Jump to content



  • Posts

  • Joined

  • Last visited

About GOM IT

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

GOM IT's Achievements

  1. Thank you! The way you describe works partially. The login method can be reactivated via the changed database entry, but the GUI customizations are not changed. The login mask for local users is not automatically shown again. This happens only after the method has been deactivated and reactivated via the GUI. Do further changes have to be made in the database for this?
  2. We run a self-hosted Invision community. This community is connected via an OAuth identity provider. Now we want to disable the default login method. Is there a way to turn it back on without accessing the AdminCP (e.g. in case the Identity Provider does not work anymore)? Thank you!
  3. Thank you @bfarber Do you know a (ready to use) plugin we could use here?
  4. Dear Invision Community, Due to our external identity management, we are using an "Other OAuth 2.0" Method as an identity provider. So far everything is fine. Now we would like to map custom parameters from our identity management to custom fields in Invision Community. For example: Name of field: "Country" Input: "Germany" or "United Kingdom" This filed should be updated every time a user sign in. Is it possible to get this implement? Is there a documented way or is it a customization? Thank you!
  5. We noticed a few more places where the username is still displayed in plain text. The username is transmitted via the photo description in Templates 'userPhoto' and 'userPhotoFromData' as well as in the Moderator and NewMember Bade (below Profile Photo). Further on it is shown in 'application/ld+json'. However I am not sure it plugin is able to hide it there, hence it would be great. It would be happy if you could have a look at the points and maybe update the plugin.
  6. I had a look for this again. I am able to send the request 1:1 from our invision main site "forum.contoso.com", but not from external site "login.contoso.com". Althought I allowed my Apache reverse proxy to handle this URL with CORS. Is there a need to add the URL to invision too for sending REST requests?
  7. Hi, thank you for your response. I set the csfrKey now like the ref key. But I still got the 403 response with Error code: 2S119/1. I read both keys from the URL of AuthorizePage1 and use them to create the request to the Invision login Endpoint. My request looks like: URL: https://forum.gom.com/index.php?/login POST parameters: csrfKey=42xxxxxxxxxxxxxxxxxxxxxxxxxxxxdb ref=aHR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMQ== auth password remember_me=1 _processLogin=2 _processLogin=2 Request header: POST /index.php?/login/ HTTP/1.1 Host: contoso.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 Content-Length: 175 Origin: https://other.saml.login.com Connection: keep-alive Referer: https://contose.com/oauth2/v2.0/authorize?resource=https://contoso.user.com&response_type=code&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https://contoso.com/oauth/callback/&state=3-aHR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaW4v-42xxxxxxxxxxxxxxxxxxxxxxxxxxxxdb-aHR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMQ==&code_challenge=H9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUU&code_challenge_method=S256&scope=userlala Pragma: no-cache Cache-Control: no-cache I saw, that login will have the same csfrKey and ref are equal when using different login methods on same time. So I just tried to use the same values to connect to #2 method, like I got from system to login request to #3 method. Best, gom
  8. Hi folks, I have two different oAuth2 identity providers connected to my invision forum. Both of them working great. Now, I have the order to link their sign ins vice versa on their sign in pages. But I have no idea how to trigger sign on for oauth2 login with http/javascript. I already tried to start some HTTP POST to url/index.php?/login/ with the correct processLogin ID, but I just get a 403 forbidden. Although I set CORS enabled for that domain on apache webserver. setup: Two oauth2 sources. Both linked in sign in / sign up windows in invision community. Both of them forwarding to external login sites. Now there should be link to other site (in case of clicking wrong button first). It is absolutely desired that this links are directly on the other sign in pages. Some idea how to do this? Best, gom
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy