Manage OAuth with Murano User Service

This document describes how to use the Murano User Service to connect with external OAuth providers. This allows the end users of a solution to sign in using an existing identity such as Google or Facebook rather than using a username and password.

Content from this page utilize the Socials functions of the User service, please open the reference side-by-side when going through this guide.

Table of Contents


Required Endpoints

First, create the two endpoints on your solution with following Lua code.

  1. A login endpoint
--#ENDPOINT GET /social/handle/{consumer}/loginurl
-- This endpoint will redirect you to the social consumer login auth pages
response.headers["location"] = User.getSocialLoginUrl({consumer=request.parameters.consumer})
response.code = 303
  1. A callback endpoint
--#ENDPOINT GET /social/handle/{consumer}
-- This endpoint is social consumer callback url
-- Get token then request information
results, err = to_json(request.parameters)
resultd, err = from_json(results)
local tokenstr = User.getSocialToken(resultd)
response.message = User.socialRequest({consumer=request.parameters.consumer, token=tokenstr})

Google

Create an app on Google: https://console.developers.google.com/

Go to Credentials and create a new credential. It should be an OAuth client ID with type "Web Application".

image alt text

Get the:

 ClientID => Client ID

 Client_secret => Client secret

Add callback URL.

image alt text

Use websocket debug endpoint to add the google social connection.

Example: User.createSocial({"consumer":"Google","client_id":"xxxxxxxxxx","client_secret":"xxxxxx","scope":["profile","email"],"redirect":"https://sphx185.apps.exosite-dev.io/social/handle/Google"})

image alt text

Test it:

Example: https://sphx185.apps.exosite-dev.io/social/handle/Google/loginurl

image alt text

Facebook

Create an app on Facebook: https://developers.facebook.com/apps/

image alt text

Get the:

 ClientID => App ID

 Client_secret => App Secret

image alt text

Set the callback URL.

image alt text

Use websocket debug endpoint to add the Facebook social.

Example: User.createSocial({"consumer":"Facebook","client_id":"xxxxxxxxxx","client_secret":"xxxxxx","scope":["email","public_profile"],"redirect":"https://sphx185.apps.exosite-dev.io/social/handle/Facebook"})

image alt text

Test it.

Example: https://sphx185.apps.exosite-dev.io/social/handle/Facebook/loginurl

image alt text

Success!

image alt text

Amazon

Go to Amazon doc: http://login.amazon.com/website

Register your website as an Application on the App Console.

image alt text

Get the:

 ClientID =>  Client ID

 Client_secret => Client Secret

Use websocket debug endpoint to add the amazon social.

Example: User.createSocial({"consumer":"Amazon","client_id":"xxxxxxxxxx","client_secret":"xxxxxx","scope":["profile"],"redirect":"https://sphx185.apps.exosite-dev.io/social/handle/Amazon"})

image alt text

Test it:

Example: https://sphx185.apps.exosite-d

ev.io/social/handle/Amazon/loginurl

image alt text

Success!

image alt text

GitHub

Create a new application on Github: https://github.com/settings/applications/newimage alt text

Get the:

 ClientID =>  Client ID

 Client_secret => Client Secret

image alt text

Use websocket debug endpoint to add the GitHub social.

Example: User.createSocial({"consumer":"GitHub","client_id":"xxxxxxxxxxxx","client_secret":"xxxxxxxxxxxxxxx","scope":["user"],"redirect":"[https://sphx185.apps.exosite-dev.io/social/handle/GitHub](https://sphx185.apps.exosite-dev.io/social/handle/GitHub)"})

image alt text

Test it:

Example: https://sphx185.apps.exosite-dev.io/social/handle/GitHub/loginurl

image alt text

image alt text

Twitter

Note: Twitter is using OAuth1, not OAuth2, so it is different.

First create the two endpoints on your solution.

--#ENDPOINT GET /Twitter/login
-- This endpoint will redirect you to the social consumer login auth pages
local qToken =  User.getSocialLoginUrl({consumer="Twitter"})
local url = User.getSocialLoginUrl({consumer="Twitter",reqToken=qToken})
response.headers = {
  ["location"] = url,
  ["Set-Cookie"] = "token=" .. qToken .. "; Path=/social/Twitter;"
}
response.code = 303
--#ENDPOINT GET /social/Twitter/handle
-- This endpoint is social consumer callback url
-- Get token then request information
local Headers = request.headers
local Token = string.gsub(Headers["cookie"], "token=(%w+)", "%1")
local params= request.parameters
params.reqToken = Token
params.consumer = "Twitter"
local aToken = User.getSocialToken(params)
response.message = User.socialRequest({consumer= "Twitter", token=aToken})
Create a new application on Twitter[ h](https://apps.twitter.com/)

image alt text

image alt text

image alt text

Use websocket debug endpoint to add the GitHub social.

Example: User.createSocial({"consumer":"Twitter","client_id":"232131231","client_secret":"xxxxxxxxxxxxxxxxxx","redirect":"https://sphx185.apps.exosite-dev.io/social/Twitter/handle"})

image alt text

Test it.

Example: https://sphx185.apps.exosite-dev.io/Twitter/login

image alt text

image alt text