Configuring OpenAuth login for your own Talkyard
Here's brief info about how to configure Gmail, Facebook, Twitter and GitHub OpenAuth login, for your self hosted Talkyard server.
If you try to follow these instructions — mabye you'd like to contribute with images and screenshots that illustrates the different steps? If you have time. And don't forget to erase peronal data or the actual addresses you use, from any screenshots you might submit.
The instructions:
The Talkyard config file you need to copy-paste keys and secrets into, is /opt/talkyard/conf/play-framework.conf
, at the end of the file. (On your server.)
The login callbacks that you will need to fill in, over at Google's, Facebook's etc OpenAuth configuration pages, are https://your.website.com/-/login-auth-callback/NAME
where NAME is one of google
, twitter
, facebook
, github
.
Facebook:
- Go to https://developers.facebook.com, and sign up or log in
- Select the My Apps menu to the upper right
- Click Add New App
- Create a Products | Facebook Login app. (We should write more about this and
add screenshots.) - Copy-paste the Facebook app id into
#facebook.clientID="..."
and#facebook.clientSecret="..."
(instead of the...
), and activate ("comment in") each line by removing the#
.
Helpful screenshots in KeyCloak's Facebook app instructions:
https://www.keycloak.org/docs/latest/server_admin/#facebook — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Add a New App".
If you have a blog comments Talkyard site, then, in Facebook's "website" field, only type the address to your Talkyard comments site
— e.g. comments.your-blog.com
but not www.your-blog.com
(the latter, i.e. the blog itself, is not a Talkayrd site).
Gmail / Google:
- Go to https://console.developers.google.com
- Click API & Services
- Click Credentials, create an OAuth app for websites
- Click Libraries, enable Google+ (not Google+ Domains, don't know what that is)
- Copy-paste your client ID and secret into
#google.clientID="..."
and#google.clientSecret="..."
,
and remove the#
.
Helpful screenshots in KeyCloak's add-Google-login instructions:
https://www.keycloak.org/docs/latest/server_admin/#google — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Let’s see first how to create a project with Google".
Twitter:
- Go to https://apps.twitter.com, sign up or log in.
- Click Create New App
- As callback URL, specify:
https://your.website.com/-/login-auth-callback/twitter
- Copy-paste your key and secret into
#twitter.consumerKey="..."
and#twitter.consumerSecret="..."
,
and remove the#
.
Helpful screenshots in KeyCloak's Twitter instructions:
https://www.keycloak.org/docs/latest/server_admin/#twitter — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Register Application".
GitHub:
- Log in to GitHub. Click your avatar menu. Then Settings, then Developer Settings, OAuth Apps.
- Copy-paste your client ID and secret into
#github.clientID="..."
and#github.clientSecret="..."
,
and remove the#
.
Helpful screenshots in KeyCloak's GitHub instructions:
https://www.keycloak.org/docs/latest/server_admin/#github — skip the first screenshot (it's about KeyCloak not Talkyard); instead scroll down to "Add a New App".
- BHelge Walter @bewalticus
I'tried to configure Google authentication but end up with the following error:
- In the Login pop-up there is a "Google" button
- Clicking this button leads to the follwoing page: https://che.bewalticus.de/-/login-oauth-then-return/google?returnToOrigin=https%3A%2F%2Fche.bewalticus.de%3A443&xsrfToken=bla bla bla
- It shows the following error:
403 Forbidden
You need to login via the login origin, which is: `Some(https://che.bewalticus.de)' [DwE50U2]
Any ideas what's wrong here?
PS: I use Talkyard as commenting system for the website https://www.bewalticus.de
- KajMagnus @KajMagnus2020-05-21 08:46:30.104Z
Seems there's a problem with port number 443 getting included in the return-to query param in this URL:
https://che.bewalticus.de/-/login-oauth-then-return/google?returnToOrigin=https%3A%2F%2Fche.bewalticus.de%3A443&xsrfToken=bla bla bla
There's
:443
, after decoding:https://che.bewalticus.de:443
.But Talkyard thinks the return-to origin should be
https://che.bewalticus.de
(without the port number:443
).Is Talkyard possibly behind a reverse proxy, on port 443, over
http
(nothttps
)?
Sth like:proxy_pass http://talkard:443
? Then would you like to try withhttp://talkard
instead?And / or maybe you could send me the
/opt/talkyard/conf/play-framework.conf
file with passwords removed and the app secret removed? As a private message.
And any Nginx or Apache reverse proxy config, if Talkyard is behind a reverse proxy?- BHelge Walter @bewalticus
Yes, you are right. Talkyard is behind a nginx reverse proxy. I use this for certificate and virtual host management.
I'll send you the configuration details via PM.