Authentication via oAuth2 does not redirect

I am trying to authenticate to our Nuxeo server via oAuth2. I have registered an oauth client on the server. I make the call and I get a login screen. I login but it then does not redirect back so I can I get the authorization code. It logs directly into the nuxeo server. The call is similar to what is listed in directions I just swapped out our server and added a redirect_uri https://NUXEO_SERVER/nuxeo/oauth2/authorize?response_type=code&client_id=myApp&redirect_uri=xxx

One thing I noticed for the instructions on registering an oauth client (https://doc.nuxeo.com/nxdoc/using-oauth2/). Is it shows a field for Redirect URIs. But on my server it does not have this field. Is there something wrong with setup on our server.

Thanks

0 votes

1 answers

126 views

ANSWER



Hi,

By default, the documentation you're looking at https://doc.nuxeo.com/nxdoc/using-oauth2/ is for the latest Fast Track version of Nuxeo, currently 9.2, and the OAuth2 implementation has changed since the latest LTS version: LTS 2016. I believe your Nuxeo instance's version is LTS 2016. That's why you don't see the “Redirect URIs” field in the OAuth2 consumer registration form since it was added post LTS 2016.

Please have a look at the LTS 2016 documentation by switching the version below the “OAuth2” page title.

You will see that for this version the authorization endpoint is /oauth2/authorization instead of /oauth2/authorize for the latest Fast Track.

So something like https://NUXEO_SERVER/nuxeo/oauth2/authorization?response_type=code&client_id=xxxx&redirect_uri=yyyy should be working.

Note that depending on the redirect_uri you're using to test, the browser might not handle it as you would expect it. For instance, using https://NUXEO_SERVER/nuxeo won't work because then you'll be redirected to the Nuxeo UI which will remove the authorization code form the URL.

The redirect_uri is intended to redirect to an external application: an OAuth2 consumer, client of Nuxeo, able to parse the code parameter from the redirect URI. To test, using a fake redirect_uri like https://testRedirectURI should work, you should be redirected then see the code in the browser's address bar.

Hope this helps.

1 votes