Pas.plugins.authomatic and GitHub logins

tkimnguyen · September 22, 2024, 4:05pm

I've created a new site using https://github.com/plone/2024.ploneconf.org and am trying to configure the GitHub logins.

I went to https://github.com/settings/developers and created a new app. I copied the "Client ID" and the client secret to the JSON configuration in my site's @@authomatic-controlpanel

{
    "github": {
        "id": 1,
        "display": {
            "title": "Github",
            "cssclasses": {
                "button": "plone-btn plone-btn-default",
                "icon": "glypicon glyphicon-github"
            },
            "as_form": false
        },
        "propertymap": {
            "email": "email",
            "link": "home_page",
            "location": "location",
            "name": "fullname",
            "avatar_url": "portrait",
            "username": "github_username"
        },
        "class_": "authomatic.providers.oauth2.GitHub",
        "consumer_key": "the_client_ID",
        "consumer_secret": "a_generated_client_secret",
        "access_headers": {
            "User-Agent": "Plone (pas.plugins.authomatic)"
        }
    }
}

The "Authorization callback URL" is a required field, but I didn't know what to put in it. I have not found documentation that helps in that regard. I tried putting in the site URL, e.g., https://mysite.com, but that did not seem to work.

Looking at the source for pas.plugins.authomatic, it seemed like https://mysite.com/authomatic-handler could be a good guess, as per https://github.com/collective/pas.plugins.authomatic/blob/d35f00ea0099d5264531a45dc84c024cdf0de0d9/src/pas/plugins/authomatic/browser/configure.zcml#L27C13-L27C31 but setting that and trying to log in would give me an error page like this

redirect_uri_error

I thought that generating a new client secret (and updating my site's JSON) would help get past that, and it seemed to, because I no longer got that error but was taken back to the /login page with an error at the bottom

Then a friend cough(@ericof)cough asked me whether the site is Classic or Volto and since it's Volto he suggested that the callback URL should be https://mysite.com/login-authomatic/github, so I tried that but still get that Login Failed error. https://mysite.com/login-authomatic/ does not work either.

It would be lovely to have a simple walk through of what needs to be entered and done to get this plugin working with GitHub and Google... I'm happy to add one for whichever provider I can get working.

stevepiercy · September 23, 2024, 6:08am

Getting the settings just right is tricky. See Customize Your Project – Plone Deployment — Plone Training 2024 documentation

GNUamua · September 24, 2024, 1:35am

The authomatic plugin is outdated for a few sites, one of them being Twitter or X.
I had to go into the source and redo the percent-encoding for the updated twitter API version 2.

Google was fairly straight forward, but I did have to change a few things in the backend authomatic code to get things working properly.

The login on my Volto site: Login is this similar to what you want to do?

P.S. Don't mean to advertise or anything, I'm just honestly not aware of any other Volto sites that use authomatic (updated) with all 3 providers like this.

I also emailed the developers at authomatic and tried to contact on GitHub about incorporating my updates for Twitter/X & Google and never received any response.

I'd be very interested in someone looking over my changes and helping to update the plugin for Volto!

tkimnguyen · September 24, 2024, 1:51pm

Yes, though I want just one provider.

Maybe post the link to your PR here.

tkimnguyen · September 24, 2024, 1:52pm

Thanks! That is exactly what I was looking for. It would be nice if the pas.plugins.authomatic repo had something like this.

tkimnguyen · September 24, 2024, 2:12pm

Looking at the browser console, I see this:

++api++/@login-authomatic/github:1 
        
        
       Failed to load resource: the server responded with a status of 401 (Unauthorized)

{
"next_url": "https://github.com/login/oauth/authorize?client_id=xxx&redirect_uri=http%3A%2F%2Fnew.waverobotics.com%2Flogin-authomatic%2Fgithub&scope=&state=yyy%3D&response_type=code",
"session": "zzz"
}```

stevepiercy · September 24, 2024, 9:26pm

I'm sure the maintainer would appreciate a pull request to their README.

stevepiercy · September 24, 2024, 9:27pm

I don't know. Last year I started an issue with troubleshooting tips, but this issue does not appear there. Perhaps you can add to it?

github.com/plone/training

Add troubleshooting guide to Plone Deployment

opened 10:51AM - 07 Oct 23 UTC

stevepiercy

31 needs: help 21 status: confirmed

Add a new page, "Troubleshooting", to Plone Deployment. 1. https://github.com…/collective/cookiecutter-plone-starter/issues/79 2. Docker requires sufficient virtual disk space to install and build images. A typical error message may be `Could not create directory.` or anything else that mentions writing to the image. To resolve this, use an appropriate `docker system prune` option, such as `docker system prune -a`. See also https://docs.docker.com/engine/reference/commandline/system_prune/. You can also configure settings for Docker Desktop. Under `Prefences > Resources > Advanced`, you can configure appropriate settings for virtual disk limit and memory. See also [Change Docker Desktop settings on Mac](https://docs.docker.com/desktop/settings/mac/#advanced), [Change Docker Desktop settings on Windows](https://docs.docker.com/desktop/settings/windows/), or [Change Docker Desktop settings on Linux](https://docs.docker.com/desktop/settings/linux/). 3. Docker requires sufficient memory to install and build images. See the previous item for details. 4. https://community.plone.org/t/how-much-ram-is-required-to-build-a-volto-front-end/17949 @elcoda @deruosi

tkimnguyen · September 26, 2024, 1:39am

I will if I can ever get this to work

GNUamua · September 26, 2024, 4:29am

I apologize as I'm in the process of moving and very busy. I will get back to this after Oct 1st.

I didn't submit a pull request because I changed the percent-encoding used in core.py in the authomatic package, as well as amending the Twitter class to oauth2.py.
I emailed Peter about it, and created an issue that is now deleted. I wanted to inquire before submitting the PR because I wasn't entirely sure I broke a different provider that depended on parse.unquote_plus, but that was breaking for Twitter and Google.

I'll try to submit a pull request in the meantime, and post the link.

Sorry for being so busy, but I'm sure we can get the needed updates integrated for future use, especially with y'alls support. Thank you for your time on this!

P.S. The redirect URL I had to use with Google was https://mysite.com/login-authomatic/google

tkimnguyen · September 26, 2024, 2:17pm

No need to apologize! Any help is appreciated, whenever possible.