-
Type: Task
-
Status: Done
-
Priority: Minor
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Epic Link:
-
Sprint:Sprint 1
Following our meeting, find the step to reproduce the oAuth2 error. Regarding the previous captured video, please forget it as Billy got a misconfiguration related to the redirect_uri and not the state (that’s also an important part of the configuration but not our state problem)
On the Frame.io part, you must have a valid account (email/password). You can create a quick one here : https://accounts.frame.io/welcome
Once your account created, connect and execute the following tasks :
++
- **Oauth2 App configuration in Frame.io
Go to https://developer.frame.io/app/oauth-apps/new
Add a new configuration on Frame.io website allowing a Nuxeo instance to access Frame.io API. Change the part in red with your proper Nuxeo configuration.
- NAME
Define a name (No matter which value)
- REDIRECT URIS
Callback URL from Nuxeo using pattern YOUR_NUXEO_URL*/*NUXEO_CONTEXT/site/oauth2/OAUTH2_SERVICE_NAME_DECLARED_IN_NUXEO/callback
Part in red must be change
Part in green must be defined as it
In the following screenshot of our platform, we defined :
YOUR_NUXEO_URL with value https://dm-nuxeo-demo.oceaneconsulting.com
NUXEO_CONTEXT with value demo
OAUTH2_SERVICE_NAME_DECLARED_IN_NUXEO with value frameio
- Do not select Uses PKCE
- On the scopes list, check Offline / Accounts.Read / Team.Read
Click on Submit
Once created, you should have a screen with your created oAuth2 App like :
Please copy values generated for Client ID and Client Secret, we will reuse this value in Nuxeo configuration
Configuration completed on Frame.io
- **Declare an oAuth2 Provider for « Frame.io » in Nuxeo
- Connect to your Nuxeo instance as an Administrator (WebUI)
- Click on « Administration » link (bottom/left) and the on « Cloud Services » link
- Click on « Add » button to add a new oAuth2 Service Provider
- Provide following informations:
Service Name : Define the name used previously in OAUTH2_SERVICE_NAME_DECLARED_IN_NUXEO so frameio in our case
Description : No constraint, you can set « Frame.io Provider » for example
Client ID : previously copied value from Frame.io
Client Secret : previously copied value from Frame.io
Authorization Server URL : https://applications.frame.io/oauth2/auth
Token Server URL : https://applications.frame.io/oauth2/token
User Authorization URL : <LEAVE IT EMPTY>
Scopes : Specify the list of checked scopes in Frame.io, with a space between each itemso for our case : account.read offline team.read
- Check the Enabled checkbox
Sample :
Once created, the provider must appear in the list as frameio service name:
- **Testing the « Frame.io » oAuth2 provider from Nuxeo
- Connect to Nuxeo instance as a user or keep your session as administrator in WebUI
- Cliquer sur the « User Settings » link bottom/left and then on « Cloud Services »
- Click on the dedicated « Frame.io » button in « Connect to » part
- A popup will appear but closing fastly. Intercepting the popup before closing will give you the following message:
https://dm-nuxeo-demo.oceaneconsulting.com/demo/site/oauth2/frameio/callback?error=invalid_state&error_description=The+state+is+missing+or+has+less+than+8+characters+and+is+therefore+considered+too+weak&error_hint=Request+parameter+"state"+must+be+at+least+be+8+characters+long+to+ensure+sufficient+entropy.&state=
In that case, Nuxeo is not providing the « state » parameter to Frame.io so the authentication process is not launched. We have simulated the behavior with a Python server available here.
This POC here demosntrates it :
- Go to https://dm-frameio-demo.oceaneconsulting.com/
- Click on the first link, authenticate, done : you have access to REST API
- Go to https://dm-frameio-demo.oceaneconsulting.com/
- Click on the second link, you’re not able to authenticate with message : « Error: invalid_state »