How can I make ERPNext use my OAuth2 provider

I have an application which acts as on OAuth2 provider. I want to make ERPNext an OAuth2 client for that provider. The provider is configurable as to what data it sends in response to a data request.

How do I set this up? I have tried adding a social login, but I have no idea what to put in the various fields (they are not exactly self-explanatory!).

Help!

redirect uri doesn’t contain @ symbol.

it should be registered on your provider.

use /api/method/frappe.integrations.oauth2_logins.custom/local_hub

1 Like

Thankyou, thankyou thankyou.

I had given up on this project, but have just come back to it, and your answer just works!

I only wish it was mentioned in the documentation, or findable in a Google search!

1 Like

Well, I thought I had it all working. But, when the OAuth2 flow is completed, my browser is directed to https://frontend:8000

Any idea how to fix that?

@revant_one

try adding host_name key with actual site hostname as value to site_config.json

You would have thought that would happen automatically when creating the site?

it’s not required always. site can be different, dns name can be different.

I’ve not set it yet my sites work

It now redirects to port 8000 at my site (which is obviously wrong - it should not be using a port).

I fixed by adding the following line to all my host server nginx proxies:

proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://$host$relpath;

But it shouldn’t be necessary, I don’t think.

The full nginx file is

upstream frontend-server {
        server 172.16.20.2:8080 fail_timeout=0;
}
upstream backend-server {
        server 172.16.20.4:8000 fail_timeout=0;
}
upstream socketio-server {
        server 172.16.20.3:9000 fail_timeout=0;
}
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
        default $scheme;
        https https;
}
server {
        server_name <my server name>;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
        real_ip_header X-Forwarded-For;
	location / {
		proxy_set_header X-Forwarded-Host $host:$server_port;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
		proxy_set_header x-forwarded-proto https;
                proxy_set_header X-Frappe-Site-Name $host;
                proxy_set_header Origin $scheme://$host;
                proxy_set_header Host $host;
		proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://$host$relpath;
		proxy_pass	http://frontend-server;
	}
        location /socket.io {
                proxy_http_version 1.1;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Frappe-Site-Name $host;
                proxy_set_header Origin $scheme://$host;
                proxy_set_header Host $host;
		proxy_redirect ~^(https?://[^:]+):\d+(?<relpath>/.+)$ http://$host$relpath;
                proxy_pass http://socketio-server;
        }
        location @webserver {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
                proxy_set_header X-Frappe-Site-Name $host;
                proxy_set_header Host $host;
                proxy_set_header X-Use-X-Accel-Redirect True;
                proxy_read_timeout 120;
                proxy_redirect off;
                proxy_pass  http://backend-server;
        }
        # optimizations
        sendfile on;
        keepalive_timeout 15;
        client_max_body_size 50m;
        client_body_buffer_size 16K;
        client_header_buffer_size 1k;
        # enable gzip compression
        # based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
        gzip on;
        gzip_http_version 1.1;
        gzip_comp_level 5;
        gzip_min_length 256;
        gzip_proxied any;
        gzip_vary on;
        gzip_types
                application/atom+xml
                application/javascript
                application/json
                application/rss+xml
                application/vnd.ms-fontobject
                application/x-font-ttf
                application/font-woff
                application/x-web-app-manifest+json
                application/xhtml+xml
                application/xml
                font/opentype
                image/svg+xml
                image/x-icon
                text/css
                text/plain
                text/x-component;
                # text/html is always compressed by HttpGzipModule
    listen 443 ssl; # managed by Certbot
# I've left out the certificate details
}