Phabricator OAuth Server Requiring Session Key


#1

I am attempting to get Phabricator to work with an OAuth2 Server-compliant Flarum extension to enable Flarum login with a Phabricator account, see extension here. I reached out to the extension developer with my remarks and they replied the following:

it is compliant with oauth2 servers, but phabricator needs a session key in addition to the other payload.

Can anyone provide any guidance on what sort of modifications I would need to make to the extension, if any (even high level, or corrections to my remarks re. of Phabricator’s code) to enable the login capabilities?


#2

Follow-up: I resolved it by having to pass access_token and various changes to the keys that were being looked up. https://discuss.flarum.org/d/5203-flagrow-passport-the-laravel-passport-oauth-extension/30


#3

The best piece of code to reference is PhutilPhabricatorAuthAdapter in libphutil/, which is our implementation of an OAuth client for connecting one instance of Phabricator to other instances of Phabricator. (This isn’t normally very useful, but that’s how we do auth in the Phacility cluster.)

After you complete the OAuth handshake, you’ll call user.whoami to get the user’s name, PHID, and email address.

When you call user.whoami, add an access_token GET parameter and provide the OAuth access token. This should let the call go through successfully.

If you’re debugging, this sort of call will probably work:

curl https://your.phabricator.com/api/user.whoami?access_token=<oauth access token>

Conduit allows clients to authorize requests in several different ways (including: session keys, tokens, body payload, asynchronous key/value signing). Using access_token should get let you authorize via OAuth tokens.

The “requires a session key” error is really more like “requires a session key or some other valid credential”.


closed #4