OAuth with Phabricator

Hi, when I tried to setup OAuth with Phabricator, I met some error. As per Phabricator request, when fetching user information, we need to set the URL like this:

https://phabricator.example.com/api/user.whoami?access_token=ykc7ly7vtibj334oga4fnfbuvnwz4ocp

It needs to have access_token=something in the URL. But when I set it in grafana.ini, I set it as this:

api_url = http://www.example.com/api/user.whoami?access_token=

but failed, the error log in as below:

t=2018-01-23T19:20:44+0800 lvl=dbug msg="HTTP GET http://www.example.com/api/user.whoami?access_token=/emails: 200 OK {\"result\":null,\"error_code\":\"ERR-INVALID-AUTH\",\"error_info\":\"Access token does not exist.\"}"

Is there someone know how can I set token on the URL? Thanks!

Did you get this working?

I don’t know anything about Phabricator but I compared the instructions here to the GitHub oauth instructions and I think the api_url should be set to:

api_url = "http://www.example.com/api/user.whoami"

I tried with the following config:

[auth.generic_oauth]
name = Phabricator
enabled = true
allow_sign_up = true
client_id = PHID-key
client_secret = secret
scopes = user.whoami
auth_url = http://mydomain.com/oauthserver/auth/
token_url = http://mydomain.com/oauthserver/token/
api_url = http://mydomain.com/api/user.whoami
team_ids =
allowed_organizations =

It can successfully redirect to Phabricator page, but when redirect back, the page show error like:

Server side error :(
login.OAuthLogin(get info from generic_oauth)
Check the Grafana server logs for the detailed error message.

When I check log, the log shows:

t=2018-03-28T01:37:12+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=127.0.0.1 time_ms=1 size=29 referer=
t=2018-03-28T02:26:28+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=127.0.0.1 time_ms=1 size=29 referer=
t=2018-03-28T05:12:23+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=127.0.0.1 time_ms=0 size=29 referer=
t=2018-03-28T05:31:43+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=HEAD path=/ status=302 remote_addr=127.0.0.1 time_ms=0 size=0 referer=
t=2018-03-28T06:57:18+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=127.0.0.1 time_ms=0 size=29 referer=
t=2018-03-28T07:36:56+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=127.0.0.1 time_ms=1 size=29 referer=
t=2018-03-28T10:49:12+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=127.0.0.1 time_ms=89 size=29 referer=
t=2018-03-28T11:03:02+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=127.0.0.1 time_ms=9 size=310 referer=https://grafana.qiban.com/login
t=2018-03-28T11:03:10+0800 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="Error getting email address: invalid character '<' looking for beginning of value"
t=2018-03-28T11:03:10+0800 lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=127.0.0.1 time_ms=552 size=1147 referer=
t=2018-03-28T11:03:10+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/public/css/fonts.min.css status=404 remote_addr=127.0.0.1 time_ms=4 size=9297 referer="https://grafana.qiban.com/login/generic_oauth?code=code&state=state%3D"
t=2018-03-28T11:03:10+0800 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/public/build/grafana.dark.min.css status=404 remote_addr=127.0.0.1 time_ms=20 size=9297 referer="https://grafana.qiban.com/login/generic_oauth?code=code&state=state%3D"

Not sure but it looks like either the scopes is not correct or the api endpoint is not returning an email.

Maybe you should add user:email (or the Phabricator equivalent) to scopes? (The documentation says “This section has not been written yet.” for scopes so I’m not sure how you will find the information).

The error is when Grafana tries to call the following url:

http://mydomain.com/api/user.whoami/emails

It only does so if the endpoint for api_url does not return email.

Here is the spec for what the api_url enpoint should return:

https://connect2id.com/products/server/docs/api/userinfo