Closed yasharpm closed 1 year ago
https://github.com/owncloud/oauth2/issues/295 :dart:
it seems we can generate an access token using this method without interacting with GUI
https://doc.owncloud.com/server/next/developer_manual/core/apis/externalapi.html :dart: this is another way that is suggested in Owncloud
https://doc.owncloud.com/server/next/developer_manual/core/apis/provisioning-api.html :eyes:
this is interesting too
I hope it helps :information_source: https://github.com/owncloud/oauth2/blob/master/lib/AuthModule.php
:-1: it did not :red_circle:
there is a discussion thread on this topic: https://github.com/owncloud/oauth2/issues/354
It seems there are four Options: :checkered_flag:
1- implement the client_credentials grant type best on the below RFC: https://datatracker.ietf.org/doc/html/rfc6749 2- use the basic authorization header. 3- create an unofficial authorization/authentication approach just for our application. base on the OAuth2 app infrastructure and our needs. :boom: 4- It seems that issuing the token by ownCloud could be a bad approach. because all the Owncloud servers should inform the rd-API about the user/client. but as I know SRAM is a token provider and it can issue access tokens for all users to access their Owncloud server. So, I guess it is more reasonable that we assign the token generation to the SRAM and just handle the given access token in our app (scimController):boom:
@michielbdejong
for the first option, there is a more detailed workflow clarification. :information_source: https://datatracker.ietf.org/doc/html/rfc6749#section-4.4
We use this in another app, to check of a user is authenticated https://doc.owncloud.com/server/next/developer_manual/core/apis/externalapi.html
Simple authentication token is also an option, which should be configured in config before.
:question:
I create a Middleware to check the existence and validity of the "Authorization" header in Scim Requests.
but it seems that the Authorization
header is not accessible in the Request object. so, I just put the authorization header inside 'x-auth' header.
is it good to approve or should I find a way to work just with the authorization
header?
@michielbdejong
let's go with the x-auth
approach!
:tada: so, it is done.
https://doc.owncloud.com/server/next/admin_manual/configuration/server/security/oauth2.html :dart: there is an app that can handle the Oauth2 protocol
my Oauth setup can be found here: :information_source: https://github.com/pondersource/dev-stock/tree/oauth