0

I've successfully used OAuth2 in a FeathersJS app to authenticate to Facebook, Github, etc... Now, I'm trying to us it to authenticate to a Wordpress server using the WordPress OAuth Server. I've configured it and set all configuration parameters to the values I think are the correct ones:

...
const OAuth2Strategy = require('passport-oauth2').Strategy;

...
app.configure(oauth2({
    name: 'wordpress',
    Strategy: OAuth2Strategy,
    authorizationURL: 'https://192.168.1.86/wp-content/plugins/miniorange-oauth-20-server/web/index.php/moserver/authorize',
    tokenURL: 'https://192.168.1.86/wp-content/plugins/miniorange-oauth-20-server/web/index.php/moserver/token',
    successRedirect: '/',
    failureRedirect: '/',
    clientID: 'CLIENT_ID',
    clientSecret: 'CLIENT_SECRET'
  }));

but the FeathersJS server is always failing to authenticate. The problem is that I cannot see any information on why does it fail, the only information I get after setting the environment variable DEBUG="feathers-authentication*" is:

  feathers-authentication:express:expose-headers Exposing Express headers to hooks and services +36s
  feathers-authentication:express:expose-cookies Exposing Express cookies to hooks and services undefined +36s
  feathers-authentication:express:expose-headers Exposing Express headers to hooks and services +127ms
  feathers-authentication:express:expose-cookies Exposing Express cookies to hooks and services undefined +127ms
  feathers-authentication:middleware:failure-redirect Clearing old 'feathers-jwt' cookie +37s
  feathers-authentication:middleware:failure-redirect Redirecting to / after failed authentication. +0ms

Does anybody know how to get more information on why is OAuth2 authentication failing so that I can check which configuration is wrong?

Thank you!

Jordi Blanch
  • 187
  • 1
  • 11

1 Answers1

2

I've finally managed to know what was failing... I tried to set DEBUG to "passport" (DEBUG="passport") and then I had a lot of information on console. I checked that information and saw that my problem was a self signed certificate I issued to make my tests with a local Wordpress server.

For anyone that needs it, to avoid Passport (or whatever) to complain about using a Self Signed Certificate, I added the lines:

if ('development' == app.get('env')) {
  process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
}

in my initial .js file (index.js in my case). This avoids any SSL call to fail because of a Self Signed Certificate and instead of this there's just a warning.

Jordi Blanch
  • 187
  • 1
  • 11