I have an application which acts as on OAuth2 provider. I want to make ERPNext an OAuth2 client for that provider. The provider is configurable as to what data it sends in response to a data request.
How do I set this up? I have tried adding a social login, but I have no idea what to put in the various fields (they are not exactly self-explanatory!).
Help!
redirect uri doesn’t contain @
symbol.
it should be registered on your provider.
use /api/method/frappe.integrations.oauth2_logins.custom/local_hub
1 Like
Thankyou, thankyou thankyou.
I had given up on this project, but have just come back to it, and your answer just works!
I only wish it was mentioned in the documentation, or findable in a Google search!
1 Like
Well, I thought I had it all working. But, when the OAuth2 flow is completed, my browser is directed to https://frontend:8000
Any idea how to fix that?
@revant_one
try adding host_name key with actual site hostname as value to site_config.json
You would have thought that would happen automatically when creating the site?
it’s not required always. site can be different, dns name can be different.
I’ve not set it yet my sites work
It now redirects to port 8000 at my site (which is obviously wrong - it should not be using a port).
I fixed by adding the following line to all my host server nginx proxies:
proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://$host$relpath;
But it shouldn’t be necessary, I don’t think.
The full nginx file is
upstream frontend-server {
server 172.16.20.2:8080 fail_timeout=0;
}
upstream backend-server {
server 172.16.20.4:8000 fail_timeout=0;
}
upstream socketio-server {
server 172.16.20.3:9000 fail_timeout=0;
}
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $scheme;
https https;
}
server {
server_name <my server name>;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
real_ip_header X-Forwarded-For;
location / {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header x-forwarded-proto https;
proxy_set_header X-Frappe-Site-Name $host;
proxy_set_header Origin $scheme://$host;
proxy_set_header Host $host;
proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://$host$relpath;
proxy_pass http://frontend-server;
}
location /socket.io {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name $host;
proxy_set_header Origin $scheme://$host;
proxy_set_header Host $host;
proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://$host$relpath;
proxy_pass http://socketio-server;
}
location @webserver {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name $host;
proxy_set_header Host $host;
proxy_set_header X-Use-X-Accel-Redirect True;
proxy_read_timeout 120;
proxy_redirect off;
proxy_pass http://backend-server;
}
# optimizations
sendfile on;
keepalive_timeout 15;
client_max_body_size 50m;
client_body_buffer_size 16K;
client_header_buffer_size 1k;
# enable gzip compression
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# text/html is always compressed by HttpGzipModule
listen 443 ssl; # managed by Certbot
# I've left out the certificate details
}