. And don't forget to erase peronal data or the actual addresses you use, from any screenshots you might submit.

The instructions:

The Talkyard config file you need to copy-paste keys and secrets into, is /opt/talkyard/conf/play-framework.conf, at the end of the file. (On your server.)

The login callbacks that you will need to fill in, over at Google's, Facebook's etc OpenAuth configuration pages, are https://your.website.com/-/login-auth-callback/NAME where NAME is one of google, twitter, facebook, github.

Facebook:

  • Go to https://developers.facebook.com, and sign up or log in
  • Select the My Apps menu to the upper right
  • Click Add New App
  • Create a Products | Facebook Login app. (We should write more about this and
    add screenshots.)
  • Copy-paste the Facebook app id into #facebook.clientID="..." and #facebook.clientSecret="..."
    (instead of the ...), and activate ("comment in") each line by removing the #.

Helpful screenshots in KeyCloak's Facebook app instructions:
https://www.keycloak.org/docs/latest/server_admin/#facebook — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Add a New App".

If you have a blog comments Talkyard site, then, in Facebook's "website" field, only type the address to your Talkyard comments site
— e.g. comments.your-blog.com but not www.your-blog.com (the latter, i.e. the blog itself, is not a Talkayrd site).

Gmail / Google:

  • Go to https://console.developers.google.com
  • Click API & Services
  • Click Credentials, create an OAuth app for websites
  • Click Libraries, enable Google+ (not Google+ Domains, don't know what that is)
  • Copy-paste your client ID and secret into #google.clientID="..." and #google.clientSecret="...",
    and remove the #.

Helpful screenshots in KeyCloak's add-Google-login instructions:
https://www.keycloak.org/docs/latest/server_admin/#google — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Let’s see first how to create a project with Google".

Twitter:

  • Go to https://apps.twitter.com, sign up or log in.
  • Click Create New App
  • As callback URL, specify: https://your.website.com/-/login-auth-callback/twitter
  • Copy-paste your key and secret into #twitter.consumerKey="..." and #twitter.consumerSecret="...",
    and remove the #.

Helpful screenshots in KeyCloak's Twitter instructions:
https://www.keycloak.org/docs/latest/server_admin/#twitter — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Register Application".

GitHub:

  • Log in to GitHub. Click your avatar menu. Then Settings, then Developer Settings, OAuth Apps.
  • Copy-paste your client ID and secret into #github.clientID="..." and #github.clientSecret="...",
    and remove the #.

Helpful screenshots in KeyCloak's GitHub instructions:
https://www.keycloak.org/docs/latest/server_admin/#github — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Add a New App".

  • 3 replies
  1. B
    Helge Walter @bewalticus2020-05-20 13:24:18.473Z

    I'tried to configure Google authentication but end up with the following error:

    Any ideas what's wrong here?

    PS: I use Talkyard as commenting system for the website https://www.bewalticus.de

    1. KajMagnus @KajMagnus2020-05-21 08:46:30.104Z

      Seems there's a problem with port number 443 getting included in the return-to query param in this URL:

      https://che.bewalticus.de/-/login-oauth-then-return/google?returnToOrigin=https%3A%2F%2Fche.bewalticus.de%3A443&xsrfToken=bla bla bla
      

      There's :443, after decoding: https://che.bewalticus.de:443.

      But Talkyard thinks the return-to origin should be https://che.bewalticus.de (without the port number :443).

      Is Talkyard possibly behind a reverse proxy, on port 443, over http (not https)?
      Sth like: proxy_pass http://talkard:443 ? Then would you like to try with http://talkard instead?

      And / or maybe you could send me the /opt/talkyard/conf/play-framework.conf file with passwords removed and the app secret removed? As a private message.
      And any Nginx or Apache reverse proxy config, if Talkyard is behind a reverse proxy?

      1. BHelge Walter @bewalticus2020-05-21 09:06:20.032Z

        Yes, you are right. Talkyard is behind a nginx reverse proxy. I use this for certificate and virtual host management.
        I'll send you the configuration details via PM.