cosmocode / dokuwiki-plugin-oauth Goto Github PK

Hello,

just want to if is something planned to support nextcloud OAuth2.
the documentation is here if needed :
https://docs.nextcloud.com/server/18/admin_manual/configuration_server/oauth2.html

I tried to use Doorkeeper provider but the callback seems to not working. I'm getting a HTTP 500 on this url:
https://<DOKUWIKI_URL>/doku.php?state=&code=xxxxxxxxxxx

thank you

Hi I am trying to use this plugin to authenticate with Azure AD using the settings:

$conf['plugin']['oauth']['custom-key'] = 'your-application-key';
$conf['plugin']['oauth']['custom-secret'] = 'your-application-secret';
$conf['plugin']['oauth']['custom-authurl'] = 'https://login.microsoftonline.com/your-tenant-id/oauth2/authorize';
$conf['plugin']['oauth']['custom-tokenurl'] = 'https://login.microsoftonline.com/your-tenant-id/oauth2/token';
$conf['plugin']['oauth']['custom-meurl'] = 'https://login.windows.net/your-tenant-id/openid/userinfo';
$conf['plugin']['oauth']['custom-mapping'] = 'user=upn name=name mail=upn';
$conf['plugin']['oauth']['custom-scope'] = 'openid';
$conf['plugin']['oauth']['singleService'] = 'Custom';
$conf['plugin']['oauth']['register-login'] = 1;

from https://gist.github.com/jonty-comp/c91fb0acbb30c4e2e8700e607b6ec8d5

However I cannot get it to work and I am unsure if it is because the plugin is outdated or some other issue.

Any help or clarity is much appreciated

Best regards

There is Oryzone/PHPoAuthUserData project, which provides an additional abstraction layer on the top of PHPoAuthLib used in the plugin. It can also extract email information from Twitter oAuth.

@splitbrain, could you please review the possibility to use it in the oauth plugin? PHPoAuthUserData also has fresh and actual Facebook API implementation, and it should fix Facebook oauth issues as well.

The Plugin requests scope:user and scope:user_email for GitHub logins. But scope:user also entails write permission to the full profile and should not be required. The mail address and username can be obtained by only using scope:user_email

I think the code in question is here

I don't see why write access should be granted for Login or did I miss something? Here is the GitHub documentation for scopes: https://developer.github.com/v3/oauth/#scopes

Would be great if the plugin would only request minimal and read-only permissions to protect linked GitHub accounts.

I'm currently trying to build a adapter for Nextcloud based off of pull request #46 However I am having issues getting user information as it looks like nextcloud wants me to define the header OCS-APIRequest: true in my request.

My code line modified from that would need the header:
$result = $JSON->decode($this->oAuth->request($this->getUrl() . '/ocs/v1.php/cloud/user?format=json'));

You can see my full work here dugite-code@c6cd6c4

I know the gitlab pr isn't merged yet but I've been beating my head against a brick wall for a while so thought I would ask here if anyone had an idea, I know $extaheaders is used in phpoauthlib but I am unfortunately still very green with php

*Edit: there reason I am working off the gitlab pr is gitlab and nextcloud appear to have similar oath implementations

My organisation only uses Google oAuth for logging into internal DokuWiki. New users are registered automatically, but only when registration is turned on. Before 0aa332f we could turn off registration, and still allow new users through Google oAuth only.

Now, we have to turn on registration, which also shows the "Register"-button on the login page. This is confusing to new users, as they do not understand that registering is only done via the Google-button.

Could you please add an option so that the oAuth-plugin can revert to the previous mode, if so desired?

Thanks in advance!

It seems the wonderful OAuth plugin does not respect the registernotify configuration which reads

Always send info on newly registered users to this email address

If a user log-ins into a wiki for the first time a a new user is created for it, a notification should be sent.

When an upstream provider provides groups via the user API these groups are currently saved with the local users. When group memberships change upstream, dropped groups won't get deleted from the local user. Upstream groups should not be saved locally but always merged in on login only.

Add a way to select one oAuth provider as the default login method (disabling all other login methods and redirecting the login button directly to the selected oAuth login)

Right now if I set a single login provider (plugin»oauth»singleService) when I access dokuwiki, it first shows me a page, where I can click on a button which is named like my single login provider (in my case Keycloak), then I need to click on it.
If I'm not logged it. I get redirected to the login page of keycloak (or whatever service you choose). If I've already logged in on an other service (e.g. nextcloud) using keycloak, after clicking on that button, I'm also logged in in dokuwiki.
It would be great, that if I'm already logged in in keycloak, that that button wouldn't appeared, but I'm logged in automatically as soon as I access dokuwiki (nextcloud supports that).

Hi there

First of all: Thanks for writing that plugin! I'm in the process of setting up Dokuwiki for our startup, and integration with our auth system (Keycloak) was a breeze. I think the plugin could benefit from a few simple challenges though - I'll just put them in as a bullet list :)

• If we select just one auth provider (Keycloak) in our case, the login button in the header says "Login with Keycloak". This might make sense for an engineer, but it'll just confuse our users. They do not know what KC is, and they don't care. After all, pressing the button just brings them to our company login page where they put in their usual credentials. The login button should still just say "Log in" IMO.
• I disabled registration in Dokuwiki because otherwise, people outside the company could just register and then access our wiki. Unfortunately, that also disables auto-registration after a first-time OAUTH login of a new user (error Self-Registration is currently disabled or conf/users.auth.php is not writable).
  • This sort of renders the (awesome!) feature of limiting logins to specific domains pretty much useless - after all, we would have to create our users manually (where we already have control over whom we register)
  • That being said: Limiting by domain should be an inherent feature of registration IMO. That would make Dokuwiki immediately accessible for companies, and it should be a trivial feature to implement (for a PHP dev at least ;).
• Logging out of Keycloak seems to be broken as already reported.

Thanks again and keep up the great work!
Philipp

Hello Andi,

thanks a lot for your work on Dokuwiki and for all those acompanying plugins you authored...

Could you pls. register the oAuth plugin on https://translate.dokuwiki.org/plugin. I would love to add German translations to it.

Regards, Felix

As the subject says: OAuth login with github returns 404

Webserver: nginx
Dokuwiki: 2016-06-26a "Elenor of Tsort"
OAuth plugin: 2016-10-15

Description from https://bugs.lede-project.org/index.php?do=details&task_id=531

Try to login via github:

1. https://lede-project.org/ click on login via github
2. authenticate on github
3. when redirected back to lede-project.org, you receive 404 Error

Solution from the comments:

The empty "&state=" param appeneded by Github seemed to trip up Dokuwiki's oauth plugin. I added some workarounds in Nginx now to filter away the empty "&state=" query string param in order to avoid patching the PHP code itself.

With the workaround applied, Github logins appear to work fine again.

Would be nice if you could make the OAuth plugin function correctly again with the new github response, making such workarounds unnecessary.

Thanks in advance!

It seems the codes using google plus api. Therefore, the dokuwiki plugin (oauth) for google oauth should be not work after 2019/3/7

Code:
phpoauthlib/src/OAuth/OAuth2/Service/Google.php: const SCOPE_GPLUS_ME = 'https://www.googleapis.com/auth/plus.me'; phpoauthlib/src/OAuth/OAuth2/Service/Google.php: const SCOPE_GPLUS_LOGIN = 'https://www.googleapis.com/auth/plus.login';

Ref - https://developers.google.com/+/api-shutdown

I'd like to have a config option to remove the Username/Password form, because I don't have local users in my conf/users.auth.php

The newest Nexcloud version includes an option to log in with OAuth2 as a core feature. See here for some details:
https://github.com/soudis/oauth2

Creating the ID and the secret is no problem in the Nextcloud interface and I have configured the DW app with the settings under Doorkeeper to connect to the Nextcloud instance (for testing). It seems to work fine up to the point where it redirects back to the DW page after granting access with Nextcloud. The URL that is used to redirect looks like this:
[path to my dokuwiki]/doku.php?state=&code=[some random long list of letters and numbers]
However this results in just a blank page under DW.
Any idea what could be causing this? Maybe I missunderstood and the "Doorkeeper" isn't sufficiently generic to allow for a different provider for testing?

GitHub has deprecated the use of the access_token query parameter.

https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters

If I view a page which is not readable by everyone (but for the user I am logged in as), wait for >2 hours, and press reload, I will be forwarded to the start page.

(This can be unhandy in teaching situations or while having pages open for documentation while coding.)

The auth backend is oauth (Release date 2016-10-25), dokuwiki version is 2018-04-22a "Greebo". The problem has been seen in earlier releases of dokuwiki, too.

Many of my users do not provide an email address. As of now, this means these users can not log on to the wiki.

In a private mail Andreas Gohr pointed out:

Für Dinge wie e-Mail-Subscriptions werden
Informationen anderer Nutzer benötigt (Ich ändere eine Seite, aber du
sollst benachrichtigt werden - dafür wird deine eMail-Adresse
benötigt). Die müssen also lokal vorgehalten werden.

Can't that be solved in a way that a user without mail address simply doesn't get the subscription feature?

Hello!
I have bug

Step-by-step:

1. Click on Auth0 button
2. Click on Google button
3. Accept
4. When I redirected to my site, I see this: http://pastebin.com/s6QJFRSx

You can test it on my site http://rpginventory.endlesscode.ru/

Sorry for my bad english.

Question shared in the Auth0 forum:
DokuWiki and Auth0 with OAuth plugin

OP:

I am using the OAuth Plugin for DokuWiki, and have filled in the necessary fields for it to function on DokuWiki such as client id, domain, and client secret. Checked more than twice. I am using the same application I am using for the wordpress plugin, but I am not really sure if that is what I am supposed to do. I am utterly clueless as to what to do or how to set up an Auth0 authentication for my dokuwiki.

Auth0 forum user "Abhishek_Hingnikar1":

500 Seems to be coming from your server internals, are there any server side logs you have access to? Looking at the plugin source https://github.com/cosmocode/dokuwiki-plugin-oauth/blob/master/classes/Auth0Adapter.php#L25 it seems that the plugin was last updated in 2016, it seems to me that the plugin might not be in sync with our latest features etc esp this line https://github.com/cosmocode/dokuwiki-plugin-oauth/blob/master/classes/Auth0Adapter.php#L25. As the plugin is requesting the username and email from Auth0 you’ll need to explicitely request username and email on top of OPENID. I recommend opening a bug with the repository to update the plugin.

Exactly like #4. Cannot log into dokuwiki via Facebook. Fails with error "Facebook did not provide the needed user info. Can't log you in". Google is working.

Installed from http://github.com/cosmocode/dokuwiki-plugin-oauth/zipball/master (2015-08-31).

Related #13

Hi,
setting up oauth in my dokuwiki I encountered strange problem. After successful login via OAuth plugin, when I tried to edit a page i.e. hit Save button, I was redirected to login page with a message saying "Permission Denied Sorry, you don't have enough rights to continue.". The strange thing is that when I set a password for OAuth-created account and login with password I'm normally able to edit and save a page.

Login does not work after upgrade Keycloak to 10.0.0.

Error message from DokuWiki is Your (re)login has failed, and messages from Keycloak are as follows.

09:20:53,819 WARN  [org.keycloak.services] (default task-2) KC-SERVICES0091: Request is missing scope 'openid' so it's not treated as OIDC, but just pure OAuth2 request.
09:20:53,837 ERROR [org.keycloak.services] (default task-2) KC-SERVICES0093: Invalid parameter value for: scope
09:20:53,838 WARN  [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=XXX, clientId=dokuwiki, userId=null, ipAddress=XXX, error=invalid_request, response_type=code, redirect_uri=https://XXX/doku.php, response_mode=query

I modified Keycloak service's scripts as follows by imitating an other service's one and login works well.

--- phpoauthlib/src/OAuth/OAuth2/Service/Keycloak.php.bak
+++ phpoauthlib/src/OAuth/OAuth2/Service/Keycloak.php
@@ -13,6 +13,10 @@

 class Keycloak extends Generic
 {
+    const SCOPE_OPENID           = 'openid';
+    const SCOPE_PROFILE          = 'profile';
+    const SCOPE_EMAIL            = 'email';
+
     protected function getAuthorizationMethod()
     {
         return static::AUTHORIZATION_METHOD_HEADER_BEARER;

--- classes/KeycloakAdapter.php.bak
+++ classes/KeycloakAdapter.php
@@ -2,6 +2,8 @@

 namespace OAuth\Plugin;

+use OAuth\OAuth2\Service\Keycloak;
+
 /**
  * Class KeycloakAdapter
  *
@@ -39,6 +41,10 @@
         return $data;
     }

+    public function getScope() {
+        return array(Keycloak::SCOPE_OPENID, Keycloak::SCOPE_PROFILE, Keycloak::SCOPE_EMAIL);
+    }
+
     /**
      * We make use of the Keycloak oauth2 service (slightly abstracted from "Generic") as defined in
      * phpoauthlib/src/OAuth/OAuth2/Service/Keycloak.php

Since I'm not familiar with OAuth2 protocol and the implementation of this plugin, I'm not sure this modification is correct.

Hello,
I get this error
"Call to a member function getValidDomains() on a non-object in /dokuwiki/lib/plugins/oauth/classes/AbstractAdapter.php on line 131"
After redirection from the oauth server to my dokuwiki, i found this is on this code:
"
$validDomains = $this->hlp->getValidDomains();
if (count($validDomains) > 0) {
$userData = $this->getUser();
if (!$this->hlp->checkMail($userData['mail'])) {
msg(sprintf($this->hlp->getLang("rejectedEMail"),join(', ', $validDomains)),-1);
send_redirect(wl('', array('do' => 'login',),false,'&'));
}
}

"

Thank you for developing this plugin.

I'm trying to setup my DokuWiki to use my GitLab for authentication.

I'm attempting to use the Doorkeeper implementation, but have run into issues.

GitLab natively uses Doorkeeper for it's oauth implementation.

Could you help me figure out what is breaking? This is my first time posting, so feel free to point me to a different location to submit my question.

My setup:

GitLab (latest available version - 8.7.4)
DokuWiki oauth settings:
authorization endpoint: https://<host>:<port>/oauth/authorize
access token endpoint: https://<host>:<port>/oauth/token
within DoorkeeperAdapter.php request URL: https://<host>:<port>/api/v3/user

My issue:
I dump the variable of $results in DoorkeeperAdapter.php and see the following:
"message":"401 Unauthorized"

I've checked the GitLab logs and can confirm that the client_id, client_secret, code, redirect_uri, and grant_type are correct.

Any advice on where I should check to solve this issue?

Thank you.

If a $servicename does not provide a mail address you get the following error message:

Linuxhotel did not provide the needed user info. Can't log you in

Thats not very descriptive. It would be nice, if the error message would be different depending on the reason (user name is missing or mail address is missing):

In lib/plugins/oauth/auth.php change

if(!$uinfo['user'] || !$uinfo['mail']) {
    msg("$servicename did not provide the needed user info. Can't log you in", -1);
    return false;
}

to

if(!$uinfo['user']) {
    msg("$servicename did not provide a username. Can't log you in", -1);
    return false;
}

if(!$uinfo['mail']) {
    msg("$servicename did not provide a mail address. Can't log you in", -1);
    return false;
}

If singleService is not empty and the register action is enabled, then the built-in registration links and form are confusing to the user. This is because they can register as a built-in user but can't log in using built-in authentication since it's disabled and they must log in using the oauth service. The register action may be enabled to allow the oauth service to register oauth users in DokuWiki. In this scenario, the "Register" links in tools menus should either:

• be hidden from the user and the registration form disabled for the user (however I imagine the oauth service may still need to submit to the backend registration form handler)
• or, the "Register" links might instead direct the user to the oauth service's registration page

Condition for this scenario:

$conf['authtype'] === 'oauth' && actionOK('register') && !empty($conf['plugin']['oauth']['singleService'])

For now, I created a temporary workaround by creating a template which strips "Register" links from the default template (plus some other tweaks): https://github.com/mhenry07/dokuwiki-template-dokupruned. But ideally I think this would be better handled at a lower level than a custom template.

Perhaps new configuration options could be created such as:

$conf['plugin']['oauth']['registerType'] = 'url'; # builtin | hidden | url
$conf['plugin']['oauth']['registerUrl'] = 'https://oauth-service.example/register';

These would affect the generated register action links/options and/or redirect register action to registerUrl (while still allowing oauth service to register oauth users).

An alternative might be to have an additional option for disableactions: 'registerfrontend', which would disable the registration frontend (links and user form) while keeping the register backend enabled so oauth services can register oauth users.

I've installed this plugin and it works... For a while. 😢

It works for about 2 or 3 pageviews. Then it kicks me out to login page with the message "Your (re)login has failed."

Then I enter with my Google account again, it works, and the problem occurs again. I can see 2 or 3 pages (with some luck). But invariably I will get the login page again.

It is simply unusable for us at its current state. 😞 We are migrating all our services to use Google Auth and it is working perfectly with several other services.

I understand this is not enough information to debug the problem. Please advise if I can send more helpful information (logs?)

In my setup my oauth provider sent a list of groups that was not unique. In this case, dokuwiki failed to respect all groups.

Example: in the file inc/auth.php I've added some debug code in the funktioin auth_quickaclcheck:

error_log(print_r($USERINFO['grps'],true));

This gives me the following output:

Array (
    [0] => "a",
    [1] => "b",
    [2] => "c",
    [3] => "d",
    [4] => "e",
    [5] => "f",
    [7] => "g",
    [8] => "h",
    [9] => "i",
    [11] => "j",
    [12] => "k",
    [13] => "l",
    [14] => "m",
    [15] => "n",
    [17] => "o",
    [18] => "p",
    [19] => "q",
)

Dokuwiki did not give me access to group "o", though it was listed. Note, that the groups 6, 10 and 16 are missing.

I could correct this by adding something like

$data['grps']  = array_unique(array_values($result['groups']));

to classes/LinuxhotelAdapter.php or auth_quickaclcheck.

I think this bug is not specific to this plugin, so maybe it should better be fixed in dokuwiki.

I tried to add a group mapping in keycloak. The result in dokuwiki is a message
"Unable to parse response."
The stack trace is:
#0 /var/www/html/wiki/lib/plugins/oauth/phpoauthlib/src/OAuth/OAuth2/Service/AbstractService.php(120): OAuth\OAuth2\Service\Generic->parseAccessTokenResponse('requestAccessToken('eyJhbGciOiJkaXI...', NULL)
#2 /var/www/html/wiki/lib/plugins/oauth/auth.php(96): OAuth\Plugin\AbstractAdapter->checkToken()
#3 /var/www/html/wiki/inc/auth.php(101): auth_plugin_oauth->trustExternal('', '', false)
#4 /var/www/html/wiki/inc/init.php(223): auth_setup()
#5 /var/www/html/wiki/doku.php(34): require_once('/var/www/html/w...')
#6 {main}

When I remove the group mapping, login in works again.

I want to create a wiki only for a special team from a website that provdes oauth clients.
I created a new VAdapter.php and it works fine, but right now the team is hardcoded, but i want it to be configured from the dokuwiki admin interface.
From metadata.php

$meta['v-team']      = array('string');

It is already set by me in the local.php but how do I use this value inside the VAdapter.php?

I would like to configure Dokuwiki this way that if only a single SSO is configured (e.g. "Keycloak") and a user hits Dokuwiki without beeing logged in, he should not see an "Access Denied" page and need to hit the login-button, but automatically get's redirected to the SSO's Login-page.

Currently the authentication process seems to always return to the farmer, instead to the animal.

In auth.php, mission case of email not set and getUserByEmail return false.

public function modifyUser($user, $changes) {
    global $conf;

    if(isset($changes['mail'])) {
        $found = $this->getUserByEmail($changes['mail']);
        if(**$found &&** $found != $user) {
            msg($this->getLang('emailduplicate'), -1);
            return false;
        }
    }

    $ok = parent::modifyUser($user, $changes);

    // refresh session cache
    touch($conf['cachedir'] . '/sessionpurge');

    return $ok;
}

We run a dokuwiki with oauth and action register disabled. When we
create a new user on the auth server, the user is not able to login at the
dokuwiki.

If I apply the following patch, things seem to work:

--- ./oauth/auth.php    2018-12-06 13:21:26.111007470 +0000
+++ ./oauth/auth.php.181206     2018-12-06 13:17:18.836280725 +0000
@@ -234,8 +234,7 @@
             $uinfo['user'] = $user;
             $uinfo['name'] = $sinfo['name'];
             $uinfo['grps'] = array_merge((array) $uinfo['grps'], $sinfo['grps']);
-       /* Dreckiger Hack -- AW */
-        } elseif(actionOK('reallyregister')) {
+        } elseif(actionOK('register')) {
             $ok = $this->addUser($uinfo, $servicename);
             if(!$ok) {
                 msg('something went wrong creating your user account. please try again later.', -1);

I am not sure if this really solves the problem, though.

Hi,

in the code it is mentioned that if you use a own login adapter (for me it's Eve Online SSO in this case) you can set groups by defining $data['grps'] in the getUser() function. However, these groups are not added when the user is created on first login. Only the standard groups user and $servicename appear in conf/users.auth.php

I found that this is caused by this line in auth.php:

Instead of $groups_on_creation I think it’s supposed to be $uinfo['grps']. I applied the patch locally and it works for me.

It may be helpful to add a troubleshooting tip to the README.md that some Linux distributions may require manually installing a PHP JSON package in order for this plugin to work.

For example, with Alpine Linux in Docker with PHP 5, I was getting an HTTP 500 error and the following entry in my Nginx error log when trying to log in using the oauth plugin:

[error] 56#56: *148 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function OAuth\OAuth2\Service\json_decode() in /var/www/html/lib/plugins/oauth/phpoauthlib/src/OAuth/OAuth2/Service/Generic.php on line 80" while reading response header from upstream.

To resolve the issue, I had to install php5-json via apk add --no-cache php5-json.

See also vimagick/dockerfiles#66

Hi!
Impossible to configure a custom oAuth server ?

Das Plugin liest Daten so weit ich sehe korrekt per JSON aus. Es schreibt
die Daten dann aber in die Datei conf/users.auth.php. Und nutzt beim
nächsten Anmelden diese Datei. Das kann ich so nicht gebrauchen, da so
Dokuwiki nicht mitbekommt, wenn sich beim Benutzer was ändert (Passwort,
Gruppenzugehörigkeit, ...). Das Plugin sollte die Benutzerdaten in der
Session speichern. Also ein Mal pro Anmeldung beim Auth-Server anfragen, und
dann bis zum Abmelden oder Schließen des Browsers behalten.

Einen entsprechenden Pull-Request habe ich erstellt: #6

Today i upgraded our Wiki instance using OAuth Plugin to login via Keycloak. After the Wiki-Update i can't access it anymore (error 500) and get this in my Apache2 errorlog:

[Mon Jun 01 17:50:46.485752 2020] [php7:error] [pid 25378] [client 10.32.216.23:62272] PHP Fatal error:  Uncaught Error: Call to undefined method auth_plugin_oauth::_loadUserData() in /systems/id-generator/htdocs/lib/plugins/oauth/auth.php:297\nStack trace:\n#0 /systems/id-generator/htdocs/lib/plugins/oauth/auth.php(226): auth_plugin_oauth->getUserByEmail('*********@m...')\n#1 /systems/id-generator/htdocs/lib/plugins/oauth/auth.php(195): auth_plugin_oauth->processUser(Array, 'Keycloak')\n#2 /systems/id-generator/htdocs/lib/plugins/oauth/auth.php(97): auth_plugin_oauth->processLogin(false, Object(OAuth\\Plugin\\KeycloakAdapter), 'Keycloak', '', Array)\n#3 /systems/id-generator/htdocs/inc/auth.php(105): auth_plugin_oauth->trustExternal('', '', false)\n#4 /systems/id-generator/htdocs/inc/init.php(229): auth_setup()\n#5 /systems/id-generator/htdocs/doku.php(36): require_once('/systems/id-gen...')\n#6 {main}\n  thrown in /systems/id-generator/htdocs/lib/plugins/oauth/auth.php on line 297

After a bit of research i found that the function _loadUserData() claimed above was renamed in the current Dokuwiki version to loadUserData() (without that underscore). The function is exported by the class file in lib/plugins/authplain/auth.php

To get it back to work, i renamed the call in the OAuth-Pluign file:

297c297
<         if($this->users === null) $this->_loadUserData();
---
>         if($this->users === null) $this->loadUserData();

Good afternoon! Plugin does not check CAPTCHA (CAPTCHA plugin) for authorization. You can enter any data. Thank you in advance!

Is there a way to populate a user's dokuwiki groups with the Google groups that user is a member of? I know it's possible to get that info from Google's API, but I don't know how to tie that into this plugin. Any help would be much appreciated.

Hello..

I know you are very busy. but I have a problem that I can not solve so I wish you make a glance.

I can change the user profile at http://test.vaslor.net/wiki to enable/disable "login as facebook".

but at http://openwiki.kr. I can't.

Do you have any idea?

is there any switch, that i can add an social login to existing account?
this is a feature i like to use, because in my wiki the users got mailadresses different from thiere facebook-mail-adress, but i want provide a social login.

when you try to add a new user whose email already exist, you get an empty error message. probably a wrong translation key.

While installing and configuring the plugin recently I have a problem.
Not sure, whether a bug or a logical mistake on my side:

• Oauth plugin configured (towards Github) and activated
• Self registration is diabled on the Dokuwiki
• Github user tries to authenticate before I add him as a user locally
• He is correctly rejected (as his mail address is not among the existing users) and self registration is disabled
• Go to user management and create the user using his Github email address

Result:
I get an error message, that this mail address is already in use, although it is definitely not shown in the table of users. Thus I cannot create the user account on Dokuwiki.

Workaround:

• Go back from "oauth" to "Authplain"
• Create the user (no error message this time)
• Re-enable "oauth"

Am I doing something wrong?
It seems like trying to authenticate stores the Github users email address somewhere in the background, where it blocks creation of a user account with the same email address afterwards.

In fact I cannot prevent users from trying to login via Oauth before I created their accounts. But each time someone tries, I have problems to create him as a user afterwards.

After upgrade from Greebo to Hogfather, the oAuth plugin doesn't work any more.

Dokuwiki: Release rc2-2020-06-01 "Hogfather" RC2
oAuth: Installed version: 2020-06-04

Symptoms: After click on login with Github, a blank page appears with an eror message "The page you are looking for is temporarily unavailable. Please try again later.", and in the browsers adressbar, the url "https://openwrt.org/doku.php?code=a2395b484c2aa7461939" appears.

Login via username/password is still working.

When authentificated against keycloak, and you click on the logout link on the top right corner, you get redirected to the start page and it asks you to login. But when you click on the "register with other service" keycloak-button, you get logged in automatically, without needing to reenter your credentials.
When you check the sessions in keycloak, you can see that your session was not closed before.

Hi,

Dokuwiki 2014-09-29 "Hrun"
oAuth Plugin 2014-07-29

It works with Google, but I could not find how with Facebook. The user auth process terminate in dokuwiki with the message "Facebook did not provide the needed user info. Can't log you in".

Thanks & Cheers