Skip to content

weblicht/user_oauth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
ajax
ajax
 
 
appinfo
appinfo
 
 
js
js
 
 
src
src
 
 
templates
templates
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
remote.php
remote.php
 
 
settings.php
settings.php
 
 

Repository files navigation

Introduction

This app implements server side OAuth 2.0 "Bearer" token verification against an external authorization server. It aims at supporting the php-oauth service. However, any other OAuth 2.0 AS supporting draft-richer-oauth-introspection should work.

Requirements

  • PHP cURL extension
  • Apache (because we use apache_request_headers() at the moment)

Installation

Install this code in the directory user_oauth in the apps directory of your ownCloud installation.

This module needs an external library to verify the OAuth tokens at the OAuth authorization server. Composer can be used to install this dependency, by default is in included in the 3rdparty directory. So you only need this if you want to download the library again or update it.

$ cd /path/to/owncloud/apps/user_oauth
$ php composer.phar install

Or to update:

$ php composer.phar update

You can enable the user_oauth app after login with the admin account. Go to Settings, then Apps and finally select the OAuth module from the list of modules, select it and press the Enable button.

Configuration

There currently is only one configuration parameter: the introspection endpoint. For quick tests, you can use the playground environment, installed using this script located at https://frko.surfnetlabs.nl/workshop/.

For the "workshop" installation the introspection endpoint would be:

https://frko.surfnetlabs.nl/workshop/php-oauth/introspect.php

You can set this endpoint by going to Settings, then Admin and then under the section head OAuth configure the URL.

Applications

An application needs to use the OAuth service to retrieve an access token to use this with the OAuth enabled WebDAV endpoint. The endpoint, assuming you run the service on https://www.example.org/owncloud, note odav instead of webdav:

https://www.example.org/owncloud/remote.php/odav/<FILE.EXT>

So, in order for an application to work it needs to obtain an access token from the OAuth authorization server that you configured as an introspection endpoint in the OAuth app configuration in ownCloud. If you used the playground mentioned above that would mean using the following URLs for authorization and token endpoints:

https://frko.surfnetlabs.nl/workshop/php-oauth/authorize.php
https://frko.surfnetlabs.nl/workshop/php-oauth/token.php

It seems the Android app of ownCloud should support OAuth at the server, but so far we were unable to make it work. We tested version 1.4.1 of the Android app from the F-Droid repository.

Compatibilty

The app was tested with version 8 of ownCloud, but it should work with version 7 as well.

About

Server side OAuth 2.0 "Bearer" token verification

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages