• Members 155 posts
    March 4, 2023, 1:53 p.m.

    Misago Unofficial-community Documentation


    Tested Versions

    Before You Begin

    Common Notes

    1. You are required to utilize a unique client id for every client.
    2. The client id on this page is merely an example and you can theoretically use any alphanumeric string.
    3. You should not use the client secret in this example, We strongly recommend reading the Generating Client Secrets guide instead

    Assumptions

    This example makes the following assumptions:

    • Application Root URL: https://misago.example.com
    • Authelia Root URL: https://auth.example.com
    • Client ID: misago
    • Client Secret: misago_client_secret

    Configuration

    Application

    To configure Misago to utilize Authelia as an OpenID Connect 1.0 Provider:

    1. sign in to your forum's admin panel
    2. go to settings and click on "OAuth 2"

    Settings

    1. Basic Settings (for now leave 'Enable Oauth2 Client:' set to No)
      1. Provider name: authelia
      2. Client ID: misago
      3. Client Secret: misago_client_secret

    Basic Settings

    1. Initializing Login
      1. Login form URL: https://auth.example.com/api/oidc/authorization
      2. Scopes: openid profile email

    Initializing Login

    1. Retrieving access token
      1. Access token retrieval URL: https://auth.example.com/api/oidc/token
      2. Request method: POST
      3. JSON path to access token: access_token

    Retrieving access token

    1. Retrieving user data
      1. User data URL: https://auth.example.com/api/oidc/userinfo
      2. Request method: GET
      3. Access token location: Query string
      4. Access token name: access_token

    Retrieving user data

    1. User JSON mappings
      1. User ID path: sub
      2. User name path: name
      3. User e-mail path: email

    User JSON mappings

    Save the settings and set up the authelia configuration.

    Authelia

    The following YAML configuration is an example Authelia client configuration for use with Misago which will operate with the above example:

    for allowed origin:

    identity_providers:
      oidc:
          allowed_origins:
            - https://misago.example.com
          allowed_origins_from_client_redirect_uris: true
    

    and for the client section:

        clients:
          - id: misago
            secret: <misago_client_secret>
            public: false
            authorization_policy: two_factor
            scopes:
              - openid
              - profile
              - email
            redirect_uris:
              - https://misago.example.com/oauth2/complete/
            grant_types:
              - refresh_token
              - authorization_code
            response_types:
              - code
            response_modes:
              - form_post
              - query
              - fragment
            userinfo_signing_algorithm: none
    

    The refresh_token is not used in the authorization flow by misago, but will allow you to use a reverse proxy to only allow access to the admin panel by a user with the correct group permissions.

    Restart Authelia to apply to new configuration and check for any errors in the log

    Return to Application

    Assuming all is well, you can return to the Misago Oauth2 Settings page, in the admin panel:

    1. Basic Settings:
      1. Enable Oauth2 Client: Yes

    misago_step_3-1.png# Authelia - Misago

    Saving the settings should now activate Oauth2 login to Misago as a client from your Authelia instance.


    See Also

    misago_step_3-1.png

    PNG, 38.7 KB, uploaded by tetricky on March 13, 2023.

    basic_settings.png

    PNG, 42.7 KB, uploaded by tetricky on March 4, 2023.

    initialising_login.png

    PNG, 23.7 KB, uploaded by tetricky on March 4, 2023.

    retrieving_access_token.png

    PNG, 56.4 KB, uploaded by tetricky on March 4, 2023.

    retrieving_user_data.png

    PNG, 43.5 KB, uploaded by tetricky on March 4, 2023.

    user_json_mappings.png

    PNG, 69.6 KB, uploaded by tetricky on March 4, 2023.

  • edit

    Thread title has been changed from Authelia OAuath 2 guide.