Problem setting up github authentication #5173
Comments
graciousgrey
added
the
question
|
This issue looks more like a support question than an issue. We strive to answer these reasonably fast, but purchasing the support subscription is not only more responsible and faster for your business but also makes Weblate stronger. In case your question is already answered, making a donation is the right way to say thank you! |
|
The GitHub auth can be configured in Docker by environment variables as well, see https://docs.weblate.org/en/latest/admin/install/docker.html#github
The documentation was written in time when GitHub Apps didn't yet exist, I've just clarified it to OAuth in 20e6012.
Check the URL sent in the authentication request to GitHub. My guess is that Weblate doesn't detect https in your case, try toggling https://docs.weblate.org/en/latest/admin/install/docker.html#envvar-WEBLATE_ENABLE_HTTPS |
|
Thank you! Setting WEBLATE_ENABLE_HTTPS solved my issue :) |
|
The issue you have reported is resolved now. If you don’t feel it’s right, please follow it’s labels to get a clue and take further steps.
|
Describe the issue
We want to use weblate with github authentication for our open source project photoprism/photoprism.
I've set up weblate with docker and additionally added a settings-override.py file as described here.
The weblate interface itself does look good but the github authentication does not work.
I already tried
1) In settings-override.py, I've set the variables defined here: https://docs.weblate.org/en/latest/admin/auth.html
AUTHENTICATION_BACKENDS, SOCIAL_AUTH_GITHUB_KEY, SOCIAL_AUTH_GITHUB_SECRET, SOCIAL_AUTH_GITHUB_SCOPE
What is not clear to me is whether I need to create an Github App or an OAuth App on Github because here it says
"You need to register an application on GitHub and then tell Weblate all its secrets"
whereas here
the link sends me to the Create OAuth App page from Github.
So I tried both: registering a
1a) Github App
1b) OAuth app
for our organization and added the client id and secret to the settings-override.py file.
I tried two variants of callback urls for both types of apps
1aa) & 1ba) "https://mydomian.com/accounts/complete/github/" as documented here
and
1ab) & 1ba) "https://mydomain.com/complete/github/" as documented here
--> in all 4 cases I see the Github button in the interface but I get the following error "Could not authenticate, probably due to an expired token or connection error."
2) I tried the same with the organizations settings described here
I've changed the following in the settings-override.py file:
Again I tried both types of Apps and both variants of the callback url
2aa) Github App + "https://mydomian.com/accounts/complete/github/" as callback url
2ba) OAuth App + "https://mydomian.com/accounts/complete/github/" as callback url
2ab) Github App + "https://mydomian.com/complete/github/" as callback url
2bb) OAuth App + "https://mydomian.com/complete/github/" as callback url
--> in all 4 cases I get
"error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application"
Note: We set WEBLATE_SITE_DOMAIN: "translate.photoprism.app" in docker and use "https://translate.photoprism.app/accounts/complete/github/" or "https://translate.photoprism.app/complete/github/" as callback url.
Question: I am not sure about the organization thing. Do we need to use it if we want to use weblate for a repo that is part of an organization? Or do we only need it in case we want only members of the organization to be able to authenticate via Github?
Because we do want all Github users to be able to authenticate.
Server configuration and status
Weblate installation: Docker
Weblate deploy checks
System check identified some issues:
WARNINGS:
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
?: (security.W018) You should not have DEBUG set to True in deployment.
INFOS:
?: (weblate.I021) Error collection is not set up, it is highly recommended for production use
HINT: https://docs.weblate.org/en/weblate-4.4/admin/install.html#collecting-errors
?: (weblate.I028) Backups are not configured, it is highly recommended for production use
HINT: https://docs.weblate.org/en/weblate-4.4/admin/backup.html
Thanks for your help!
The text was updated successfully, but these errors were encountered: