PloneConf 2022 Deployment Training OAuth configuration

From the PloneConf 2022 Plone Deployment Training, I ran through everything up through installing the OAuth add-on pas.plugins.authomatic. While working through it, I created a pull request to update the training documentation.

I am stuck at the point of configuration of the GitHub OAuth app and configuration of the add-on.

I have tried many permutations, none of which worked. Part of my confusion is whether this should be configured for Classic UI (port 8080) or Volto (port 3000). I am also uncertain of the GitHub OAuth app Authorization callback URL value. And finally I am uncertain of whether I have used the correct values for consumer_key and consumer_secret as described in the preview of this PR.

If anyone went through the training, or can better explain to me the correct configuration of both the GitHub OAuth app and the add-on, I would be very grateful and would be able to complete this PR.

I remember this configuration being tricky as there are so many possible options

Yes, and I just noticed that the documentation for pas.plugins.authomatic on PyPI has some additional information for configuration for both Classic UI and Volto, including installing another add-on for Volto, volto-authomatic. I think that I will try again with just Classic UI for now, then try to add it for Volto on the second pass.

Nonetheless, I do not know the proper values for the GitHub OAuth app.

Also I assume that each frontend, Classic UI and Volto, requires its unique GitHub OAuth app due to different ports and endpoints, correct?

I only ever tried it with an old version of Plone. Maybe I could help you take a look at the configuration for Plone.org

I finally figured it all out, with a little help from @tkimnguyen, and reading more docs of the two add-ons, one for Classic UI and the other for Volto. The procedure should now be complete and easier to follow. I walked through it a few times to double-check.

It would be great if at least one other person walks through this training from Add OAuth support to the end.

3 Likes

this is really good stuff @stevepiercy !

There is a new checkbox at the bottom of the form when you create a GitHub OAuth app:

Enable Device Flow
Allow this OAuth App to authorize users via the Device Flow.

Read the Device Flow documentation for more information.

I was able to log into the back end but the front end login flow ends with an error:

2023-09-23 10:08:07,390 ERROR   [Zope.SiteErrorLog:35][waitress-1] ValueError: http://localhost:3000/@login-authomatic/github
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 390, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 85, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.rest.service, line 22, in __call__
  Module plone.restapi.services, line 19, in render
  Module pas.plugins.authomatic.services.authomatic, line 245, in reply
  Module pas.plugins.authomatic.services.authomatic, line 170, in _add_identity
  Module pas.plugins.authomatic.plugin, line 105, in remember_identity
  Module pas.plugins.authomatic.plugin, line 79, in _provider_id
ValueError: Invalid: Empty user.id

IMO, this information should be part of the add-on's documentation, or at least it should be pointed to