twitter auth fails when coming from oidc/saml/cas service
Concerned version
Version: %2.0.9
Summary
- Configure twitter as auth source
- Try to login by going to http://auth.example.com => OK
- Try to login by going to http://auth.example.com/?url=xxx => OK
- Try to login by initiating an OIDC flow
- you are redirected to http://auth.example.com/oauth2/authorize
- Twitter auth fails because http://auth.example.com/oauth2/authorize was probably not declared in allowed oauth callback URL
Logs
[debug] Redirection to Twitter
[debug] POST https://api.twitter.com/oauth/request_token?oauth_callback=https%3A%2F%2Fauth-test.example.com%2Foauth2%2Fauthorize%3Fstate%3D4577669986779158f4846ea4e6d9effc%26scope%3Dopenid%2520profile%2520email%2520orcid%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Frp.example.com%26client_id%3Dmy-rp%26twitterback%3D1%26url%3DXXX%253D%253D&oauth_consumer_key=XXX&oauth_nonce=XXX&oauth_signature=XXX&oauth_signature_method=HMAC-SHA1&oauth_timestamp=XXX&oauth_version=1.0 to Twitter
[debug] Twitter response: HTTP/1.1 403 Forbidden
<?xml version='1.0' encoding='UTF-8'?><errors><error code="415">Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings</error></errors>
Possible fixes
Instead of setting oauth_callback = $self->p->fullUrl($req) . "?twitterback=1"
We should use oauth_callback = $self->p->portal . ?url=$_urldc&twitterback=1
and let issuer/pdata do its thing.
The following trivial patch solved my use case:
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm
index 91addc06db..e42b1c4266 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm
@@ -78,7 +78,7 @@ sub extractFormInfo {
$self->logger->debug('Redirection to Twitter');
# 1.1 Try to get token to dialog with Twitter
- my $callback_url = $self->p->fullUrl($req);
+ my $callback_url = $self->p->portal;
# Twitter callback parameter
my %prm = ( twitterback => 1 );
ok @clement_oudot ?