How to setup oauth2 SSO using auth-backends plugin

mahyard · February 12, 2020, 1:38pm

Hello everyone,
I’m trying to connect my own marketing site to my open edx instance using auth-backends.
I’ve added an application and set these values on my site:

INSTALLED_APPS = INSTALLED_APPS + ['social_django']

# Generic OAuth2 variables irrespective of SSO/backend service key types.
OAUTH2_PROVIDER_URL = 'http://edx.devstack.lms:18000/oauth2'

# OAuth2 variables specific to social-auth/SSO login use case.
SOCIAL_AUTH_EDX_OAUTH2_KEY = "mktg-client-id"
SOCIAL_AUTH_EDX_OAUTH2_SECRET = "mktg-client-secret"
SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = "http://localhost:18000"
SOCIAL_AUTH_EDX_OAUTH2_PUBLIC_URL_ROOT = "http://localhost:18000"
SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
SOCIAL_AUTH_STRATEGY = "auth_backends.strategies.EdxDjangoStrategy"

AUTHENTICATION_BACKENDS = (
    'auth_backends.backends.EdXOAuth2',
    'django.contrib.auth.backends.ModelBackend',
)

Now when I reach the LMS and login, it redirects me to my site with this parameter included in the query string:

error=invalid_scope

I didn’t define any scope in my settings. Requested scopes is by default: user_id+profile+email

Any help is really appreciated

mahyard · February 15, 2020, 11:53am

Could you kindly tell me that which version of auth-backends plugin can I use to connect my django site to an ironwood.master instance of Open edX?

Gaurav_Ojha · March 2, 2020, 4:29pm

Hi @mahyard were you able to find out where the scopes are defined?

mahyard · March 3, 2020, 6:41am

Hi @Gaurav_Ojha
I wasn’t able to find out. I guess there was a problem with my instance version (ironwood.master) and in a small try to upgrade to master I was unsuccessful again. finally I fall back to the old method (OIDC) but it may be fixed on master now.
tell us about your experience.

Gaurav_Ojha · March 3, 2020, 7:02am

Actually I didn’t find success even the OIDC way. I’m actually trying to make the credentials service to work and the error is same as what you received i.e. invalid_scope.

The ecommerce and insights services work fine with OIDC

oma0256 · August 7, 2020, 7:08pm

@mahyard @Gaurav_Ojha did you both manage to solve this issue?

Gaurav_Ojha · August 8, 2020, 7:26am

No @oma0256 I gave up!

mahyard · August 11, 2020, 2:16pm

hi @oma0256
I had no activity on this since my last reply

Manish_Hada · October 12, 2020, 7:11am

I faced same issues and found some solution
Open you OAuth provider ( which is lms in edx case) and open https://xxxx.com/admin/oauth_dispatch/applicationaccess/ and set scope user_id,profile,email and it works correctly then after.

Tim_McCormack · August 20, 2021, 4:21pm

Ah, perfect! I had the same problem. And in my case, all I had to put in the scope field in OAuth Dispatch was user_id.

Topic		Replies	Views
Edx-oauth2 vs edx-oidc Site Operations Help	2	500	November 15, 2019
Open edX as SSO IdP Site Operations Help how-to	3	609	October 8, 2021
Missing metadata.xml while configuring SAML third party auth on Ironwood edx Site Operators	4	1038	August 14, 2020
User has no social auth with backend_name tpa-saml Site Operations Help how-to , tutor	0	79	March 18, 2024
Open edx native, how to resolve google oauth2 forbidden 403 error? Site Operations Help	1	419	May 11, 2020

How to setup oauth2 SSO using auth-backends plugin

Related Topics