OAuth is always returning Guest user

We're trying to setup Dokuwiki as a service that can authenticate using OAuth 2 to Hub. We've created the service in Hub (using the admin area) and got the secret key and id. All good.

However, whenever anyone clicks the login button and authenticates using the Hub login page, the token they receive always seems to be for "Guest" and not the user that just authenticated.

When we use that token to access:

api/rest/users/me

The result comes back as:

Array ( [type] => user [id] => 3b0a36ec-4e47-41fc-b3f6-bfcb5cc6b842 [name] => guest [login] => guest [banned] => 1 [guest] => 1 )

In Hub, the Dokuwiki service is created, but has no roles, permissions or resources. I don't see a way to add a user to the Dokuwiki service since there's no JetBrains 'license'.

Any help you can provide would be greatly appreciated.

5 comments
Comment actions Permalink
Official comment

Hello Alex, thank you for your question.

Could you probably elaborate a bit and describe your use case? What are you trying to achieve and how would you like to achieve it? Thank you very much.

Comment actions Permalink

Our use case is to use Doku wiki and allow the user to authenticate using Hub. Dokuwiki has an OAuth2 login plugin which seems to work. All we need to provide to Dokuwiki is the name and email of the user that comes from Hub.

Ideal scenario:

  1. Someone from our team goes to the Wiki home page
  2. User clicks "Login with Hub" (we have this part)
  3. They are brought to the Hub login page where they enter credentials and login
  4. User returned to our page with an OAuth2 'code'
  5. OAuth2 magic generates the token
  6. Token lets Dokuwiki call the /users/me endpoint and get name, email of user

Steps 1-5 seem to work. We go through the whole OAuth2 process. But for step 6, when we try to get details about the user with the token that was generated, it comes back with info about the guest account which is banned.

For OAuth2, we're using the ID and Secret for the DokuWiki service we created in Hub

For scope, we are requesting 0-0-0-0-0 (Hub) and the DokuWiki UUID.

I hope that helps explain more, but if you need more details, I'll gladly provide them.

0
Comment actions Permalink

Hello Alex,

first please find the link to our documentation on OAuth 2.0 Authorization: https://www.jetbrains.com/help/hub/2.5/OAuth-2.0-Authorization.html

DokuWiki needs to exchange code received from Hub to an access token as described in our documentation https://www.jetbrains.com/help/hub/2.5/Authorization-Code.html

As far as we can tell, DokuWiki supports the plugin: https://www.dokuwiki.org/plugin:oauth. You need to proceed to the Development section: https://www.dokuwiki.org/plugin:oauth#development and write some additional code to the plugin for the flow from our documentation: https://www.jetbrains.com/help/hub/2.5/Authorization-Code.html

 

Please let us know if you have any further questions.

0
Comment actions Permalink

Yes, that has all already been done. We get a OAuth2 token back. That token seems to be for the wrong user.

Hub should not be providing a valid token for the Guest account when I login with a real user's credentials. There *is* a token being generated though and it is valid, since I'm able to make API requests with it. It just seems that the token is for the wrong account (guest) when it should be for the account that I logged in with.

Can you tell me:

* With OAuth, if the authentication fails, does Hub send the authentication token/code for Guest for some reason? It should just be failing out.

* If the token is valid for my account, is there any reason that loading /api/rest/users/me would return the Guest account details?

The setup is working for Dokuwiki since I'm getting a valid token that's allowing me to make OAuth requests.

0
Comment actions Permalink

Hello Alex,

it can be that you’ve got a service token for your registered Dokuwiki service but not a token for the logged in user. It will be possible to use it in API calls and the author of all changes will be Docuwiki service. You can check it this way: make an API call with that token that creates a user/group. In audit events for that group check the author of the change. If it is Dokuwiki service then it is a service token, not a user token.

0

Please sign in to leave a comment.