Skip to main content

Browse the archive

https://github.com/weblicht/user_oauth
05 April 2024, 22:31:51 UTC
Raw File
Tip revision: 20b1a894242a191f9fe8c4c5a8b2e90761b71f58 authored by Wei Qiu on 31 March 2015, 14:22:13 UTC
Add a way to include the access token in HTTP headers
Tip revision: 20b1a89
README.md 
# Introduction
This app implements server side OAuth 2.0 "Bearer" token verification against 
an external authorization server. It aims at supporting the 
[php-oauth](https://github.com/fkooman/php-oauth) service. However, any other 
OAuth 2.0 AS supporting `draft-richer-oauth-introspection` should work.

# Requirements
* PHP cURL extension
* Apache (because we use `apache_request_headers()` at the moment)

# Installation
Install this code in the directory `user_oauth` in the `apps` directory of your 
ownCloud installation.

This module needs an external library to verify the OAuth tokens at the OAuth 
authorization server. [Composer](http://www.getcomposer.org) can be used to 
install this dependency, by default is in included in the `3rdparty` directory. 
So you only need this if you want to download the library again or update it.

    $ cd /path/to/owncloud/apps/user_oauth
    $ php composer.phar install

Or to update:

    $ php composer.phar update

You can enable the `user_oauth` app after login with the `admin` account. Go to 
`Settings`, then `Apps` and finally select the `OAuth` module from the list of 
modules, select it and press the `Enable` button.

# Configuration
There currently is only one configuration parameter: the introspection 
endpoint. For quick tests, you can use the playground environment, installed 
using [this](https://github.com/fkooman/oauth-install-all) script located at 
https://frko.surfnetlabs.nl/workshop/.

For the "workshop" installation the introspection endpoint would be:

    https://frko.surfnetlabs.nl/workshop/php-oauth/introspect.php

You can set this endpoint by going to `Settings`, then `Admin` and then under
the section head `OAuth` configure the URL.

# Applications
An application needs to use the OAuth service to retrieve an access token to
use this with the OAuth enabled WebDAV endpoint. The endpoint, assuming you run 
the service on https://www.example.org/owncloud, note `odav` instead of 
`webdav`:

    https://www.example.org/owncloud/remote.php/odav/<FILE.EXT>

So, in order for an application to work it needs to obtain an access token from 
the OAuth authorization server that you configured as an introspection endpoint 
in the OAuth app configuration in ownCloud. If you used the playground 
mentioned above that would mean using the following URLs for authorization and 
token endpoints:

	https://frko.surfnetlabs.nl/workshop/php-oauth/authorize.php
	https://frko.surfnetlabs.nl/workshop/php-oauth/token.php

It seems the Android app of ownCloud should support OAuth at the server, but so 
far we were unable to make it work. We tested version 1.4.1 of the Android app 
from the F-Droid repository.

# Compatibilty
The app was tested with version 8 of ownCloud, but it should work with version 7 as well.
back to top