Oauth2, nextcloud and wiki.js - or how can I pass a node variable to wiki.js

felagund · March 12, 2023, 3:12pm

My YunoHost server

Hardware: Virtual box on my laptop

YunoHost version: 11.0.10.2

I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
All of the above

**Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?
This is a test install not exposed to the internet and without Let’s Encrypt’s certificates.

If your request is related to an app, specify its name and version: Wiki.js 2.5.290

Description of my issue

I am trying to setup OAuth2 authentication by Nextcloud to be used by wiki.js. I got it to a point where I can login via nextcloud and grant access to wiki.js but then I get error Failed to obtain access token. I think this is due to me not using Let’s Encrypt’s or any other recognized certificate as suggested here.

The suggested fix is for Docker and suggests to run wiki.js with variable NODE_EXTRA_CA_CERTS set to the servers certificate. I tried putting a to /etc/profile/profile.d

export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/yunohost_crt.pem

and when I then run

node
console.log(process.env);

the variable is set to the above. However, oauth2 does not work.

I guess there are two possibilities - either the misconfiguration is somewhere else or I failed to pass the variable to wiki.js properly. Any ideas how I might check or where the error could be elsewhere?

felagund · March 12, 2023, 3:16pm

Actually, just after writing my post, I restarted yunohost once more and it started to work. the last thing I did was to go into the filesystem and not that /etc/ssl/certs/yunohost_crt.pem points to /etc/yunohost/certs/MY_DOMAIN (MY_DOMAIN being my domainú) and can be read only by root. I changed permissions on parent directories so that they could be read and executed (entered) and changed the permission on the file itself so that it could be read and now it works.

Should all that be unreadable? Keys are secret, but certificates are meant to be public, no?

Edit: but maybe that has nothing to do with that and I just have not refreshed in my browser enough, not sure now.

Edit2: Hm maybe I was wrong and it did not work. Immediately after, I stumbled into 502 error ( WIKIjs and gateway error 502 ) so I reinstalled the wiki. Now no matter what I do, I cannt make this to work, it is always stuck at that error about the token.

system · March 27, 2023, 3:16pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.