Closed cboylan closed 1 month ago
Can you create an issue over on ownpad? I added everything required so that ownpad works again. I'll have a look at owncloud.
saw your completed PR just after I posted this, sorry
saw your completed PR just after I posted this, sorry
No worries :)
Couple of extra notes from what I've found after this update. client_credentials
is not a valid grant type in v2.0.2 seems we need https://github.com/ether/etherpad-lite/pull/6325/files#diff-f4d0fff1e0ccd5758458dc86b4e0d09c0e006a290032ee4dc2cc931d0cb9b37a from the PR that addresses the documentation issue?
Additionally these doc updates don't actually document the request flow necessary for making this work. It seems like it would be something like:
curl --data client_id=client_credentials --data client_secret=client_credentials --data grant_type=client_credentials http://localhost:9001/oidc/token
curl --header "Authorization: $BEARER_TOKEN_FROM_PREVIOUS_RESPONSE" http://localhost:9001/api/1/listPads
If that is the case can we get this extra information added to the documentation? The most important piece of info seems to be the token issuance path (/oidc/token
) I think then its normal client_credentials workflow from there.
Describe the bug The 2.0.2 changelog notes that Oauth2.0 support is added. However, it appears that APIKEY.txt usage was also removed (which was not noted), and API documentation has not been updated on how to configure and auth using OAuth2.0/JWT instead.
To Reproduce Steps to reproduce the behavior:
Expected behavior Given the changelog, documentation content, and bug fix point release version bump I would expect the old APIKEY.txt auth method to still be valid and function. It seems that this removal may have been intentional and the changelog is simply missing details. In that case I think it would be good to update the documentation so that we can more easily configure and use the new authentication system instead.
Server (please complete the following information):
node --version
): v20.12.1npm --version
): 10.5.0Additional context I think some of the bin/ tools for admin tasks like pad deletion still expect an APIKEY.txt file as well and probably need updating too.