The Great Open Source Debate with Elastic, Gluu and GitHub 🎤 Oct 27

Need help with custom OAuth implementation in rocketchat


We are using the self-hosted version of rocket chat on our AWS instance. We ended-up in a situation that we have to explicitly login to rocket chat using a username and password to use rocket chat.
To resolve this, we were searching for an alteranate solution and found custom OAuth functionality.
We are now trying to implement the Custom OAuth functionality with our application. But the authentication not working as expected.
We are unable to find a step by step implementation of the Custom OAuth functionalty.
We have upgraded our rocket chat to the latest version, still no luck.
Can you please help me out to rectify this situation.

Server Setup Information

  • Version of Rocket.Chat Server: 3.16.2
  • Operating System: Ubuntu 20.10
  • Deployment Method: docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: v12.22.1
  • MongoDB Version: 4.0.25 / mmapv1 (oplog Enabled)
  • Proxy:
  • Firewalls involved:

Any additional Information


I think you need to give us some more information to be able to help you.

What provider are you intending to use for your Oauth?

Have you read this?

(And please upgrade to at least 3.16.3 - see the release notes for why)

Hi John,
Thanks for the feedback.
I have followed the steps provided in the above documentation and done the integration as mentioned. But when I tried to login I’m getting error “No matching login attempt found”. In the above documentation, there is no further details about the URLs needed and the value should be returned from specific URLs. So bit confused about the custom OAuth integration.

It’s custom, so it is a bit hard to tell!! We have no idea of what your end sends or requires.

Perhaps this might help as an example:

I am going to come in here because this is related to my problem asked in the thread where I did a complete fresh install.
John, to be honest here you are not giving anything that can help Nafil. As I stated in an earlier post, I have an oauth2 server; custom code, that worked with an earlier version of Rocket.Chat; have forgotten the version number now as I foolishly threw away the install instead of archiving. Avatars imported from the social site to Rocket.Chat. An upgrade broke the avatar import. Mostly likely it is due to changes in the oauth on Rocket.Chat side.
What Nafil needs is what I need; we need to know what Rocket.Chat is expecting to be sent from our oauth server. There are additional fields in the custom oauth section in Rocket.Chat that didn’t use to be there when avatar import worked.
Where can we go in Rocket.Chat to study the code? Perhaps I can figure it out although I am only use to php and javascript code. We need to know what Rocket.Chat is expecting. In my case I am giving Rocket.Chat the location of the avatar on my server but perhaps I am not doing it in a way that Rocket.Chat can use.
Zulip shows scripts and codes in their documentation when explaining how to implement a custom oauth. Similar help here with Rocket.Chat would be very helpful. If I am not sending the proper information to Rocket.Chat from my oauth2 server, then the connection won’t work.

Hi John,
We have seen this and we are digging this already.

Yes what kim said is right. That’s is my exact issue. I have configured the custom OAuth as per the documentation and a button is placed in the signin page.
when i click on the custom Sign in button it will popup a window to /oauth/authorize
from here which data i have to send back to rocket chat to verify the user in our application database. do i have to return the rocket chat username , email or token?. Currently we are returning the key of the rocket chat client user token. This is showing the error,
No matching login attempt found.
Since the documentation doesn’t have much information about what are the URLs required,
What data should be returned, how the response data should be prepared, if needs a token what should be the token type, is it a base64 version etc.
This makes difficult to do the custom OAuth implementation in our application.
So if you can explain the response data structure and what are the required parameter and optional parameters to be sent to rocket chat, it will be easier for us to do the custom OAuth integration.

The problem here is you are trying to be be specific about something that is custom.

You both undoubtedly have different systems and it is impossible to be specific at the level that you want.

There are a number of issues open on avatars, but not specifically related.

I have been keeping a watch to see if any are similar.

As ever all the code is here - it is all Javascript - or now mainly Typescript - built using the Meteor framework:

The easiest way to setup and test is with gitpod:

In the meantime I am going to try and ask someone who uses a known - as opposed to Custom - Oauth to see if they can give some guidance.

Please note - do you have 2FA running? I believe that can give some unexpected results.

Also - have a search here for clues:

oauth “no matching login attempt found”

Having had a read myself I’m pretty certain this is to do with 2FA and Verified accounts. I will try and find out more.

In the meantime please check your settings for Admin/Accounts - Registration & 2FA

We are using KeyCloak as custom OAuth2 authentication system and it works perfect.

It’s really hard to help users with custom OAuth2 service in fact.
Why don’t you try to use something that actually works fine, like KeyCloak?