Patreon Sync with Discourse is Failing

Hi All,

This is my first post here, so apologize if I mess up.

I recently started using Patreon and I’ve set up a Discourse server in a Digital Ocean Droplet. I also installed the discourse-patreon plugin and entered all the keys etc. and I’m able to click the Update Patreon Data & Sync Groups button on the Plugin > Patreon > Filters page, and this works fine. All of my tiers are available and I’ve assigned all of them to Discourse Groups, including the $0 group which I don’t understand, but I assigned it to my Discourse patrons group along with a number of other tiers.

All seemed fine, but then I received an email from the Patreon servers telling me:
We’re writing to let you know that a WebHook POST to https://discourse.martinbaileyphotography.com/patreon/webhook has failed. As a result we’ve paused on sending more events to your URL.

I have tried setting up the client with both API 1 and API 2 changing the keys and secrets accordingly each time, and trying the top three deprecated events and the bottom six with both APIs, and I cannot find a combination that works.

In my Discourse logs, I’ve found this error message:
(patreon) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Now I’m stumped. I can’t find any useful information to help me fix this, so I’m now posting here in the hope that this rings a bell with someone. Can anyone offer any advice on either how to fix this or what to check in order to troubleshoot this issue further.

Thanks in advance for any help you can provide!

Regards,
Martin Bailey.

This looks like a cross-site script issue. Something in your remote setup is preventing authorization. Following the error message may help:

Webhook issue and similar errors would likely be due to your remote setup rejecting connection from Patreon’s or Cloudflare ips in either direction (depending on your setup). You must make sure that all IPs related to Patreon are whitelisted in your service. You can contact DO support and ask them whether anything specific is necessary. Your droplet’s OS firewall, control panel, Discord configuration etc - it may be getting blocked in a lot of places.

Try manual tests with webhooks to track the issue.

Hi @CodeBard,

Thanks for your reply. Unfortunately, I already asked DO and they have no idea. There is nothing blocking POST requests as such. I did have CORS activated in the Discourse settings, but for now I’ve turned that off, but still Patreon isn’t synching.

I took a look at your link, even before you provided it here, and I’m not sure how this should help. Do I have to install OmniAuth for this all to work? If so, how do I do that in a DO Droplet?

Sorry for all the questions, but I am still struggling with this, and the Docker Discourse installation is still very much a black box to me.

Regards,
Martin.