Oauth2 not working

I have been trying to setup ecommerce in my Open edX Juniper instance. I have enabled ENABLE_OAUTH2_PROVIDER in lms.env.json as well as the common.py in lms/envs but I cannot see Oauth2 option in Django Administration Panel. How to enable it?

Juniper uses OAuth2 DOT Django-OAuth-Toolkit instead of DOP Django-OAuth-Provider
as per https://openedx.atlassian.net/wiki/spaces/COMM/pages/940048716/Juniper

You may also want to look at https://openedx.atlassian.net/wiki/spaces/COMM/pages/1532395987/Setup+OAuth+Client+for+Internal+Services+Django+Oauth+Toolkit+version

And under Juniper, you will need to use files in /edx/etc/lms.yml and /edx/etc/ecommerce.yml to configure the LMS and ecommerce. The JSON files under /edx/app/edxapp are no longer used.

2 Likes

hi pierre, curious if you’re aware of any changes to oauth2 between juniper.rc3 and juniper.master that changes the behavior of oauth2? i have a curious situation between two similar installations; both of which are using oauth2 with the same custom backend. the first was created in mid-june using juniper.rc3 and works fine. the second was created yesterday and oauth works with LMS but not with CMS. the configurations are identical. both share a session cookie.

Hi Lawrence.

Not that I know of. I didn’t encounter any problems with Juniper.1 or Juniper.2. All my OUATH2 clients authenticate with the LMS. I don’t believe I have clients who go through the CMS for oauth. Since the CMS authenticates to the LMS though JWT, could this be the issue? Just a wild guess.

thanks for the quick response pierre. confirming that CMS on these two installations uses the same new juniper shared authentication service. we put a button on the CMS home screen containing the LMS login url with a redirect the CMS home screen. this works fine on the juniper.rc3 upgrade but not on the juniper.master upgrade. interestingly, the django login from /admin works fine on both applications on both installations.

more context: in the juniper.master upgrade i’ve verified that the oauth process did in fact run successfully from CMS. however, CMS overwrites the sessionid with an empty string. again, the configuration settings are identical between the two installations.

Pierre, an update. i identified and corrected the problem on the juniper.master server. it was not related to source code at all. instead, it was some minor configuration changes we’d made to memcached that caused this problem.

1 Like

Great to hear Lawrence! Glad you found the problem and were able to fix it.