Skip to content

Requesting help using Pleroma as Oauth provider

Hi! I'm sorry for posting an issue here, but I figured it would likely get in front of someone who can easily straighten things out.

I'm trying to setup/test using a pleroma instance as oauth provider, and it's the client side settings that are causing me some issues, as I haven't yet been able to figure out how Pleroma deals with various items.

The client is the Oauth2 plugin for Peertube - the Pleroma app creation piece was fine, but beyond the callback URL it appears I don't know the Pleroma URI for getting user details appropriately.

Here's what I'm dealing with - the Peertube Oauth plugin required a bunch of settings:

Authorize URL path (required): /oauth/authorize Token URL path (required): /oauth/token Identity URL path (required): /oauth/registration_details Identity username field (required): username Identity email field (required): email (checkbox) Send identity token sent via HTTP header? (I've had this one on and off) Identity access token URL parameter name: code

I believe I have the Identity URL path set incorrectly, but I'm not sure what to replace it with. When trying to auth, I wind up producing an error on the Pleroma side, which I presume is what's causing the whole thing to fail on the Peertube side. The pleroma log entry that leads me to believe this is below.

Is there someone here who can confirm what these values should be? And, thanks so much in advance, I am not thrilled that I haven't been able to figure this out on my own yet.

Jan 26 18:05:57 Multibox1 pleroma[12370]: request_id=Fl3aYk5CBo7ixaYACsrh [error] Internal server error: %Phoenix.ActionClauseError{args: [%Plug.Conn{adapter: {Plug.Cowboy.Conn, :...}, assigns: %{locale: "en", remote_ip_found: true}, before_send: [#Function<2.111539819/1 in Phoenix.Controller.fetch_flash/2>, #Function<0.123471702/1 in Plug.Session.before_send/2>, #Function<0.15624660/1 in Pleroma.Web.Endpoint.PipelineInstrumenter.call/2>, #Function<1.99175675/1 in Plug.Logger.call/2>, #Function<0.11227428/1 in Plug.Telemetry.call/2>], body_params: %{}, cookies: %{}, halted: false, host: "yo.isurf.ca", method: "GET", owner: #PID<0.15002.15>, params: %{}, path_info: ["oauth", "registration_details"], path_params: %{}, port: 80, private: %{Pleroma.Web.Router => {[], %{}}, :phoenix_action => :registration_details, :phoenix_controller => Pleroma.Web.OAuth.OAuthController, :phoenix_endpoint => Pleroma.Web.Endpoint, :phoenix_flash => %{}, :phoenix_layout => {Pleroma.Web.LayoutView, "app.html"}, :phoenix_router => Pleroma.Web.Router, :phoenix_view => Pleroma.Web.OAuth.OAuthView, :plug_session => %{}, :plug_session_fetch => :done, :skipped_plugs => [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug]}, query_params: %{}, query_string: "", remote_ip: {208, 87, 96, 105}, req_cookies: %{}, req_headers: [{"accept-encoding", "gzip, deflate, br"}, {"authorization", "Bearer fTi3rY1wBYm4mZZ3gbaBiWBNOOe0IVbxu_NTLz6G9ug"}, {"connection", "upgrade"}, {"content-length", "0"}, {"host", "yo.isurf.ca"}, {"user-agent", "Popsicle (https://github.com/serviejs/popsicle)"}, {"x-forwarded-for", "208.87.96.105"}], request_path: "/oauth/registration_details", resp_body: nil, resp_cookies: %{}, resp_headers: [{"cache-control", "max-age=0, private, must-revalidate"}, {"access-control-allow-origin", "*"}, {"access-control-expose-headers", "Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key"}, {"access-control-allow-credentials", "true"}, {"x-xss-protection", "1; mode=block"}, {"x-permitted-cross-domain-policies", "none"}, {"x-frame-options", "DENY"}, {"x-content-type-options", "nosniff"}, {"referrer-policy", "same-origin"}, {"x-download-options", "noopen"}, {"content-security-policy", "upgrade-insecure-requests;script-src 'self';connect-src 'self' blob: https://yo.isurf.ca wss://yo.isurf.ca;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';"}, {"strict-transport-security", "max-age=31536000; includeSubDomains"}, {"expect-ct", "enforce, max-age=2592000"}, {"x-request-id", "Fl3aYk5CBo7ixaYACsrh"}], scheme: :http, script_name: [], secret_key_base: :..., state: :unset, status: nil}, %{}], arity: 2, clauses: nil, function: :registration_details, kind: nil, module: Pleroma.Web.OAuth.OAuthController}

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information