https://github.com/weblicht/user_oauth
Tip revision: 20b1a894242a191f9fe8c4c5a8b2e90761b71f58 authored by Wei Qiu on 31 March 2015, 14:22:13 UTC
Add a way to include the access token in HTTP headers
Add a way to include the access token in HTTP headers
Tip revision: 20b1a89
README.md
# Introduction
This app implements server side OAuth 2.0 "Bearer" token verification against
an external authorization server. It aims at supporting the
[php-oauth](https://github.com/fkooman/php-oauth) service. However, any other
OAuth 2.0 AS supporting `draft-richer-oauth-introspection` should work.
# Requirements
* PHP cURL extension
* Apache (because we use `apache_request_headers()` at the moment)
# Installation
Install this code in the directory `user_oauth` in the `apps` directory of your
ownCloud installation.
This module needs an external library to verify the OAuth tokens at the OAuth
authorization server. [Composer](http://www.getcomposer.org) can be used to
install this dependency, by default is in included in the `3rdparty` directory.
So you only need this if you want to download the library again or update it.
$ cd /path/to/owncloud/apps/user_oauth
$ php composer.phar install
Or to update:
$ php composer.phar update
You can enable the `user_oauth` app after login with the `admin` account. Go to
`Settings`, then `Apps` and finally select the `OAuth` module from the list of
modules, select it and press the `Enable` button.
# Configuration
There currently is only one configuration parameter: the introspection
endpoint. For quick tests, you can use the playground environment, installed
using [this](https://github.com/fkooman/oauth-install-all) script located at
https://frko.surfnetlabs.nl/workshop/.
For the "workshop" installation the introspection endpoint would be:
https://frko.surfnetlabs.nl/workshop/php-oauth/introspect.php
You can set this endpoint by going to `Settings`, then `Admin` and then under
the section head `OAuth` configure the URL.
# Applications
An application needs to use the OAuth service to retrieve an access token to
use this with the OAuth enabled WebDAV endpoint. The endpoint, assuming you run
the service on https://www.example.org/owncloud, note `odav` instead of
`webdav`:
https://www.example.org/owncloud/remote.php/odav/<FILE.EXT>
So, in order for an application to work it needs to obtain an access token from
the OAuth authorization server that you configured as an introspection endpoint
in the OAuth app configuration in ownCloud. If you used the playground
mentioned above that would mean using the following URLs for authorization and
token endpoints:
https://frko.surfnetlabs.nl/workshop/php-oauth/authorize.php
https://frko.surfnetlabs.nl/workshop/php-oauth/token.php
It seems the Android app of ownCloud should support OAuth at the server, but so
far we were unable to make it work. We tested version 1.4.1 of the Android app
from the F-Droid repository.
# Compatibilty
The app was tested with version 8 of ownCloud, but it should work with version 7 as well.