https://discord.umbraco.com logo
Join Discord
Powered by
Using Authorized Service Package for OAuth Flow
# help-with-umbraco
o
I'm currently playing with authenticating against a mastodon server for API access and I am using the HQ package - AuthorizedServices. Details - https://docs.umbraco.com/umbraco-dxp/packages/authorized-services Now I have it setup, it's showing in the backoffice but when I try and authorize against the Mastodon server, I get an error that "The redirect uri included is not valid." which is correct, the redirect uri should have a parameter of 
redirect_uri
passed to it, but I can't see where in the appsettings I can apply this value. I can set the client key and client secret, there is even an option for 
"AuthorizationRequestsRequireRedirectUri": true,
which makes me thing I should be able to add the RedirectUri somehow. Has anyone found a way to do this? Thanks.
a
Hi Owain. What does your settings look like? What does your redirect URI look like? These settings does the trick for me:
Copy code
json
{
  "Alias": "mastodon",
  "DisplayName": "Mastodon",
  "ApiHost": "https://umbracocommunity.social",
  "IdentityHost": "https://umbracocommunity.social",
  "TokenHost": "https://umbracocommunity.social",
  "RequestIdentityPath": "/oauth/authorize",
  "RequestTokenPath": "/oauth/token",
  "RequestTokenFormat": "Querystring",
  "ClientId": "aaaaaaaaaaaaa",
  "ClientSecret": "aaaaaaaaaaaaa",
  "AuthorizationUrlRequiresRedirectUrl": true
}
I can see that you wrote 
AuthorizationRequestsRequireRedirectUri
. Not sure where you got this from. 
AuthorizationUrlRequiresRedirectUrl
does the trick
o
Hi @Anders Bjerner My appsettings look like this:
Copy code
"AuthorizedServices": {
     "TokenEncryptionKey": "",
     "Services": {
         "MastodonService": {
             "DisplayName": "Mastodon",
             "ApiHost": "https://umbracocommunity.social",
             "IdentityHost": "https://umbracocommunity.social",
             "TokenHost": "https://umbracocommunity.social",
             "RequestIdentityPath": "/oauth/authorize/",
             "RequestTokenPath": "/oauth/token",
             "RequestTokenFormat": "FormUrlEncoded",
             "AuthorizationRequestsRequireRedirectUri": true,
             "UseProofKeyForCodeExchange": true,
             "ClientId": "<<client_id>>",
             "ClientSecret": "<<cliend_secret>>",
             "Scopes": "read write "
         }
     }
 }
and the api needs 
redirect_uri
with a value of 
urn:ietf:wg:oauth:2.0:oob
for testing just now. This value will change to a live domain once happy
a
urn:ietf:wg:oauth:2.0:oob
is for testing certain scenarios locally. It will not work with the authorized services package. If you change 
AuthorizationRequestsRequireRedirectUri
to 
AuthorizationUrlRequiresRedirectUrl
the package should add the correct redirect URI to the query string. In my case when running locally, the redirect URI is 
https://localhost:44307/umbraco/api/AuthorizedServiceResponse/HandleOAuth2IdentityResponse
.
o
hmm, I wonder if I need to add that to the mastodon api settings for redirects.....
a
you have to
o
yip. Got that all setup but whenever I click authorize in the backoffice - I get direct to here and then get this message:
Fixed it!
had to put the full url e.g. https://localhost/ in to the redirect uri section :
Thanks for your help @Anders Bjerner
a
Yes, it has to be the full URI. This goes for any service as it's part of the OAuth 2 security
o
Just blogging about this before I move on to the next part - how to now use this authenticated service to post / toot / search mastodon 😄
Just looked in to this and I think it might be a type in the official docs - the docs have : 
AuthorizationUrlRequiresRedirectUrl": true|false,
will make a PR and ask if this is correct 😄
a
Looks correct to me. You used a different property name in the settings that you shared.
o
Now trying to find where I got 
AuthorizationRequestsRequireRedirectUri
from. I wonder if it was just intellisense catching me out as it looks similar.
a
@Owain I just read your blog post, and have a few takeaways: Using the Authorized Services package to go through the OAuth authentication is totally fine, but Mastodon also lets you go to your Mastodon and generate an access token right there. In the provider settings for the Authorized Services package, you can add 
"CanManuallyProvideToken": true
which then let's you enter the access token manually. When enabled, the UI looks like this:
o
Great thanks. I'll update the blog and give it a go.
a
Since you can just grab the access token from the Mastodon app settings, one could also argue that you don't really need the Authorized Services package. The UI makes it nice to manage right from the Umbraco backoffice, but one could also add the access token directly to 
appsettings.json
or a secret manager (like Cloud has). Once you have added an access token to the Authorized Services package, it will help you make authenticated requests to the underlying API. But the Authorized Services package doesn't really know about the underlying API, which endpoints it has etc. So you might want to grab a package for that specific API instead. Like on the #H5YR site, you could use my Mastodon API wrapper: https://github.com/abjerner/Skybrud.Social.Mastodon The README has examples on how to both read statuses and post new statuses.
One approach isn't necessarily better than the other. It just shows that there are multiple ways to solve the same problem 😛
o
Thanks @Anders Bjerner - always good to have options 😄
2 Views
PreviousNext
Powered by