search

ether / etherpad-lite

Etherpad: A modern really-real-time collaborative document editor.
http://docs.etherpad.org/
Apache License 2.0
15.95k stars 2.78k forks source link

API Docs not updated for new OAuth2.0 support #6320

Closed cboylan closed 1 month ago

cboylan commented 1 month ago

Describe the bug The 2.0.2 changelog notes that Oauth2.0 support is added. However, it appears that APIKEY.txt usage was also removed (which was not noted), and API documentation has not been updated on how to configure and auth using OAuth2.0/JWT instead.

To Reproduce Steps to reproduce the behavior:

  1. Deploy 2.0.2
  2. Attempt to auth using APIKEY.txt
  3. Find the file is no longer generated and you cannot auth using this method.

Expected behavior Given the changelog, documentation content, and bug fix point release version bump I would expect the old APIKEY.txt auth method to still be valid and function. It seems that this removal may have been intentional and the changelog is simply missing details. In that case I think it would be good to update the documentation so that we can more easily configure and use the new authentication system instead.

Server (please complete the following information):

Additional context I think some of the bin/ tools for admin tasks like pad deletion still expect an APIKEY.txt file as well and probably need updating too.

tommyhlw commented 1 month ago

the missing APIKEY.txt makes ownpad for nextcloud useless

SamTV12345 commented 1 month ago

Can you create an issue over on ownpad? I added everything required so that ownpad works again. I'll have a look at owncloud.

tommyhlw commented 1 month ago

just did https://github.com/otetard/ownpad/issues/141

tommyhlw commented 1 month ago

saw your completed PR just after I posted this, sorry

SamTV12345 commented 1 month ago

saw your completed PR just after I posted this, sorry

No worries :)

cboylan commented 1 month ago

Couple of extra notes from what I've found after this update. client_credentials is not a valid grant type in v2.0.2 seems we need https://github.com/ether/etherpad-lite/pull/6325/files#diff-f4d0fff1e0ccd5758458dc86b4e0d09c0e006a290032ee4dc2cc931d0cb9b37a from the PR that addresses the documentation issue?

Additionally these doc updates don't actually document the request flow necessary for making this work. It seems like it would be something like:

curl --data client_id=client_credentials --data client_secret=client_credentials --data grant_type=client_credentials http://localhost:9001/oidc/token
curl --header "Authorization: $BEARER_TOKEN_FROM_PREVIOUS_RESPONSE" http://localhost:9001/api/1/listPads

If that is the case can we get this extra information added to the documentation? The most important piece of info seems to be the token issuance path (/oidc/token) I think then its normal client_credentials workflow from there.