I think it should work with either the OAuth 2 or mini-orange plugin. Try it and let us know how it goes.

Ultimately I need to get this working with Gluu + Discord + Odoo (OpenERP). But I quickly setup Wordpress + miniOrange to try to get the URLs, attributes, etc. figured out in the hopes of then being able to figure it out for Odoo & Glulu. Note apparently the OAuth2 plugin isn't tested/verified compatible with latest version of WP according to the plugin list. So, it didn't take much to enable using the miniorange OAuth 2 client, and setup app in Discord Dev. Then adding into widgets. So that a valid Discord user can log into the WP site without a previous account. I'll see next if I can get at least that piece working with Odoo, just to have a close parallel. But then I need to figure out how to get this to play along with the much more important Gluu. I keep getting "so close" but keep getting attribute or other errors and can't quite get it working, so stepping back doing it this way in the hopes of tracking it down. I will post an update when I am at the next phase (hopefully soon).

So, with the MiniOrange client I can get WP to pop-up authorization from Discord, and create account in WP. But what we really need is to have it do so in Gluu (long-term with Odoo/OpenERP, but trying to use WP befause thought would be the fastest prototyping). Still struggling to get it to work with Gluu. Trying to use "OpenID Connect Client" but maybe I'm doing something wrong there, and I'll circle back to troubleshooting that in a bit. But I stumbled across this: https://wordpress.org/plugins/openid-connect-sso-by-gluu/#description Which I assume would have made things much simpler, but alas: "This plugin has been closed as of April 22, 2020 and is not available for download. This closure is temporary, pending a full review." Any ideas what is going on there? I'll come back with a separate post to this thread with the config info I have for OpenID connect to see if anyone can help guide me in the right direction for getting the Gluu + CMS + Discord working.

Goal: Get Oauth2 working between Discord and Gluu, with as few clicks/pages as possible for users. Using CMS as go-between because couldn't get direct Discord client working with Gluu, but CMS needed for landing webpage, not Gluu's webpages. Doing this for a nonprofit trying to help out as unpaid volunteer. Use case: User comes from Patreon or other source as donor (don't worry about this for this prototype, just where the user starts) and lands on landing page 1 of the CMS prompted to login/authorize Discord account (or create and authorize discord account) which also creates account in our Gluu (Which the CMS will need to use). They want to join one of our online activities in Discord. If they already have a Discord account, we want them to authorize that account info to make a new user created in Gluu for the CMS to use (and then they can go between our CMS pages and Discord as needed with a single login rather than manual creation process. Their donation level helps us determine what features on the CMS or which Discord features they get (we have tools in place for that manually already, elsewhere). I can get the Discord + CMS account creation working easily, it is trying to make this be in Gluu that I'm struggling alas. Mini-Orange works with Discord authentication and creating account in WP as desired, as per the link on the page. The problem is we really want to be using Gluu as central user repository not WP. In theory the expensive Miniorange $400+ plugin might work, but don't have that kind of budget for this small non-profit, so trying to get working with free plugins. Trying different clients, to get this working, current one trying to get working (feel free to recommend something else if you think better): OpenID Connect Client version 3.5.0. Wordpress 5.4.1 Ubunutu 18.04 Gluu 4.1.0. This is a prototype setup not production, but running out of time to get this prototype working to show proof of concept that it is feasible with Discord & Gluu (and whatever CMS, the CMS doesn't matter at this stage). It might be I am just not quite getting the endpoint URls right, or the right scopes. WP: https://wp.rpgr.org Gluu: https://p1.rpgr.org From the OpenID Connect - Generic Client configuration page: Login Type: OpenID Connect button on login form (I also created page with the LoginButtonShortcode). Client ID: (as per from Gluu OpenID Connect Client tool): d25dbd44-b0eb-42c2-99e7-37837b66f6a3 OpenID Scope: openid email (I have included other scopes as well, such as profile, user_name, identify (discord scope), etc., but that is current variant). Login Endpoint URL: https://p1.rpgr.org/oxauth/authorize Userinfo Endpoint URL: https://p1.rpgr.org/oxauth/userinfo Token Validation Endpoint URL: https://p1.rpgr.org/oxauth/token End Session Endpoint URL: https://p1.rpgr.org/oxauth/end_session Identity Key: preferred_username Nickname Key: {email} Link Existing Users <enabled> "If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error. " Redirect to the login screen session is expired <enabled> When enabled, this will automatically redirect the user back to the WordPress login page if their access token has expired. I have tried both from shortcode button on https://wp.rpgr.org/landing1 or default login page using the "Login with OpenID Connect" button (above regular login): https://wp.rpgr.org/wp-login.php resulting link when click button: https://p1.rpgr.org/oxauth/authorize?response_type=code&scope=openid+email&client_id=d25dbd44-b0eb-42c2-99e7-37837b66f6a3&state=1cca4b1ac5da140e9edd210316f306f7&redirect_uri=https%3A%2F%2Fwp.rpgr.org%2Fopenid-connect-authorize "404 That's an error. The requested URL was not found on this server." Suggestions on what I'm missing or doing wrong here? Thanks kindly!

The above settings were based on following the information here: https://testmd32.readthedocs.io/en/latest/api/oic-authorization/ But doing this: https://p1.rpgr.org/oxauth/.well-known/openid-configuration I'm trying with these other settings (had tried this earlier with another plugin but wasn't working so was following those docs hoping it might help. So, trying these settings instead: authorization_endpoint" : "https://p1.rpgr.org/oxauth/restv1/authorize userinfo_endpoint" : "https://p1.rpgr.org/oxauth/restv1/userinfo token_endpoint" : "https://p1.rpgr.org/oxauth/restv1/token end_session_endpoint" : "https://p1.rpgr.org/oxauth/restv1/end_session token_revocation_endpoint" : "https://p1.rpgr.org/oxauth/restv1/revoke url result/response: https://p1.rpgr.org/oxauth/restv1/authorize?response_type=code&scope=openid+email+profile&client_id=d25dbd44-b0eb-42c2-99e7-37837b66f6a3&state=0e4a5ad8ae187150570499ae9ad3d0df&redirect_uri=https%3A%2F%2Fwp.rpgr.org%2Fopenid-connect-authorize {"error_description":"The authorization server does not support obtaining an access token using this method.","state":"0e4a5ad8ae187150570499ae9ad3d0df","error":"unsupported_response_type"}

Gluu client config in Gluu: Client ID: d25dbd44-b0eb-42c2-99e7-37837b66f6a3 Scopes: openid email profile Response types: token code id_token Redirect Login URIs (this doesn't seem right): https://wp.rpgr.org/openid-connect-authorize Grant types: authorization code implicit refresh_token client_credentials Application type: Web Subject Type: pairwise Authentication method for the Token Endpoint: client_secret_basic Hmm, okay, now it is going to: https://p1.rpgr.org/oxauth/auth/passport/passportlogin.htm And prompting for login. I'm still off in these settings it seems. Added new client with updated config, and getting close (maybe?): Start here: https://wp.rpgr.org/ Click the link Gluu + Discord Auth? = https://discord.com/api/oauth2/authorize?client_id=712506064905437205&redirect_uri=https%3A%2F%2Fwp.rpgr.org%2Fopenid-connect-authorize&response_type=code&scope=identify%20email Prompted by Gluu for permission for WP? Click Authorize. Takes me to (Wrong?) redirect (correct for what I entered, but I suspect I should be providing different url to make this work better?): https://wp.rpgr.org/wp-login.php?login-error=missing-state&message=Missing+state. Powered by WordPress ERROR: Missing state. Login with OpenID Connect Username or Email Address Password Remember Me Register | Lost your password? ← Back to wp.rpgr.org Click on "Login with OpenID Connect" button = https://p1.rpgr.org/oxauth/restv1/authorize?response_type=code&scope=openid+email+profile&client_id=d25dbd44-b0eb-42c2-99e7-37837b66f6a3&state=265dcd6be83dc17d502ce716ff8fe5b8&redirect_uri=https%3A%2F%2Fwp.rpgr.org%2Fopenid-connect-authorize Some times I end up with (in fFirefox): end up with: https://wp.rpgr.org/openid-connect-authorize?code=54fb96d2-c807-4ba7-989c-9c31b8a0a4cb&scope=openid+profile+email&session_id=6bb4d5d9-7142-412d-b363-e9c0294b9647&state=265dcd6be83dc17d502ce716ff8fe5b8&session_state=46d9107aee224e234174e76eb988f1718fddda616857d974f0287b1a9f68d53a.2602a5d7-9124-4dfa-a7f2-d820299d703c error: Application not configured. But if I do this in Chrome, get: page: https://p1.rpgr.org/oxauth/auth/passport/passportlogin.htm With option for "External Providers" and click the GLuu Discord Passport Provider link: Get error: DiscordClientID-712506064905437205 is not recognized as external identity provider. But some how, (can't recreate it now), I was able to get almost what I wanted: https://p1.rpgr.org/oxauth/authorize.htm?scope=openid+email+profile&response_type=code&redirect_uri=https%3A%2F%2Fwp.rpgr.org%2Fopenid-connect-authorize&state=6716f13e44ae193e2dbcfb9066c6b305&client_id=d25dbd44-b0eb-42c2-99e7-37837b66f6a3 Request for Permission. TFN WP Client 1 is requesting permission to do the following: * Authenticate using OpenID Connect * View your basic profile info. * View your email address "Don't Allow" "Allow" buttons. Powered by Fluu. Free and open source access management. But, without changing anything in WP, Gluu, or Discord, I can't seem to replicate that almost success.... Hmmm. Pardon my sharing as I fumble through this. Hopefully the process of trying to explain it find the answer, though definitely appreciate any help doing this right/better. Hopefully it may help others having a similar struggle (I have seen many forum postings out there that seem similar, but without the solutions provided).

Okay, trying simpler more direct approach (still not sure if this is the best approach). ### Discord developer app side: ``` Direct Discord auth between Gluu. Create Discord Client in Discord Dev page: Discord App ID Name: DiscordGluuWP7 Discord Client ID: 712721813662203975 Scope: email identify (also tried with only email) Discord dev tool generated authorization link: https://discord.com/api/oauth2/authorize?client_id=712721813662203975&redirect_uri=https%3A%2F%2Fp1.rpgr.org%2Fpassport%2Fauth%2FDiscordGluuWP7%2Fcallback&response_type=code&scope=email%20identify ``` ### Gluu side: ``` Passport provider: DiscordGluuWP7 Display name: DiscordGluuWP7 Type: oauth Passport.s strategy: passport-openidconnect Mapping: openidconnect-default IsEnabled: True CallbackURL: https://p1.rpgr.org/passport/auth/DiscordGluuWP7/callback ClientID: as per discord clientid Clientsecret: as per discord clientsecret. ``` ### Result (again, not sure if this is the best combo of options to use): 1. Go to link `https://discord.com/api/oauth2/authorize?client_id=712721813662203975&redirect_uri=https%3A%2F%2Fp1.rpgr.org%2Fpassport%2Fauth%2FDiscordGluuWP7%2Fcallback&response_type=code&scope=email%20identify` 2. Prompted for permission: ``` "DiscordGluuWP7 wants to access your account" "This will allow discordgluuwp7 to: Access your username and avatar Access your email address" Cancel Authorize. ``` 3. I click authorize and get the following page & error: https://p1.rpgr.org/oxauth/error.htm ``` OOPS An unexpected error has occured at null ``` Output of `/opt/gluu/jetty/oxauth/logs/oxauth.log` when I click that authenticate button and it hits the gluu server: ``` 2020-05-20 18:36:04,874 ERROR [qtp1590550415-14] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:632) - Failed to get attributes from session 2020-05-20 18:36:04,877 ERROR [qtp1590550415-14] [org.gluu.oxauth.exception.GlobalExceptionHandler] (GlobalExce ptionHandler.java:50) - Committed javax.faces.FacesException: Committed at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:90) ~[javax.faces -2.3.9.jar:2.3.9] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) ~[javax.faces-2.3.9.jar:2.3.9] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:201) ~[javax.faces-2.3.9.jar:2.3.9] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:670) ~[javax.faces-2.3.9.jar:2.3.9] at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1395) ~[jetty-ser vlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) ~[jetty-servlet-9.4.26.v20200 117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-serv let-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) ~[websocket-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-serv let-9.4.26.v20200117.jar:9.4.26.v20200117] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:? ] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596) ~[jetty-serv let-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.26.v2 0200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) ~[jetty-security-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.2 6.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607) ~[jetty-server-9. 4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297) ~[jetty-server-9. 4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4. 26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.26.v20 200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4. 26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server -9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.2 6.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v 20200117] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) ~[jetty-server-9.4.26.v20 200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) [jetty-server-9.4.26.v20200117.j ar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) [jetty-server-9.4.26.v20200117.jar :9.4.26.v20200117] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.26.v20 200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-i o-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.26.v20200117.jar:9.4 .26.v20200117] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.26.v20200117.jar: 9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9 .4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util -9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-uti l-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.2 6.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java: 388) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4 .26.v20200117.jar:9.4.26.v20200117] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222] Caused by: java.lang.IllegalStateException: Committed at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:908) ~[jetty-server-9.4.26.v202001 17.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:1413) ~[?:?] at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1132) ~[?:?] at org.eclipse.jetty.server.Response.sendRedirect(Response.java:496) ~[?:?] at org.eclipse.jetty.server.Response.sendRedirect(Response.java:505) ~[?:?] at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:827) ~[javax.faces-2.3.9 .jar:2.3.9] at javax.faces.context.ExternalContextWrapper.redirect(ExternalContextWrapper.java:621) ~[javax.faces-2 .3.9.jar:2.3.9] at com.sun.faces.application.NavigationHandlerImpl.handleNavigation(NavigationHandlerImpl.java:308) ~[j avax.faces-2.3.9.jar:2.3.9] at com.sun.faces.application.NavigationHandlerImpl.handleNavigation(NavigationHandlerImpl.java:216) ~[j avax.faces-2.3.9.jar:2.3.9] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:132) ~[javax.face s-2.3.9.jar:2.3.9] at javax.faces.component.UIViewAction.broadcast(UIViewAction.java:587) ~[javax.faces-2.3.9.jar:2.3.9] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:870) ~[javax.faces-2.3.9.jar:2.3.9] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1418) ~[javax.faces-2.3.9.jar:2. 3.9] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) ~[javax.faces -2.3.9.jar:2.3.9] ... 43 more 2020-05-20 18:36:04,885 ERROR [qtp1590550415-14] [org.gluu.oxauth.exception.GlobalExceptionHandler] (GlobalExce ptionHandler.java:69) - Can't perform redirect to viewId: /error_service.htm java.lang.IllegalStateException: Committed at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:908) ~[jetty-server-9.4.26.v202001 17.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:1413) ~[?:?] at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1132) ~[?:?] at org.eclipse.jetty.server.Response.sendRedirect(Response.java:496) ~[?:?] at org.eclipse.jetty.server.Response.sendRedirect(Response.java:505) ~[?:?] at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:827) ~[javax.faces-2.3.9 .jar:2.3.9] at javax.faces.context.ExternalContextWrapper.redirect(ExternalContextWrapper.java:621) ~[javax.faces-2 .3.9.jar:2.3.9] at org.gluu.oxauth.exception.GlobalExceptionHandler.performRedirect(GlobalExceptionHandler.java:67) ~[c lasses/:?] at org.gluu.oxauth.exception.GlobalExceptionHandler.handle(GlobalExceptionHandler.java:51) ~[classes/:? ] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:118) ~[javax.faces-2.3.9.jar:2.3.9] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:201) ~[javax.faces-2.3.9.jar:2.3.9] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:670) ~[javax.faces-2.3.9.jar:2.3.9] at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHoldesudo ntpq -pr.java:1395) ~[jetty-ser vlet-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) ~[jetty-servlet-9.4.26.v20200 117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-serv let-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) ~[websocket-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-serv let-9.4.26.v20200117.jar:9.4.26.v20200117] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:? ] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596) ~[jetty-serv let-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.26.v2 0200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) ~[jetty-security-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.2 6.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607) ~[jetty-server-9. 4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297) ~[jetty-server-9. 4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4. 26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.26.v20 200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4. 26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212) ~[jetty-server-9.4 .26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server -9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.2 6.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v 20200117] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) ~[jetty-server-9.4.26.v20 200117.jar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) [jetty-server-9.4.26.v20200117.j ar:9.4.26.v20200117] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) [jetty-server-9.4.26.v20200117.jar :9.4.26.v20200117] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.26.v20 200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-i o-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.26.v20200117.jar:9.4 .26.v20200117] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.26.v20200117.jar: 9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9 .4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util -9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-uti l-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.2 6.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java: 388) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.26. v20200117.jar:9.4.26.v20200117] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4 .26.v20200117.jar:9.4.26.v20200117] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222] ``` 1. Am I even using the right combination of options here? I am concerned I've jumbling everything after struggling with this for so long. 2. If it is in the right direction, is there anything in that log that explains what needs to be tweaked to get this working correctly? Thanks!

Maybe I missed this, but why are using passport? Are you using Discord as the IDP? If so, this issue is incorrectly classified... it should be "Inbound Identity". If you want Gluu to be the IDP, why not just point Discord directly at the Gluu OpenID Connect Provider, with the config info you can find at `https://you.host.name/.well-known/openid-conifguration`

I've worried that I'm using the wrong combination. Here is the simplified desired flow, hopefully that helps narrow down the requirements and I can focus on which are the correct pieces. Maybe I should back up and try to cover the basic flow here, maybe that will be helpful to decide which tech combinations to use? There are other pieces, but was trying to keep it as simple as possible to just resolve making this basic connection between Gluu and Discord, trying not to confuse things further with the rest of the other pieces outside of just these two pieces. Example UX: Web user signs up via external website (like Patreon) and makes donation so they get a certain subscriber level. They then want to join an event in our Discord server that they need to be a subscriber to access. They are given an email with a link to Landing Page 1. https://wp.rpgr.org They then click a button to authorize Discord sharing email and linking to Gluu. The authorize Discord to access "email" and identify come up. They click Authorize. It works up to this point. But then when they click Authorize it should either update their existing Gluu account (if already in the system) with the Discord info, and/or if they don't yet have an accoutn setup in Gluu, prompt them to fill out the Gluu account creation, and then link the Discord account to their Gluu account. If they don't have a Discord account, then the usual Discord flow to create an account takes place, and then they authorize the link between their Gluu account and the Discord Account. They are then brought to Landing Page 2, with a button to join the Discord chatroom. As long as they are authorized and the right subscriber level, they are then able to immediately join that Discord room. We are using the public Discord server, not self-hosting, so we can only create Discord OAuth clients as per here: https://discord.com/developers/docs/topics/oauth2 and https://discord.com/developers/applications We are hosting our own gluu server (testing prototype for now) here: https://p1.rpgr.org We have a Wordpress server for the UI to try to avoid them seeing the inner workings of Gluu pages and provide friendly UI & UX. Here: https://wp.rpgr.org I though this would be as simple as: Create Discord Oauth client app on the discord dev page with clientid, secret, scope, redirect url. This then creates the link that I put in the button on the land page 1 to start the authorization process between Discord & Gluu. I then put this information in the Gluu side, go to Passport > Providers > Add New Provider. Then create the provider Discord. Filling in the info from the discord develper app creation page into the Gluu provider page. Is this the wrong way to try to achieve this flow's goal? Discord page info from Dev App creation info: Direct Discord auth between Gluu. Create Discord Client in Discord Dev page: Discord App ID Name: DiscordGluuWP7 Discord Client ID: 712721813662203975 Scope: email identify Redirect URL: https://p1.rpgr.org/identity/authentication/getauthcode or else also tried: https://p1.rpgr.org/passport/auth/DiscordGluuWP7/callback (not sure if either of these is what it should be) Discord dev tool generated authorization link: https://discord.com/api/oauth2/authorize?client_id=712721813662203975&redirect_uri=https%3A%2F%2Fp1.rpgr.org%2Fidentity%2Fauthentication%2Fgetauthcode&response_type=code&scope=identify%20email This is the link that users would click to start the authorization process. Since I don't have a means to configure the Discord server side, only the ability to create authorized clients, I'm not sure how I should be doing this differently. Does this help clarify?

output of https://p1.rpgr.org/.well-known/openid-configuration ``` { "request_parameter_supported": true, "token_revocation_endpoint": "https://p1.rpgr.org/oxauth/restv1/revoke", "introspection_endpoint": "https://p1.rpgr.org/oxauth/restv1/introspection", "claims_parameter_supported": false, "check_session_iframe": "https://p1.rpgr.org/oxauth/opiframe.htm", "scopes_supported": [ "address", "identify", "openid", "clientinfo", "user_name", "profile", "uma_protection", "permission", "oxtrust-api-write", "oxtrust-api-read", "https://p1.rpgr.org/oxauth/restv1/uma/scopes/scim_access", "phone", "mobile_phone", "https://p1.rpgr.org/oxauth/restv1/uma/scopes/passport_access", "oxd", "super_gluu_ro_session", "email" ], "issuer": "https://p1.rpgr.org", "acr_values_supported": [ "passport_saml", "casa", "auth_ldap_server", "passport_social" ], "userinfo_encryption_enc_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint": "https://p1.rpgr.org/oxauth/restv1/authorize", "service_documentation": "http://gluu.org/docs", "request_object_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported": [ "page", "popup" ], "id_generation_endpoint": "https://p1.rpgr.org/oxauth/restv1/id", "userinfo_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claims_supported": [ "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "phone_mobile_number", "preferred_username", "locale", "inum", "updated_at", "nickname", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping": [ { "profile": [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "openid": [] }, { "https://p1.rpgr.org/oxauth/restv1/uma/scopes/scim_access": [] }, { "permission": [] }, { "super_gluu_ro_session": [] }, { "https://p1.rpgr.org/oxauth/restv1/uma/scopes/passport_access": [] }, { "phone": [ "phone_number_verified", "phone_number" ] }, { "address": [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "identify": [ "user_name" ] }, { "clientinfo": [ "name", "inum" ] }, { "mobile_phone": [ "phone_mobile_number" ] }, { "email": [ "email_verified", "email" ] }, { "user_name": [ "user_name" ] }, { "oxtrust-api-write": [] }, { "oxd": [] }, { "uma_protection": [] }, { "oxtrust-api-read": [] } ], "claim_types_supported": [ "normal" ], "op_policy_uri": "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens": true, "response_modes_supported": [ "query", "fragment", "form_post" ], "token_endpoint": "https://p1.rpgr.org/oxauth/restv1/token", "response_types_supported": [ "id_token token code", "id_token code", "id_token", "token code", "token", "code", "id_token token" ], "request_uri_parameter_supported": true, "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "grant_types_supported": [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ], "end_session_endpoint": "https://p1.rpgr.org/oxauth/restv1/end_session", "ui_locales_supported": [ "en", "es" ], "userinfo_endpoint": "https://p1.rpgr.org/oxauth/restv1/userinfo", "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "op_tos_uri": "http://ox.gluu.org/doku.php?id=oxauth:tos", "frontchannel_logout_supported": true, "auth_level_mapping": { "1": [ "casa" ], "40": [ "passport_social" ], "60": [ "passport_saml" ], "-1": [ "auth_ldap_server" ] }, "require_request_uri_registration": false, "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "jwks_uri": "https://p1.rpgr.org/oxauth/restv1/jwks", "frontchannel_logout_session_supported": true, "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint": "https://p1.rpgr.org/oxauth/restv1/register", "claims_locales_supported": [ "en" ], "clientinfo_endpoint": "https://p1.rpgr.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_token_binding_cnf_values_supported": [ "tbh" ] } ```

Hi, Ha Ro. That's quite elaborated flow. I wonder if we can handle it under Community Support offer, to be honest. Normally we would suggest you should invite some outside help from [our partners](https://www.gluu.org/partners-service/) dealing with integrations, if you just need one-time assistance, and not a continuing support of your project. I'll try my best to suggest some solutions, though. Just one queston frist, though: if you can make Discord to work directly with your web app, what role do you assign to Gluu Server in this infrastructure? Perhaps you could draw some kind of diagram which explains all the interactions better?

I introduced him to Centroxy. I agree that the level of support requested here is probably beyond what we can support in the Community forums.

I've tried to follow the Discord flow starting from that page you mentioned: https://wp.rpgr.org But it seems to redirect me back to `wp.rpgr.org` after I click "Authorize" button at Discord. I don't see it hitting your Gluu Server in the network trace at any point. Or were you talking about your development environment, perhaps? Just trying to figure out how can we reproduce it locally, if possible. Unless your setup where the issue occur is accessible from the Internet.

I see, thanks, Michael. Should we close this ticket, then? I thought about giving a try to using Discord as OP in Passport OIDC flow.

I hope you won't give up trying to help just trying to get basic connection between Discord and Gluu. It has been a steep learning curve, but I'm getting the hang of it bit by bit I think. I played around with Wordpress + Miniorange + Discord + Gluu, and was able to get those to work through WP + Miniorange + Discord, and with WP + Miniorange + Gluu. I have been fiddling with that testing environment a lot, so when you checked it, it may not have been setup right. Here is another attempt that hopefully is simple enough flow, and just need help troubleshooting just getting this basic connection to work with just Gluu + Discord (as it did with Gluu + WP, and WP + Discord (through miniorange), please. I setup Discord client using Discord Dev portal. I setup in Gluu Passport Provider: `DiscordWPMiniOrangeClient1` Login to Gluu on https://p1.rpgr.org Use this link generated from Discord dev portal to test: `https://discord.com/api/oauth2/authorize?client_id=712896519279214602&redirect_uri=https%3A%2F%2Fp1.rpgr.org%2Fpassport%2Fauth%2FDiscordWPMiniOrangeClient1%2Fcallback&response_type=code&scope=identify%20email` I am correctly prompted to login to Discord, and then correctly prompted to authorize Gluu + discord. I click Authorize, but then it sends me to the Gluu login screen with "An error occurred" even though I am already logged into Gluu with that account. I'll post the logs next if that helps. Here is updated `https://p1.rpgr.org/.well-known/openid-configuration` Log output during clicking the generated link, `/opt/gluu/jetty/oxauth/logs/oxauth.log` ``` 2020-05-22 05:28:58,291 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:53) - Bound request started 2020-05-22 05:28:58,291 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.timer.TimerJob] (Tim erJob.java:36) - Fire timer event [org.gluu.service.cdi.event.ConfigurationEvent] with qualifie rs [@org.gluu.service.cdi.event.Scheduled()] from instance 582686944 2020-05-22 05:28:58,292 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:63) - Bound request ended 2020-05-22 05:28:58,297 DEBUG [oxAuthScheduler_Worker-3] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:53) - Bound request started 2020-05-22 05:28:58,298 DEBUG [oxAuthScheduler_Worker-3] [org.gluu.service.timer.TimerJob] (Tim erJob.java:36) - Fire timer event [org.gluu.service.cdi.event.LoggerUpdateEvent] with qualifier s [@org.gluu.service.cdi.event.Scheduled()] from instance 1545913395 2020-05-22 05:28:58,298 DEBUG [oxAuthScheduler_Worker-3] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:63) - Bound request ended 2020-05-22 05:28:58,330 DEBUG [oxAuthScheduler_Worker-5] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:53) - Bound request started 2020-05-22 05:28:58,331 DEBUG [oxAuthScheduler_Worker-5] [org.gluu.service.timer.TimerJob] (Tim erJob.java:36) - Fire timer event [org.gluu.service.cdi.event.CleanerEvent] with qualifiers [@o rg.gluu.service.cdi.event.Scheduled()] from instance 2085562513 2020-05-22 05:28:58,331 DEBUG [oxAuthScheduler_Worker-5] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:63) - Bound request ended 2020-05-22 05:28:58,332 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:187) - Built-in base dns: [ou=registered_devices,ou=u2f,o=gluu, ou=statistic,o=metric, ou=tokens,o=gluu, ou=clients,o=gluu, ou=pct,ou=uma,o=gluu, ou=resources,ou=uma,o=gluu, ou=peopl e,o=gluu, ou=authorizations,o=gluu, ou=registration_requests,ou=u2f,o=gluu] 2020-05-22 05:28:58,332 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=registered_devices,ou=u2f,o=gluu 2020-05-22 05:28:58,334 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=registered_devices,ou=u2f,o=gluu, takes: 1ms, r emoved items: 0 2020-05-22 05:28:58,334 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=statistic,o=metric 2020-05-22 05:28:58,371 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:53) - Bound request started 2020-05-22 05:28:58,371 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.timer.TimerJob] (Tim erJob.java:36) - Fire timer event [org.gluu.oxauth.service.cdi.event.AuthConfigurationEvent] wi th qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 814300802 2020-05-22 05:28:58,372 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.timer.RequestJobList ener] (RequestJobListener.java:63) - Bound request ended 2020-05-22 05:28:58,755 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=statistic,o=metric, takes: 420ms, removed items : 0 2020-05-22 05:28:58,755 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=tokens,o=gluu 2020-05-22 05:28:58,758 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=tokens,o=gluu, takes: 3ms, removed items: 1 2020-05-22 05:28:58,758 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=clients,o=gluu 2020-05-22 05:28:58,759 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=clients,o=gluu, takes: 1ms, removed items: 0 2020-05-22 05:28:58,760 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=pct,ou=uma,o=gluu 2020-05-22 05:28:58,777 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=pct,ou=uma,o=gluu, takes: 17ms, removed items: 0 2020-05-22 05:28:58,777 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=resources,ou=uma,o=gluu 2020-05-22 05:28:58,779 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=resources,ou=uma,o=gluu, takes: 1ms, removed it ems: 0 2020-05-22 05:28:58,779 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=people,o=gluu 2020-05-22 05:28:58,780 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=people,o=gluu, takes: 0ms, removed items: 0 2020-05-22 05:28:58,781 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=authorizations,o=gluu 2020-05-22 05:28:58,782 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=authorizations,o=gluu, takes: 1ms, removed item s: 0 2020-05-22 05:28:58,782 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:151) - Start clean up for baseDn: ou=registration_requests,ou=u2f,o=gluu 2020-05-22 05:28:58,784 DEBUG [Thread-85923] [org.gluu.oxauth.service.CleanerTimer] (CleanerTim er.java:156) - Finished clean up for baseDn: ou=registration_requests,ou=u2f,o=gluu, takes: 1ms , removed items: 0 2020-05-22 05:28:58,784 DEBUG [Thread-85923] [org.gluu.service.cache.NativePersistenceCacheProv ider] (NativePersistenceCacheProvider.java:248) - Start NATIVE_PERSISTENCE clean up 2020-05-22 05:28:58,787 DEBUG [Thread-85923] [org.gluu.service.cache.NativePersistenceCacheProv ider] (NativePersistenceCacheProvider.java:255) - End NATIVE_PERSISTENCE clean up, items remove 2020-05-22 05:29:05,483 INFO [qtp1590550415-19] [org.gluu.oxauth.service.AppInitializer] (AppI nitializer.java:348) - Created persistenceEntryManager: org.gluu.persist.ldap.impl.LdapEntryMan ager@6ba39386 with operation service: org.gluu.persist.ldap.operation.impl.LdapOperationsServic eImpl@69e53a3c ```

I don't see anything in the oxauth log related to the authentication event. Maybe if you did `tail -f` when you are logging in to make sure you just captchure info related to the transaction. Also, you should look at the oxauth_script.log, as this is where the response from passport is handled. You may want to add some more debug lines into the passport-social script, for example to print the response from Discord to see if that has any clue as to what is the issue (something missing or not mapped?) Also, it would be interesting to see the passport log.

# Using this Discord Developer Portal Client App generated link: https://discord.com/api/oauth2/authorize?client_id=712896519279214602&redirect_uri=https%3A%2F%2Fp1.rpgr.org%2Fpassport%2Fauth%2FDiscordGluuClient4602%2Fcallback&response_type=code&scope=identify%20email # Logs during attempt to authenticate/login ###### tail -f /opt/gluu/jetty/oxauth/logs/oxauth.log ``` 2020-05-23 18:55:58,291 DEBUG [oxAuthScheduler_Worker-1] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:53) - Bound request started 2020-05-23 18:55:58,291 DEBUG [oxAuthScheduler_Worker-1] [org.gluu.service.timer.TimerJob] (TimerJob.java:36) - Fire timer event [org.gluu.service.cdi.event.ConfigurationEvent] with qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 1608640575 2020-05-23 18:55:58,292 DEBUG [oxAuthScheduler_Worker-1] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:63) - Bound request ended 2020-05-23 18:55:58,298 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:53) - Bound request started 2020-05-23 18:55:58,298 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.timer.TimerJob] (TimerJob.java:36) - Fire timer event [org.gluu.service.cdi.event.LoggerUpdateEvent] with qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 1457861488 2020-05-23 18:55:58,299 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:63) - Bound request ended 2020-05-23 18:55:58,330 DEBUG [oxAuthScheduler_Worker-5] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:53) - Bound request started 2020-05-23 18:55:58,330 DEBUG [oxAuthScheduler_Worker-5] [org.gluu.service.timer.TimerJob] (TimerJob.java:36) - Fire timer event [org.gluu.service.cdi.event.CleanerEvent] with qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 246450465 2020-05-23 18:55:58,331 DEBUG [oxAuthScheduler_Worker-5] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:63) - Bound request ended 2020-05-23 18:55:58,331 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:187) - Built-in base dns: [ou=registered_devices,ou=u2f,o=gluu, ou=statistic,o=metric, ou=tokens,o=gluu, ou=clients,o=gluu, ou=pct,ou=uma,o=gluu, ou=resources,ou=uma,o=gluu, ou=people,o=gluu, ou=authorizations,o=gluu, ou=registration_requests,ou=u2f,o=gluu] 2020-05-23 18:55:58,331 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=registered_devices,ou=u2f,o=gluu 2020-05-23 18:55:58,333 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=registered_devices,ou=u2f,o=gluu, takes: 1ms, removed items: 0 2020-05-23 18:55:58,334 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=statistic,o=metric 2020-05-23 18:55:58,370 DEBUG [oxAuthScheduler_Worker-3] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:53) - Bound request started 2020-05-23 18:55:58,371 DEBUG [oxAuthScheduler_Worker-3] [org.gluu.service.timer.TimerJob] (TimerJob.java:36) - Fire timer event [org.gluu.oxauth.service.cdi.event.AuthConfigurationEvent] with qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 958460953 2020-05-23 18:55:58,371 DEBUG [oxAuthScheduler_Worker-3] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:63) - Bound request ended 2020-05-23 18:55:58,804 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=statistic,o=metric, takes: 470ms, removed items: 0 2020-05-23 18:55:58,820 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=tokens,o=gluu 2020-05-23 18:55:58,824 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=tokens,o=gluu, takes: 3ms, removed items: 1 2020-05-23 18:55:58,824 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=clients,o=gluu 2020-05-23 18:55:58,826 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=clients,o=gluu, takes: 1ms, removed items: 0 2020-05-23 18:55:58,826 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=pct,ou=uma,o=gluu 2020-05-23 18:55:58,849 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=pct,ou=uma,o=gluu, takes: 22ms, removed items: 0 2020-05-23 18:55:58,850 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=resources,ou=uma,o=gluu 2020-05-23 18:55:58,851 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=resources,ou=uma,o=gluu, takes: 1ms, removed items: 0 2020-05-23 18:55:58,852 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=people,o=gluu 2020-05-23 18:55:58,853 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=people,o=gluu, takes: 0ms, removed items: 0 2020-05-23 18:55:58,854 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=authorizations,o=gluu 2020-05-23 18:55:58,856 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=authorizations,o=gluu, takes: 1ms, removed items: 0 2020-05-23 18:55:58,856 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:151) - Start clean up for baseDn: ou=registration_requests,ou=u2f,o=gluu 2020-05-23 18:55:58,857 DEBUG [Thread-197481] [org.gluu.oxauth.service.CleanerTimer] (CleanerTimer.java:156) - Finished clean up for baseDn: ou=registration_requests,ou=u2f,o=gluu, takes: 0ms, removed items: 0 2020-05-23 18:55:58,857 DEBUG [Thread-197481] [org.gluu.service.cache.NativePersistenceCacheProvider] (NativePersistenceCacheProvider.java:248) - Start NATIVE_PERSISTENCE clean up 2020-05-23 18:55:58,859 DEBUG [Thread-197481] [org.gluu.service.cache.NativePersistenceCacheProvider] (NativePersistenceCacheProvider.java:255) - End NATIVE_PERSISTENCE clean up, items removed: 0 2020-05-23 18:56:01,883 INFO [qtp1590550415-13] [org.gluu.oxauth.service.AppInitializer] (AppInitializer.java:348) - Created persistenceEntryManager: org.gluu.persist.ldap.impl.LdapEntryManager@5dd996ad with operation service: org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl@1ccfc3b3 ``` # Landed on Gluu login page, not logged in. So manually logged in for the Gluu existing account, and this is what logs produced from that transaction: ``` 2020-05-23 18:56:08,862 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:53) - Bound request started 2020-05-23 18:56:08,862 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.timer.TimerJob] (TimerJob.java:36) - Fire timer event [org.gluu.service.cdi.event.UpdateScriptEvent] with qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 712701940 2020-05-23 18:56:08,897 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:63) - Bound request ended 2020-05-23 18:56:13,298 DEBUG [oxAuthScheduler_Worker-1] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:53) - Bound request started 2020-05-23 18:56:13,298 DEBUG [oxAuthScheduler_Worker-1] [org.gluu.service.timer.TimerJob] (TimerJob.java:36) - Fire timer event [org.gluu.service.cdi.event.LoggerUpdateEvent] with qualifiers [@org.gluu.service.cdi.event.Scheduled()] from instance 1641438402 2020-05-23 18:56:13,299 DEBUG [oxAuthScheduler_Worker-1] [org.gluu.service.timer.RequestJobListener] (RequestJobListener.java:63) - Bound request ended 2020-05-23 18:56:15,499 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:111) - Authenticating user with LDAP: username: 'discordtest1@rpgr.org', credentials: '609665300' 2020-05-23 18:56:15,499 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:298) - Attempting to find userDN by primary key: 'mail' and key value: 'discordtest1@rpgr.org', credentials: '609665300' 2020-05-23 18:56:15,500 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:401) - Getting user information from LDAP: attributeName = 'mail', attributeValue = 'discordtest1@rpgr.org' 2020-05-23 18:56:15,500 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:416) - Searching user by attributes: '[Attribute [name=mail, values=[discordtest1@rpgr.org]]]', baseDn: 'ou=people,o=gluu' 2020-05-23 18:56:15,508 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:418) - Found '1' entries 2020-05-23 18:56:15,515 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:321) - Attempting to authenticate userDN: inum=6f7a6575-3f16-422d-92b4-7f545c8290eb,ou=people,o=gluu 2020-05-23 18:56:15,540 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:323) - User authenticated: inum=6f7a6575-3f16-422d-92b4-7f545c8290eb,ou=people,o=gluu 2020-05-23 18:56:15,540 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:325) - Attempting to find userDN by local primary key: mail 2020-05-23 18:56:15,541 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.UserService] (UserService.java:172) - Getting user information from LDAP: attributeName = 'mail', attributeValue = 'discordtest1@rpgr.org' 2020-05-23 18:56:15,550 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.UserService] (UserService.java:187) - Found '1' entries 2020-05-23 18:56:15,577 DEBUG [qtp1590550415-15] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:344) - Get next step from script: '-1' 2020-05-23 18:56:15,591 DEBUG [qtp1590550415-15] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:427) - Sending event to trigger user redirection: 'discordtest1@rpgr.org' 2020-05-23 18:56:15,593 INFO [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:589) - Attempting to redirect user: SessionUser: SessionId {dn='4d721588-ab15-477d-b732-9a52c0f91073', id='4d721588-ab15-477d-b732-9a52c0f91073', lastUsedAt=Sat May 23 18:56:15 UTC 2020, userDn='inum=6f7a6575-3f16-422d-92b4-7f545c8290eb,ou=people,o=gluu', authenticationTime=Sat May 23 18:56:15 UTC 2020, state=authenticated, sessionState='b29b9be1e8626ce2daa483f4c476a980105c961a7e8f36aaff6274f0518d0575.11296707-adac-4cee-9aab-cc2426168ea1', permissionGranted=null, isJwt=false, jwt=null, permissionGrantedMap=SessionIdAccessMap{permissionGranted={1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3=false}}, involvedClients=null, sessionAttributes={auth_external_attributes=[{"externalProviders":"java.lang.String"}], opbs=1475d324-e221-4748-adbe-3df32ec0b425, externalProviders={"DiscordGluuClient4602": {"requestForEmail": false, "displayName": "DiscordGluuClient4602", "emailLinkingSafe": false, "type": "openidconnect", "logo_img": null, "saml": false}}, response_type=code, nonce=8b666975-aee4-4abc-b92f-ee02276d1a1e, client_id=1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3, auth_step=1, acr=passport_social, remote_ip=65.103.157.230, auth_user=discordtest1, scope=openid profile email user_name, acr_values=passport_social, redirect_uri=https://p1.rpgr.org/identity/authcode.htm, state=336ac939-1cc0-41fe-aab9-525530a6a901}, persisted=true} 2020-05-23 18:56:15,594 INFO [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:597) - Attempting to redirect user: User: org.gluu.oxauth.model.common.User@57556dd0 2020-05-23 18:56:15,595 INFO [qtp1590550415-15] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:430) - Authentication success for User: 'discordtest1@rpgr.org' 2020-05-23 18:56:15,694 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,695 DEBUG [qtp1590550415-14] [org.gluu.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:39) - Checking scopes policy for: openid profile email user_name 2020-05-23 18:56:15,703 DEBUG [qtp1590550415-14] [org.gluu.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:68) - Granted scopes: [openid, user_name, email] 2020-05-23 18:56:15,724 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,725 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.RedirectionUriService] (RedirectionUriService.java:77) - Validating redirection URI: clientIdentifier = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3, redirectionUri = https://p1.rpgr.org/identity/authcode.htm, found = 3 2020-05-23 18:56:15,725 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.RedirectionUriService] (RedirectionUriService.java:83) - Comparing https://p1.rpgr.org/identity/scim/auth == https://p1.rpgr.org/identity/authcode.htm 2020-05-23 18:56:15,726 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.RedirectionUriService] (RedirectionUriService.java:83) - Comparing https://p1.rpgr.org/identity/authcode.htm == https://p1.rpgr.org/identity/authcode.htm 2020-05-23 18:56:15,726 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,826 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,844 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,845 DEBUG [qtp1590550415-15] [gluu.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl] (AuthorizeRestWebServiceImpl.java:171) - Attempting to request authorization: responseType = code, clientId = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3, scope = openid profile email user_name, redirectUri = https://p1.rpgr.org/identity/authcode.htm, nonce = 8b666975-aee4-4abc-b92f-ee02276d1a1e, state = 336ac939-1cc0-41fe-aab9-525530a6a901, request = null, isSecure = true, requestSessionId = null, sessionId = null 2020-05-23 18:56:15,846 DEBUG [qtp1590550415-15] [gluu.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl] (AuthorizeRestWebServiceImpl.java:177) - Attempting to request authorization: acrValues = passport_social, amrValues = null, originHeaders = null, codeChallenge = null, codeChallengeMethod = null, customRespHeaders = null, claims = null, tokenBindingHeader = null 2020-05-23 18:56:15,847 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,847 DEBUG [qtp1590550415-15] [org.gluu.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:39) - Checking scopes policy for: openid profile email user_name 2020-05-23 18:56:15,851 DEBUG [qtp1590550415-15] [org.gluu.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:68) - Granted scopes: [openid, user_name, email] 2020-05-23 18:56:15,852 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:15,852 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.RedirectionUriService] (RedirectionUriService.java:77) - Validating redirection URI: clientIdentifier = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3, redirectionUri = https://p1.rpgr.org/identity/authcode.htm, found = 3 2020-05-23 18:56:15,853 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.RedirectionUriService] (RedirectionUriService.java:83) - Comparing https://p1.rpgr.org/identity/scim/auth == https://p1.rpgr.org/identity/authcode.htm 2020-05-23 18:56:15,853 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.RedirectionUriService] (RedirectionUriService.java:83) - Comparing https://p1.rpgr.org/identity/authcode.htm == https://p1.rpgr.org/identity/authcode.htm 2020-05-23 18:56:15,876 DEBUG [qtp1590550415-15] [org.gluu.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:39) - Checking scopes policy for: openid profile email user_name 2020-05-23 18:56:15,877 DEBUG [qtp1590550415-15] [org.gluu.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:68) - Granted scopes: [openid, user_name, email] 2020-05-23 18:56:16,040 DEBUG [qtp1590550415-15] [org.gluu.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:109) - Starting token endpoint authentication 2020-05-23 18:56:16,040 DEBUG [qtp1590550415-15] [org.gluu.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:122) - Starting Basic Auth token endpoint authentication 2020-05-23 18:56:16,041 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:16,041 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:93) - Authenticating Client with LDAP: clientId = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:16,042 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:16,042 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:570) - ConfigureSessionClient: username: '1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3', credentials: '609665300' 2020-05-23 18:56:16,042 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:16,043 INFO [qtp1590550415-15] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3' 2020-05-23 18:56:16,043 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 2020-05-23 18:56:16,045 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:110) - Attempting to request access token: grantType = authorization_code, code = 56124b85-8974-4df4-8711-8d04ced217ed, redirectUri = https://p1.rpgr.org/identity/authcode.htm, username = null, refreshToken = null, clientId = null, ExtraParams = {grant_type=[authorization_code], code=[56124b85-8974-4df4-8711-8d04ced217ed], redirect_uri=[https://p1.rpgr.org/identity/authcode.htm]}, isSecure = true, codeVerifier = null, ticket = null 2020-05-23 18:56:16,045 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:132) - Starting to validate request parameters 2020-05-23 18:56:16,046 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:140) - Grant type: 'authorization_code' 2020-05-23 18:56:16,046 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:146) - Get sessionClient: 'org.gluu.oxauth.model.session.SessionClient@6ccfd425' 2020-05-23 18:56:16,046 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:150) - Get client from session: '1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3' 2020-05-23 18:56:16,047 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:166) - Attempting to find authorizationCodeGrant by clinetId: '1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3', code: '56124b85-8974-4df4-8711-8d04ced217ed' 2020-05-23 18:56:16,065 DEBUG [qtp1590550415-15] [gluu.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:188) - Issuing access token: 5da9129e-0b43-40eb-a23a-e5bb827b4478 2020-05-23 18:56:16,151 DEBUG [qtp1590550415-14] [gluu.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl] (UserInfoRestWebServiceImpl.java:133) - Attempting to request User Info, Access token = 5da9129e-0b43-40eb-a23a-e5bb827b4478, Is Secure = true 2020-05-23 18:56:16,161 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.UserService] (UserService.java:81) - Getting user information from LDAP: userId = discordtest1 2020-05-23 18:56:16,169 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.UserService] (UserService.java:90) - Found 1 entries for user id = discordtest1 2020-05-23 18:56:16,169 DEBUG [qtp1590550415-14] [org.gluu.oxauth.service.ClientService] (ClientService.java:136) - Found 1 entries for client id = 1001.91f2e33a-8264-4c46-aa2d-f917beb17ca3 ``` # Output of /opt/gluu/jetty/oxauth/logs/oxauth_script.log ``` 2020-05-23 18:56:15,495 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:193) - Executing python 'authenticate' authenticator method 2020-05-23 18:56:15,496 INFO [qtp1590550415-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1 called 2020-05-23 18:56:15,497 INFO [qtp1590550415-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1. Basic authentication detected 2020-05-23 18:56:15,575 INFO [qtp1590550415-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. authenticate for step 1. Basic authentication returned: True 2020-05-23 18:56:15,576 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:291) - Executing python 'getApiVersion' authenticator method 2020-05-23 18:56:15,576 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:207) - Executing python 'getNextStep' authenticator method 2020-05-23 18:56:15,577 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:263) - Executing python 'getExtraParametersForStep' authenticator method 2020-05-23 18:56:15,578 INFO [qtp1590550415-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getExtraParametersForStep called 2020-05-23 18:56:15,578 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:179) - Executing python 'getCountAuthenticationSteps' authenticator method 2020-05-23 18:56:15,579 INFO [qtp1590550415-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getCountAuthenticationSteps called 2020-05-23 18:56:15,582 DEBUG [qtp1590550415-15] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:263) - Executing python 'getExtraParametersForStep' authenticator method 2020-05-23 18:56:15,582 INFO [qtp1590550415-15] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Passport. getExtraParametersForStep called ``` # Output of /opt/gluu/node/passport/server/logs/passport.log ``` 2020-05-23T18:56:01.418Z [ERROR] Unknown Error: TypeError: req.flash is not a function 2020-05-23T18:56:01.420Z [ERROR] TypeError: req.flash is not a function at allFailed (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:131:15) at attempt (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:180:28) at Strategy.strategy.fail (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:297:9) at loaded (/opt/gluu/node/passport/node_modules/passport-openidconnect/lib/strategy.js:83:21) at SessionStore.verify (/opt/gluu/node/passport/node_modules/passport-openidconnect/lib/state/session.js:71:11) at Strategy.authenticate (/opt/gluu/node/passport/node_modules/passport-openidconnect/lib/strategy.js:254:24) at attempt (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:361:16) at authenticate (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:362:7) at authenticateRequestCallback (/opt/gluu/node/passport/server/routes.js:113:4) at Layer.handle [as handle_request] (/opt/gluu/node/passport/node_modules/express/lib/router/layer.js:95:5) at next (/opt/gluu/node/passport/node_modules/express/lib/router/route.js:137:13) at validateProvider (/opt/gluu/node/passport/server/routes.js:81:3) at Layer.handle [as handle_request] (/opt/gluu/node/passport/node_modules/express/lib/router/layer.js:95:5) at next (/opt/gluu/node/passport/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/opt/gluu/node/passport/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/opt/gluu/node/passport/node_modules/express/lib/router/layer.js:95:5) at /opt/gluu/node/passport/node_modules/express/lib/router/index.js:281:22 at param (/opt/gluu/node/passport/node_modules/express/lib/router/index.js:354:14) at param (/opt/gluu/node/passport/node_modules/express/lib/router/index.js:365:14) at Function.process_params (/opt/gluu/node/passport/node_modules/express/lib/router/index.js:410:3) at next (/opt/gluu/node/passport/node_modules/express/lib/router/index.js:275:10) at Function.handle (/opt/gluu/node/passport/node_modules/express/lib/router/index.js:174:3) 2020-05-23T18:56:01.421Z [INFO] ::1 - GET /passport/auth/DiscordGluuClient4602/callback?code=4OEflYJUODItMJXE4EaUjmnVKuMJKm HTTP/1.1 302 220 - 3.734 ms ``` # Using the following configuration for the above results: ## Discord Client App Developer Portal Side: App Name: DiscordGluuClient4602 Cliend ID: 712896519279214602 ### OAuth2 Settings Redirects I have listed as I have been trying this out: https://discord.com/channels/710252954078281819/710252954078281822 https://p1.rpgr.org https://p1.rpgr.org/passport/auth/DiscordGluuClient4602/callback https://p1.rpgr.org/passport/auth/DiscordWPMiniOrangeClient1/callback https://wp.rpgr.org https://wp.rpgr.org/landing2 OAuth2 URl Generator: https://p1.rpgr.org/passport/auth/DiscordWPMiniOrangeClient1/callback Scopes: identify email Generated link: https://discord.com/api/oauth2/authorize?client_id=712896519279214602&redirect_uri=https%3A%2F%2Fp1.rpgr.org%2Fpassport%2Fauth%2FDiscordGluuClient4602%2Fcallback&response_type=code&scope=identify%20email ## Gluu Passport Provider Config for Provider ID: DiscordGluuClient4602 Display Name: DiscordGluuClient4602 Mapping: openidconnect-default Type: openidconnect Passport.js strategy: passport-openidconnect IsEnabled: True Callback URL: https://p1.rpgr.org/passport/auth/DiscordGluuClient4602/callback Provider Options: authorizationURL: https://discord.com/api/oauth2/authorize clientID: 712896519279214602 clientSecret: ******************* issuer: https://www.discord.com scope: openid identify email profile **(NOTE: identify is a Discord specific scope as far as I know, and I wonder if this is part of the issue???)** tokenURL: https://discord.com/api/oauth2/token userInfoURL: https://discord.com/api/oauth2/userinfo Not surprisingly, afrer all that, it does not show up as an authorized app in the Discord User Settings > Authorized Apps. List.

Status update: Thanks to the wonderful folks at Centroxy, with the help of Jajati, they created a new passport.js file for Discord. It is _mostly_ working, but not quite 100%. This is great progress after being stuck for nearly 2 months! Just need to iron out the last bits. After logging out, coming back, the user is once again prompted to authorize the same app event though it is already in the list of authorized apps in Discord. I have not had this problem with other apps with Discord. Looking into it to see if this is Gluu issue or Discord issue. Also, I am having some browser compatibility issues between Firefox and Chrome I will look into further (might just be the testing setup). I need to run through the more complete list of use cases. But it is looking promising. I'll know more by late tonight (it is after 5 am where I am currently visiting in Texas). The basic authentication prompt appears to be working now. 1. From the Gluu login page there is the "External Providers" on the right to click on "Discord". 2. The user is prompted to login to discord (if not already logged in). 3. After logging into Discord, the user is prompted to authorize the gluu app to access the Discord account info. 4. User clicks Authorize 5. App is added to the list of Authorized apps in the Discord Authorized Apps listing for that user. 6. User is logged into Gluu 1 use case I see that this breaks if the user's IP isn't recognized by the Discord server and they have to do a 2FA email verification link. THey have to go back and start the process again after they have authorized their IP. This is great progress though! Not quite closed out until can get it to stop asking to reauthorize every time, but once have that worked out we should finally have it working between Gluu and Discord at a basic level.

So unfortunately we can't move our production environment to Gluu 4.1 yet. So I'm having to try to figure out how to get this working on 3.1.6, trying to use the 4.1 implementation as a guide for the 3.1.6. I'll be posting configuration information comparing the two, because unfortunately it isn't quite working yet. I think it is the callback url, but not sure. I am on road right now, but at next break I will post all the configuration info and logs. This is urgent now down to the wire. If I can't get this working tonight the whole project is going to implode. :-( WIll report back in a few hours.

Hi Hawke I don't think any issue on Gluu 4.1 . The IP blocking or Authorize behaviour is from Discord. When discord detects login request from other location, it blocks until you verify the IP. Same behaviour will be there when you are trying Gluu 3.1.6 You should check this with Discord support team. Jajati

Here is the discord.js strategy from the 4.1 and 3.6.1 install and related information. Gluu 4.1 test server: https://p1.rpgr.org (basically works though needs some refinement) GLuu 3.1.6 test server: https://devau.thefantasy.network (not working, just trying to get working at least as well as the 4.1 version). # Gluu 4.1 Passport Discord Strategy discord.js :/opt/gluu/node/passport/server/mappings# cat discord.js ``` module.exports = profile =&gt; { return { uid: profile.username || profile.id, mail: profile.email, cn: profile.displayName || profile.username, displayName: profile.displayName || profile.username, givenName: profile.username, sn: profile.username } } ``` # Gluu 3.1.6 discord.js:/opt/gluu/node/passport/server/auth# cat configureStrategies.js ``` var DiscordStrategy = require('./discord'); var FacebookStrategy = require('./facebook'); var GitHubStrategy = require('./github'); var GoogleStrategy = require('./google'); var LinkedinStrategy = require('./linkedin'); var TumblrStrategy = require('./tumblr'); var TwitterStrategy = require('./twitter'); var YahooStrategy = require('./yahoo'); var DropboxOAuth2Strategy = require('./dropbox'); var OIDCStrategy = require('./openidconnect') var SamlStrategy = require("./saml"); var logger = require("../utils/logger") ``` ``` exports.setConfigurations = function(data){ SamlStrategy.setCredentials(); if (data &amp;&amp; data.passportStrategies) { //DiscordStrategy added by Hawke if (data.passportStrategies.discord) { logger.log2('info', 'Discord Strategy details received') DiscordStrategy.setCredentials(data.passportStrategies.discord) } //FacebookStrategy if (data.passportStrategies.facebook) { logger.log2('info', 'Facebook Strategy details received') FacebookStrategy.setCredentials(data.passportStrategies.facebook) } //GitHubStrategy if (data.passportStrategies.github) { logger.log2('info', 'Github Strategy details received') GitHubStrategy.setCredentials(data.passportStrategies.github) } //DropboxOAuth2Strategy if (data.passportStrategies.dropbox) { logger.log2('info', 'DropboxOAuth2 Strategy details received') DropboxOAuth2Strategy.setCredentials(data.passportStrategies.dropbox) } //GoogleStrategy if (data.passportStrategies.google) { logger.log2('info', 'Google Strategy details received') GoogleStrategy.setCredentials(data.passportStrategies.google) } //LinkedinStrategy if (data.passportStrategies.linkedin) { logger.log2('info', 'LinkedIn Strategy details received') LinkedinStrategy.setCredentials(data.passportStrategies.linkedin) } //TumblrStrategy if (data.passportStrategies.tumblr) { logger.log2('info', 'Tumblr Strategy details received') TumblrStrategy.setCredentials(data.passportStrategies.tumblr) } //TwitterStrategy if (data.passportStrategies.twitter) { logger.log2('info', 'Twitter Strategy details received') TwitterStrategy.setCredentials(data.passportStrategies.twitter) } //YahooStrategy if (data.passportStrategies.yahoo) { logger.log2('info', 'Yahoo Strategy details received') YahooStrategy.setCredentials(data.passportStrategies.yahoo) } //OIDCStrategy if (data.passportStrategies.openidconnect) { logger.log2('info', 'OIDC details received') OIDCStrategy.setCredentials(data.passportStrategies.openidconnect) } //SamlStrategy if (data.passportStrategies.saml) { logger.log2('info', 'Saml Strategy details received') } } else { logger.log2('error', 'Error in getting data: %s', JSON.stringify(err)) } }; ``` ``` Attempted replication in 3.1.6 formatting: /opt/gluu/node/passport/server/auth# cat discord.js var passport = require('passport'); var DiscordStrategy = require('passport-discord').Strategy; var setCredentials = function(credentials) { var callbackURL = global.applicationHost.concat("/passport/auth/discord/callback"); passport.use(new DiscordStrategy({ clientID: credentials.clientID, clientSecret: credentials.clientSecret, callbackURL: callbackURL, // enableProof: true, passReqToCallback: true // profileFields: ['id', 'name', 'displayName', 'email'] profileFields: ['id', 'name', 'displayName', 'email'] }, function(accessToken, refreshToken, profile, done) { var userProfile = { // id: profile._json.id || "", // id: profile.username || profile.id, id: profile.username || "", // uid: profile.username || profile.id, // name: profile.displayName || "", // name: profile.displayName || profile.username, name: profile.displayName || "", // username: profile.username || profile._json.id, // username: profile.username || "", username: profile.username || "", // email: profile._json.email || "", // email: profile.email || "", email: profile.email || "", // givenName: profile._json.first_name || "", givenName: profile.username || "", // familyName: profile._json.last_name || "", provider: "discord" }; return done(null, userProfile); } )); }; module.exports = { passport: passport, setCredentials: setCredentials }; //module.exports = profile =&gt; { // return { // uid: profile.username || profile.id, // mail: profile.email, // cn: profile.displayName || profile.username, // displayName: profile.displayName || profile.username, // givenName: profile.username, // sn: profile.username // } //} ``` # Gluu 4.1: extra-passport-params.js: /opt/gluu/node/passport/server# cat extra-passport-params.js ``` const fs = require('fs'), R = require('ramda') //Extra params supplied per strategy //They are not set via oxTrust to keep complexity manageable. These params are not expected to change: admins probably will never have to edit the below //This is wrapped in a function so params is not evaluated upon module load, only at first usage const params = R.once(() =&gt; [ { strategy: 'passport-saml', passportAuthnParams: {}, options: { validateInResponseTo: true, requestIdExpirationPeriodMs: 3600000, decryptionPvk: fs.readFileSync(global.config.spTLSKey, 'utf-8'), decryptionCert: fs.readFileSync(global.config.spTLSCert, 'utf-8') } }, { strategy: 'passport-oxd', passportAuthnParams: { scope: ['openid', 'email', 'profile'] }, options: {} }, { strategy: 'passport-dropbox-oauth2', passportAuthnParams: {}, options: { apiVersion: '2' } }, { strategy: 'passport-facebook', passportAuthnParams: { scope: ['email'] }, options: { profileFields: ['id', 'displayName', 'name', 'emails'], enableProof: true } }, { strategy: 'passport-discord', passportAuthnParams: {}, options: { scope: ['identify', 'email'], state: true } }, { strategy: 'passport-github', passportAuthnParams: { scope: ['user'] }, options: {} }, { strategy: 'passport-google-oauth2', passportAuthnParams: { scope: ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email'] }, options: {} }, { strategy: '@sokratis/passport-linkedin-oauth2', passportAuthnParams: {}, options: { scope: ['r_emailaddress', 'r_liteprofile'], state: true } }, { strategy: 'passport-twitter', passportAuthnParams: {}, options: { includeEmail: true } }, { strategy: 'passport-windowslive', passportAuthnParams: { //TODO: verify scope: ['wl.signin', 'wl.basic'] }, options: {} } ]) function get(strategyId, paramName) { //Select the (only) item matching let obj = R.find(R.propEq('strategy', strategyId), params()) return R.defaultTo({}, R.prop(paramName, obj)) } module.exports = { get: get } ``` # Gluu 3.1.6 configureStrategies.js :/opt/gluu/node/passport/server/auth# cat configureStrategies.js ``` var DiscordStrategy = require('./discord'); var FacebookStrategy = require('./facebook'); var GitHubStrategy = require('./github'); var GoogleStrategy = require('./google'); var LinkedinStrategy = require('./linkedin'); var TumblrStrategy = require('./tumblr'); var TwitterStrategy = require('./twitter'); var YahooStrategy = require('./yahoo'); var DropboxOAuth2Strategy = require('./dropbox'); var OIDCStrategy = require('./openidconnect') var SamlStrategy = require("./saml"); var logger = require("../utils/logger") exports.setConfigurations = function(data){ SamlStrategy.setCredentials(); if (data &amp;&amp; data.passportStrategies) { //DiscordStrategy added by Hawke if (data.passportStrategies.discord) { logger.log2('info', 'Discord Strategy details received') DiscordStrategy.setCredentials(data.passportStrategies.discord) } //FacebookStrategy if (data.passportStrategies.facebook) { logger.log2('info', 'Facebook Strategy details received') FacebookStrategy.setCredentials(data.passportStrategies.facebook) } //GitHubStrategy if (data.passportStrategies.github) { logger.log2('info', 'Github Strategy details received') GitHubStrategy.setCredentials(data.passportStrategies.github) } //DropboxOAuth2Strategy if (data.passportStrategies.dropbox) { logger.log2('info', 'DropboxOAuth2 Strategy details received') DropboxOAuth2Strategy.setCredentials(data.passportStrategies.dropbox) } //GoogleStrategy if (data.passportStrategies.google) { logger.log2('info', 'Google Strategy details received') GoogleStrategy.setCredentials(data.passportStrategies.google) } //LinkedinStrategy if (data.passportStrategies.linkedin) { logger.log2('info', 'LinkedIn Strategy details received') LinkedinStrategy.setCredentials(data.passportStrategies.linkedin) } //TumblrStrategy if (data.passportStrategies.tumblr) { logger.log2('info', 'Tumblr Strategy details received') TumblrStrategy.setCredentials(data.passportStrategies.tumblr) } //TwitterStrategy if (data.passportStrategies.twitter) { logger.log2('info', 'Twitter Strategy details received') TwitterStrategy.setCredentials(data.passportStrategies.twitter) } //YahooStrategy if (data.passportStrategies.yahoo) { logger.log2('info', 'Yahoo Strategy details received') YahooStrategy.setCredentials(data.passportStrategies.yahoo) } //OIDCStrategy if (data.passportStrategies.openidconnect) { logger.log2('info', 'OIDC details received') OIDCStrategy.setCredentials(data.passportStrategies.openidconnect) } //SamlStrategy if (data.passportStrategies.saml) { logger.log2('info', 'Saml Strategy details received') } } else { logger.log2('error', 'Error in getting data: %s', JSON.stringify(err)) } }; ``` # Gluu 3.1.6 index.js Snippet: root@localhost:/opt/gluu/node/passport/server/routes# grep discord * ``` var passportDiscord = require('../auth/discord').passport; case 'discord': //=============discord added by hawke ========== router.get('/auth/discord/callback', passportDiscord.authenticate('discord', { router.get('/auth/discord/:token', passportDiscord.authenticate('discord', { ``` Full file: /opt/gluu/node/passport/server/routes# cat index.js ``` var express = require('express'); var router = express.Router(); var jwt = require('jsonwebtoken'); var util = require('util') var passportLinkedIn = require('../auth/linkedin').passport; var passportGithub = require('../auth/github').passport; var passportTwitter = require('../auth/twitter').passport; var passportDiscord = require('../auth/discord').passport; var passportFacebook = require('../auth/facebook').passport; var passportTumblr = require('../auth/tumblr').passport; var passportYahoo = require('../auth/yahoo').passport; var passportGoogle = require('../auth/google').passport; var passportWindowsLive = require('../auth/windowslive').passport; var passportDropbox = require('../auth/dropbox').passport; var passportSAML = require('../auth/saml').passport; var passportOIDC = require('../auth/openidconnect').passport var fs = require('fs'); var uuid = require('uuid'); var logger = require("../utils/logger") var misc = require('../utils/misc') var openid = require('../openid/openid') var validateToken = function (req, res, next) { var token = req.body &amp;&amp; req.body.token || req.params &amp;&amp; req.params.token || req.headers['x-access-token']; if (token) { // verifies secret and checks expiration of token jwt.verify(token, global.applicationSecretKey, function (err, decoded) { if (err) { return res.json({ success: false, message: 'Failed to authenticate token.' }); } else { // if everything is good, save to request for use in other routes req.decoded = decoded; return next(); } }); } else { // if there is no token, return an error return res.redirect(global.config.applicationStartpoint + '?failure=No token provided'); } }; var casaCallback = function (req, res) { var provider = req.params.provider res.cookie('casa-' + provider, req.decoded.exp, { httpOnly: true, maxAge: 120000, //2min expiration secure: true }) var obj switch (provider) { case 'github': obj = passportGithub break case 'twitter': obj = passportTwitter break case 'discord': obj = passportDiscord break case 'facebook': obj = passportFacebook break case 'tumblr': obj = passportTumblr break case 'yahoo': obj = passportYahoo break case 'google': obj = passportGoogle break case 'windowslive': obj = passportWindowsLive break case 'dropbox': obj = passportDropbox break case 'openidconnect': obj = passportOIDC break } if (!obj &amp;&amp; (provider in global.saml_config)) { obj = passportSAML } var lurl = '/casa/rest/pl/account-linking/idp-linking' if (!obj) { res.redirect(util.format('%s?failure=Provider %s not recognized in passport-casa mapping', lurl, provider)) } else { logger.log2('verbose', 'At casaCallback, proceeding with linking procedure for provider %s', provider) obj.authenticate(provider, { failureRedirect: util.format('%s?failure=An error occurred triggering authentication for %s', lurl, provider) } )(req,res) } } var callbackResponse = function (req, res) { if (!req.user) { return res.redirect(global.config.applicationStartpoint + '?failure=Unauthorized'); } var provider = req.params.providerKey || req.user.provider var postUrl if (req.cookies['casa-' + provider]) { postUrl = '/casa/rest/pl/account-linking/idp-linking/' + encodeURIComponent(provider) } else { postUrl = global.config.applicationEndpoint } var subject = req.user.id logger.log2('info', 'User authenticated with userid "%s" and strategy "%s"', subject, provider) var now = new Date().getTime() var jwt = misc.getJWT({ iss: postUrl, sub: subject, aud: global.config.clientId, jti: uuid(), exp: now / 1000 + 30, iat: now, data: req.user }) logger.log2('debug', 'Preparing to send user data to: %s with JWT=%s', postUrl, jwt) var response_body = ` &lt;html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"&gt; &lt;head&gt; &lt;/head&gt; &lt;body onload="document.forms[0].submit()"&gt; &lt;noscript&gt; &lt;p&gt; <strong>Note:</strong> Since your browser does not support JavaScript, you must press the Continue button once to proceed. &lt;/p&gt; &lt;/noscript&gt; &lt;form action="${postUrl}" method="post"&gt; &lt;div&gt; &lt;input type="hidden" name="user" value="${jwt}"/&gt; &lt;noscript&gt; &lt;input type="submit" value="Continue"/&gt; &lt;/noscript&gt; &lt;/div&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; ` res.set('content-type', 'text/html;charset=UTF-8'); return res.send(response_body); }; var callbackAuthzResponse = function (req, res) { logger.log2('verbose', "callbackAuthzResponse. Entry point") if (!req.user) { return res.redirect(global.config.applicationStartpoint + '?failure=Unauthorized'); } var provider = req.user.providerKey var user = req.user var subject = user.id logger.log2('info', 'User authenticated with userid "%s" and strategy "%s"', subject, provider) logger.log2('verbose', 'callbackAuthzResponse. Full req is\n%s', util.inspect(req, {showHidden: false, depth: 2})) var idp_initiated_config = global.saml_idp_init_config[provider] logger.log2('verbose', 'Using inboung IDP config: %s', JSON.stringify(idp_initiated_config)) if (idp_initiated_config) { client = idp_initiated_config['openid_client'] authorization_params = idp_initiated_config['authorization_params'] // Cache authorization_endpoint authorization_endpoint = undefined if (idp_initiated_config[provider]) { authorization_endpoint = idp_initiated_config[provider] logger.log2('debug', 'Get cached authorization_endpoint: %s', authorization_endpoint) redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) } else { openid.getAuthorizationEndpoint(client['server_uri']) .then(authorization_endpoint =&gt; { logger.log2('debug', 'Get authorization_endpoint: %s', authorization_endpoint) idp_initiated_config[provider] = authorization_endpoint redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) }) } } else { return res.redirect(util.format('%s?failure=Unknown IDP %s or service provider %s', global.config.applicationStartpoint, provider, "")) } }; function redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) { logger.log2('debug', 'Call to redirectToAuthorizationEndpoint') var subject = user.id var now = new Date().getTime() var jwt = misc.getJWT({ iss: client['server_uri'], sub: subject, aud: authorization_params['client_id'], jti: uuid(), exp: now / 1000 + 30, iat: now, data: user }) logger.log2('debug', 'Preparing to send authorization request with user data to: %s with JWT=%s', authorization_endpoint, jwt) authorization_params_cloned = JSON.parse(JSON.stringify(authorization_params)) authorization_params_cloned['state'] = jwt authorization_url = openid.getAuthorizationUrl(authorization_endpoint, authorization_params_cloned) res.set('content-type', 'text/html;charset=UTF-8'); return res.redirect(authorization_url); } router.get('/', function (req, res, next) { res.render('index', { title: 'Node-Passport' }); }); router.get('/login', function (req, res, next) { res.redirect(global.config.applicationStartpoint + '?failure=An error occurred'); }); router.get('/casa/:provider/:token', validateToken, casaCallback) //=================== linkedin ================= router.get('/auth/linkedin/callback', passportLinkedIn.authenticate('linkedin', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/linkedin/:token', validateToken, passportLinkedIn.authenticate('linkedin')); //===================== github ================= router.get('/auth/github/callback', passportGithub.authenticate('github', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/github/:token', validateToken, passportGithub.authenticate('github', { scope: ['user:email'] })); //==================== twitter ================= router.use('/auth/twitter/callback', passportTwitter.authenticate('twitter', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/twitter/:token', validateToken, passportTwitter.authenticate('twitter')); //=============discord added by hawke ========== router.get('/auth/discord/callback', passportDiscord.authenticate('discord', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/discord/:token', validateToken, passportDiscord.authenticate('discord', { scope: ['identify', 'email'] })); //==================== facebook ================ router.get('/auth/facebook/callback', passportFacebook.authenticate('facebook', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/facebook/:token', validateToken, passportFacebook.authenticate('facebook', { scope: ['email'] })); //===================== tumblr ================= router.get('/auth/tumblr/callback', passportTumblr.authenticate('tumblr', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/tumblr/:token', validateToken, passportTumblr.authenticate('tumblr')); //===================== yahoo ================= router.get('/auth/yahoo/callback', passportYahoo.authenticate('yahoo', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/yahoo/:token', validateToken, passportYahoo.authenticate('yahoo')); //===================== google ================= router.get('/auth/google/callback', passportGoogle.authenticate('google', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/google/:token', validateToken, passportGoogle.authenticate('google', { scope: ['profile', 'email'] })); //================== windowslive =============== router.get('/auth/windowslive/callback', passportWindowsLive.authenticate('windowslive', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/windowslive/:token', validateToken, passportWindowsLive.authenticate('windowslive')); //================== dropbox ================== router.get('/auth/dropbox/callback', passportDropbox.authenticate('dropbox-oauth2', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/dropbox/:token', validateToken, passportDropbox.authenticate('dropbox-oauth2')); //=================== OIDC =================== router.get('/auth/openidconnect/callback', passportOIDC.authenticate('openidconnect', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/openidconnect/:token', validateToken, passportOIDC.authenticate('openidconnect')) //===================saml ==================== var entitiesJSON = global.saml_config; for (key in entitiesJSON) { if (entitiesJSON[key].cert &amp;&amp; entitiesJSON[key].cert.length &gt; 5 &amp;&amp; entitiesJSON[key].enable.match("true")) { router.post('/auth/saml/' + key + '/callback', passportSAML.authenticate(key, { failureRedirect: '/passport/login' }), callbackResponse); router.post('/auth/saml/' + key + '/callback/inbound', passportSAML.authenticate(key, { failureRedirect: '/passport/login' }), callbackAuthzResponse); router.get('/auth/saml/' + key + '/:token', validateToken, passportSAML.authenticate(key)); } else { router.get('/auth/saml/' + key + '/:token', validateToken, function (req, res) { err = { message: "cert param is required to validate signature of saml assertions response" }; logger.log2('error', 'Cert Error: %s', JSON.stringify(err)) res.status(400).send("Internal Error"); }); } } router.get('/auth/meta/idp/:idp', function (req, res) { var idp = req.params.idp; logger.log2('verbose', 'Metadata request for %s', idp); fs.readFile(__dirname + '/../idp-metadata/' + idp + '.xml', (e, data) =&gt; { if (e) { res.status(404).send("Internal Error") } else { res.status(200).set('Content-Type', 'text/xml').send(String(data)) } }) }); //======== catch 404 and forward to login ======== router.all('/*', function (req, res, next) { var err = new Error('Not Found'); err.status = 404; res.redirect(global.config.applicationStartpoint + '?failure=The requested resource does not exists!'); }); module.exports = router; ``` # Log output for GLuu 3.1.6 server /opt/gluu/jetty/oxauth/logs# tail -f * **User lands on the Gluu login page:** ``` 2020-06-26 14:05:00,392 INFO [qtp804611486-18] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep called 1 2020-06-26 14:05:00,394 INFO [qtp804611486-18] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. parseProviderConfigs. Adding social providers ==&gt; oxauth.log &lt;== 2020-06-26 14:05:00,395 INFO [qtp804611486-18] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:330) - Created ldapEntryManager:org.gluu.site.ldap.persistence.LdapEntryManager@2f582dd4 with provider org.xdi.service.ldap.LdapConnectionService@7f256398 ==&gt; 2020_06_26.jetty.log &lt;== 2020-06-26 14:05:00,395 INFO [qtp804611486-18] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:330) - Created ldapEntryManager:org.gluu.site.ldap.persistence.LdapEntryManager@2f582dd4 with provider org.xdi.service.ldap.LdapConnectionService@7f256398 ==&gt; oxauth_script.log &lt;== 2020-06-26 14:05:00,399 INFO [qtp804611486-18] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep. A page to manually select an identity provider will be shown 2020-06-26 14:05:00,399 INFO [qtp804611486-18] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called ``` **User clicks the Discord link** ``` 2020-06-26 14:05:04,956 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. authenticate called 1 2020-06-26 14:05:04,957 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. authenticate for step 1. Retrying step 1 ==&gt; oxauth.log &lt;== 2020-06-26 14:05:04,959 INFO [qtp804611486-11] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:345) - Authentication reset to step : '1' ==&gt; 2020_06_26.jetty.log &lt;== 2020-06-26 14:05:04,959 INFO [qtp804611486-11] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:345) - Authentication reset to step : '1' ==&gt; oxauth_script.log &lt;== 2020-06-26 14:05:04,961 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2020-06-26 14:05:04,961 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getCountAuthenticationSteps called 2020-06-26 14:05:04,962 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2020-06-26 14:05:05,065 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep called 1 2020-06-26 14:05:05,066 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. parseProviderConfigs. Adding social providers ==&gt; oxauth.log &lt;== 2020-06-26 14:05:05,068 INFO [qtp804611486-14] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:330) - Created ldapEntryManager:org.gluu.site.ldap.persistence.LdapEntryManager@2f8f1d27 with provider org.xdi.service.ldap.LdapConnectionService@7f256398 ==&gt; 2020_06_26.jetty.log &lt;== 2020-06-26 14:05:05,068 INFO [qtp804611486-14] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:330) - Created ldapEntryManager:org.gluu.site.ldap.persistence.LdapEntryManager@2f8f1d27 with provider org.xdi.service.ldap.LdapConnectionService@7f256398 ==&gt; oxauth_script.log &lt;== 2020-06-26 14:05:05,073 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Obtaining token from passport at https://devau.thefantasy.network/passport/token 2020-06-26 14:05:05,140 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Response was 503 2020-06-26 14:05:05,141 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Error building redirect URL: 2020-06-26 14:05:05,141 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - expected string or buffer, but got &lt;type 'NoneType'&gt; 2020-06-26 14:05:05,142 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep. A page to manually select an identity provider will be shown 2020-06-26 14:05:05,146 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called ``` **Any ideas? Thanks!**

@jajati. Understood about the IP blocking by Discord. I'm not worrying about that at this point, since as you say that is Discord issue. The problem I'm having right now is trying to get this working on 3.1.6 the same as 4.1. Right now (see all the info I posted just a bit ago), it is not working at all. Not sure what piece is missing or misconfigured on the 3.1.6 side. Any ideas what may be wrong with the 3.1.6 conversion? I'm assuming it is most likely in the discord.js file (though not certain). Ideas? Thanks again kindly!

Additional logs: /opt/gluu/jetty/oxauth/logs# tail -f * When click the Discord link on the Gluu login page (which just comes back to the GLuu login page rather than the Discord Auth/login prompt): ``` ==&gt; oxauth_script.log &lt;== 2020-06-26 15:21:34,918 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. authenticate called 1 2020-06-26 15:21:34,920 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. authenticate for step 1. Retrying step 1 ==&gt; oxauth.log &lt;== 2020-06-26 15:21:34,922 INFO [qtp804611486-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:345) - Authentication reset to step : '1' ==&gt; 2020_06_26.jetty.log &lt;== 2020-06-26 15:21:34,922 INFO [qtp804611486-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:345) - Authentication reset to step : '1' ==&gt; oxauth_script.log &lt;== 2020-06-26 15:21:34,923 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2020-06-26 15:21:34,924 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getCountAuthenticationSteps called 2020-06-26 15:21:34,925 INFO [qtp804611486-14] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2020-06-26 15:21:35,022 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep called 1 2020-06-26 15:21:35,024 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. parseProviderConfigs. Adding social providers ==&gt; oxauth.log &lt;== 2020-06-26 15:21:35,025 INFO [qtp804611486-15] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:330) - Created ldapEntryManager:org.gluu.site.ldap.persistence.LdapEntryManager@2124e51a with provider org.xdi.service.ldap.LdapConnectionService@53c4b36b ==&gt; 2020_06_26.jetty.log &lt;== 2020-06-26 15:21:35,025 INFO [qtp804611486-15] [org.xdi.oxauth.service.AppInitializer] (AppInitializer.java:330) - Created ldapEntryManager:org.gluu.site.ldap.persistence.LdapEntryManager@2124e51a with provider org.xdi.service.ldap.LdapConnectionService@53c4b36b ==&gt; oxauth_script.log &lt;== 2020-06-26 15:21:35,032 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Obtaining token from passport at https://devau.thefantasy.network/passport/token 2020-06-26 15:21:35,091 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Response was 503 2020-06-26 15:21:35,092 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Error building redirect URL: 2020-06-26 15:21:35,093 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - expected string or buffer, but got &lt;type 'NoneType'&gt; 2020-06-26 15:21:35,093 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep. A page to manually select an identity provider will be shown 2020-06-26 15:21:35,093 INFO [qtp804611486-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called ```

Found this other file that looks like also needs to be edited? So added the Discord listing: /opt/gluu/node/passport/server/views# cat index.html ``` {% extends 'layout.html' %} {% block title %}{% endblock %} {% block content %} &lt;div class="container"&gt; &lt;h1&gt;{{ title }}&lt;/h1&gt; &lt;p&gt;Welcome! Please Login.&lt;/p&gt; &lt;hr&gt;&lt;br&gt; <a href="/auth/linkedin/passtoken">LinkedIn</a> <a href="/auth/github/passtoken">Github</a> <a href="/auth/twitter/passtoken">Twitter</a> <a href="/auth/google/passtoken">Google</a> <a href="/auth/discord/passtoken">Discord</a> <a href="/auth/facebook/passtoken">Facebook</a> <a href="/auth/tumblr/passtoken">Tumblr</a> <a href="/auth/yahoo/passtoken">Yahoo</a> &lt;/div&gt; {% endblock %} ``` also update section of login.xhtml in /opt/gluu/jetty/oxauth/custom/pages --snippet--``` &lt;div class="button_social"&gt; <ul> <li><a href="#"><i></i> Sign In with Discord</a></li> <li><a href="#"><i></i> Sign In with Facebook</a></li> <li><a href="#"><i></i> Sign In with Twitter</a></li> <li><a href="#"><i></i> Sign In with Google+</a></li> <li><a href="#"><i></i> Sign In with Linkedin</a></li> </ul> &lt;p&gt;or Login with&lt;/p&gt; ``` --snippet-- That did _not_ get it working, but another piece of the puzzle to include I guess.

I think you should create a new ticket for 3.1.6 as this ticket was about 4.1 and Discord integartion working with 4.1

Okay. Though, the OP was about getting Discord working with _any_ version of Gluu, but if you think it will help to have it is separated between versions I will go ahead an re-post the info for the 3.1.6 version. Cheers!