Clearer steps needed for GitHub Login API

[mil...@uw.edu]

I've tried numerous times to get this to work http://taigaio.github.io/taiga-doc/dist/api.html#auth-github-login, but, every time I get the "bad_verification_code" message.  I don't have a problem setting up the OAuth application in my GitHub settings and can even get it to say "1 user".  I can get the "GitHub code" no problem.  I'm confused as to how the following, with just the "code" parameter knows which OAuth app to use?

curl -X POST \

  -H "Content-Type: application/json" \

  -d '{

          "type": "github",

          "code": "[CodeHere]"

      }' \

  https://api.taiga.io/api/v1/auth

  

[David Barragán]

We follow the flow describe in https://developer.github.com/v3/oauth/#web-application-flow so "[CodeHere]" is the code that you obtain with the first call, in Step-1, to https://github.com/login/oauth/authorize

In taiga-contrib-github-auth (https://github.com/taigaio/taiga-contrib-github-auth/blob/master/front/coffee/github_auth.coffee#L67) for example we use something like...

AUTH_URL = "https://github.com/login/oauth/authorize" clientId = "YOUR-CLIENT-ID" redirectToUri = $location.absUrl() url = "#{AUTH_URL}?client_id=#{clientId}&redirect_uri=#{redirectToUri}&state=github&scope=user:email" $window.location.href = url

---

David Barragán Merino   Engineer david.b...@kaleidos.net  | Tel: (+34) 913562995 www.kaleidos.net/FFF8E7

--
You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To post to this group, send email to tai...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/4e6e725e-f34f-4d91-a308-68ce9108ae57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mil...@uw.edu]

Are you able to simply use CURL to authenticate your own github credentials against https://api.taiga.io/api/v1/auth as I indicated in my original post?  I see how you are doing it in that git repo, but I don't have a problem getting the code, it's using the code that does not work, without or without a token as well.

[Alejandro Alonso]

Hello Marc,

2015-03-03 4:27 GMT+01:00 <mil...@uw.edu>:

Are you able to simply use CURL to authenticate your own github credentials against https://api.taiga.io/api/v1/auth as I indicated in my original post?  I see how you are doing it in that git repo, but I don't have a problem getting the code, it's using the code that does not work, without or without a token as well.

How are you getting the github code?

Regards,

--

Alejandro Alonso Fernández   CIO & Co-founder alejandr...@kaleidos.net  | Tel: (+34) 627263808 | (+34) 913562995 www.kaleidos.net/FC8EAC/

[mil...@uw.edu]

By following the instructions that that the API links to

https://developer.github.com/v3/oauth/#web-application-flow

[mil...@uw.edu]

I would appreciate it if someone could give full instructions on how to do what it says here http://taigaio.github.io/taiga-doc/dist/api.html#auth-github-login so I can use the api to get a list of all my projects (among other endpoints) that are on hosted service.  

[Alejandro Alonso]

Following the doc it says the first thing you should do (in your script) is a GET https://github.com/login/oauth/authorize with the required params. It redirects you to a github page where you have to submit a form. If you are doing this via a custom script I think you should parse this page where you have been redirected and submit this form (a "normal" user justo would have to click on the accept button). If the post is correct github redirects the user to redirect_uri with a code parameter in the url. Then you should extract this code parameter and use it for make the call to the Taiga API:

curl -X POST \

  -H "Content-Type: application/json" \

  -d '{

          "type": "github",

          "code": "[CodeHere]"

      }' \

  https://api.taiga.io/api/v1/auth

Are you doing something like this?, could we see your script code somewhere?

Regards,

--

You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To post to this group, send email to tai...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/66c2824b-cfc2-4550-abab-4505e3706844%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[mil...@uw.edu]

I'm using the following URL in the browser, this works and my express app gives me the "code" successfully.

https://github.com/login/oauth/authorize?client_id=[clientIdFromScreenShotBelow]&scope=user:email&redirect_uri=http://localhost:3000

I then did the following...

curl -X POST \

  -H "Content-Type: application/json" \

  -d '{

          "type": "github",

          "code": ".....my_code......"

      }' \

  https://api.taiga.io/api/v1/auth

And I get the following 

{"status_code": 200, "error": "bad_verification_code"}

The image below is a screen of my github developer app.

[Alejandro Alonso]

Are your taiga-back/settings/local.py correct?

You should check:

- GITHUB_URL

- GITHUB_API_URL

- GITHUB_API_CLIENT_ID

- GITHUB_API_CLIENT_SECRET

Regards,

To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/089926bc-e1f0-430c-9dc1-0803238a32e3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[mil...@uw.edu]

taiga-back?  Why would I be running that?  I want to connect to to the REST API of the hosted version from a custom script etc, not an install of your open source server.  Unless http://taigaio.github.io/taiga-doc/dist/api.html is meant to only work with as a self hosted solution?

[Alejandro Alonso]

2015-03-04 8:41 GMT+01:00 <mil...@uw.edu>:

taiga-back?  Why would I be running that?  I want to connect to to the REST API of the hosted version from a custom script etc, not an install of your open source server.  Unless http://taigaio.github.io/taiga-doc/dist/api.html is meant to only work with as a self hosted solution?

Well, you are generating a code for an app different than ours (your clientID is different) but trying to validate it in tree.taiga.io so I assumed you were using your own instance. If you are using our instance the clientId should be the taiga one. One our auth API recibes the code we validate it against github using our clientId and clientSecret.

[mil...@uw.edu]

Right, so we are right back to my original post, clearer instructions are needed then yes?  I can't get the "code" for tree.taiga.io because I don't own the redirect_uri where the code is sent.  Your client ID is 6b350db81d47406377cf which is visible in chrome dev tools.  Also, the "code" is visible in chrome dev tools as well as https://tree.taiga.io/login?code=X.  But using that code does not work in the curl in my original post.  Any advice? Or simply, is GitHub auth supported at tree.taiga.io and if so what are the steps?

[Alejandro Alonso]

Hello Miles,

2015-03-04 9:08 GMT+01:00 <mil...@uw.edu>:

Right, so we are right back to my original post, clearer instructions are needed then yes?  

Yes, that's right, we will update it with the conclusions from this conversation ;)

 

I can't get the "code" for tree.taiga.io because I don't own the redirect_uri where the code is sent.

Yes you can, for example I suggested you create a custom script that makes a GET https://github.com/login/oauth/authorize with the required params. It redirects you to a github page where you have to submit a form. This custom script could parse this page where you have been redirected and submit the form (a "normal" user just would have to click on the accept button). If the post is correct github redirects the user to a taiga url with a code parameter in there, don't access this page, just extract this code parameter and use it for make the call to the Taiga auth API.

 

 Your client ID is 6b350db81d47406377cf which is visible in chrome dev tools.  Also, the "code" is visible in chrome dev tools as well as https://tree.taiga.io/login?code=X.  But using that code does not work in the curl in my original post.  

It doesn't work because you are trying to validate against github the same code two times and once github accepts one rejects the following (you need a new code)

 

Any advice? Or simply, is GitHub auth supported at tree.taiga.io and if so what are the steps?

Github auth is supported at tree.taiga.io our suggestion is that you create that custom script that emulates a user being redirected to github for extracting the github_code and use it directly against our auth API.

[David Barragán]

If you are using taiga.io the values for code_id and redirect_url should be the same our service use, so you have to use redirect_url = https://tree.taiga.io  and our code_id in your script.

Instead of that, I recommend to sign in to taiga.io, go to your profile and change your password. In this way you can make calls to the API with standard authentication system.

Regards

---

David Barragán Merino   Engineer david.b...@kaleidos.net  | Tel: (+34) 913562995 www.kaleidos.net/FFF8E7

--

You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To post to this group, send email to tai...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/CAFG5%2B%2BuxUpW1ks6o%3DZ%3Dxb1QNkc-Y_jjp78%2BG4YTW0UCKNK2New%40mail.gmail.com.

[mil...@uw.edu]

This custom script could parse this page where you have been redirected and submit the form (a "normal" user just would have to click on the accept button). If the post is correct github redirects the user to a taiga url with a code parameter in there, don't access this page, just extract this code parameter and use it for make the call to the Taiga auth API.

This is making much more sense now in the context of your client id.  I will give this a shot tonight, it sounds like it should just work!  The downside is, if I were to develop a 3rd party app that used the api against your hosted solution then this "script" that you mention would need to run in the browser in order to authenticate someone via github, and, the user would already need to be logged into GitHub before doing anything with the "script".

Also thanks David, I was not aware I could simply change my password like that.  Does that mean I would no longer be able to use my GitHub account to login as well?

[David Barragán]

On Wed, Mar 4, 2015 at 5:29 PM, <mil...@uw.edu> wrote:

This custom script could parse this page where you have been redirected and submit the form (a "normal" user just would have to click on the accept button). If the post is correct github redirects the user to a taiga url with a code parameter in there, don't access this page, just extract this code parameter and use it for make the call to the Taiga auth API.

This is making much more sense now in the context of your client id.  I will give this a shot tonight, it sounds like it should just work!  The downside is, if I were to develop a 3rd party app that used the api against your hosted solution then this "script" that you mention would need to run in the browser in order to authenticate someone via github, and, the user would already need to be logged into GitHub before doing anything with the "script".

Also thanks David, I was not aware I could simply change my password like that.  Does that mean I would no longer be able to use my GitHub account to login as well?

No, If you set a password to your user in Taiga you can use both methods to login: github credentials and the username/email + password authentication method.

 

On Wednesday, March 4, 2015 at 12:17:26 AM UTC-8, Alejandro Alonso wrote:

Hello Miles,

2015-03-04 9:08 GMT+01:00 <mil...@uw.edu>:

Right, so we are right back to my original post, clearer instructions are needed then yes?  

Yes, that's right, we will update it with the conclusions from this conversation ;)

 

I can't get the "code" for tree.taiga.io because I don't own the redirect_uri where the code is sent.

Yes you can, for example I suggested you create a custom script that makes a GET https://github.com/login/oauth/authorize with the required params. It redirects you to a github page where you have to submit a form. This custom script could parse this page where you have been redirected and submit the form (a "normal" user just would have to click on the accept button). If the post is correct github redirects the user to a taiga url with a code parameter in there, don't access this page, just extract this code parameter and use it for make the call to the Taiga auth API.

 

 Your client ID is 6b350db81d47406377cf which is visible in chrome dev tools.  Also, the "code" is visible in chrome dev tools as well as https://tree.taiga.io/login?code=X.  But using that code does not work in the curl in my original post.  

It doesn't work because you are trying to validate against github the same code two times and once github accepts one rejects the following (you need a new code)

 

Any advice? Or simply, is GitHub auth supported at tree.taiga.io and if so what are the steps?

Github auth is supported at tree.taiga.io our suggestion is that you create that custom script that emulates a user being redirected to github for extracting the github_code and use it directly against our auth API.

Regards,

--

Alejandro Alonso Fernández   CIO & Co-founder alejandr...@kaleidos.net  | Tel: (+34) 627263808 | (+34) 913562995 www.kaleidos.net/FC8EAC/

--

You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To post to this group, send email to tai...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/e52eb03f-7bde-4a35-8d25-98d73d6329ee%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[mil...@uw.edu]

Im going to not use the github login.  This just doesnt seem right at all.  Also, if I were to scale this out to anyone but myself I would have to ask for user input of their github username and password in order for this script you speak of to submit the form.  It seems GitHub has setup plenty of api's so that this particular approach should not be needed.

Instead, I'll simply have users that have authed with taigia using github accounts to set their password so they can login, that way users will be much more willing to give a taiga username/password to get taigia data then they would their github account.

[Alejandro Alonso]

2015-03-05 5:53 GMT+01:00 <mil...@uw.edu>:

Im going to not use the github login.  This just doesnt seem right at all.  Also, if I were to scale this out to anyone but myself I would have to ask for user input of their github username and password in order for this script you speak of to submit the form.  It seems GitHub has setup plenty of api's so that this particular approach should not be needed.

You are right, if it's someone different the script should ask about username and password.

 

Instead, I'll simply have users that have authed with taigia using github accounts to set their password so they can login, that way users will be much more willing to give a taiga username/password to get taigia data then they would their github account.

Great!,