This adds an OAuth2 server to your IPS Community Suite 4. This allows external applications to authenticate and authorize against your IPS4 membership.
Administrators looking to integrate external applications with their IPS4 site via OAuth2 will need to register those applications with the IPS4 Admin Control Panel (ACP).
oauth2server.tar
file.oauth2server.tar
file.The following applications have been tested against the OAuth Server for IPS4 integration:
OAuth2 integration is a 4 step process.
GET http(s)://ipboard/applications/oauth2server/interface/oauth/authorize.php?...
Name | Type | Description |
---|---|---|
client_id |
string |
Required. The client ID generated when creating the application in AdminCP. |
redirect_uri |
string |
Required. The URL in your app where users will be sent after authorization. |
state |
string |
Required. An unguessable random string. It is used to protect against cross-site request forgery attacks. |
response_type |
string |
Required. Value is typically code . |
scope |
string |
Optional. Value is a space (%2C ) delimited list of requested scopes. Currently supported scopes: user.profile , user.email , user.groups , user.reputation . |
If the user is not logged into IPS4, they will be presented with a login screen. If this is the first time that the user has accessed the OAuth integration from this application, they will be presented with a simple form to authorize the integration (with Yes/No buttons).
Assuming the user picks Yes in the authorization form (or has previously done so), IPS4 will redirect to the Application's Redirect URI, with a temporary code in the code
parameter and a copy of the state
parameter previously provided. The application should check the state
parameter to match; if it does not, the request may have been created by a malicious third party and the process should be aborted.
POST http(s)://ipboard/applications/oauth2server/interface/oauth/token.php
Name | Type | Description |
---|---|---|
grant_type |
string |
Required. Typical value is authorization_code . |
client_id |
string |
Required. The client ID generated when creating the application in the IPS4 AdminCP. |
client_secret |
string |
Required. The client secret generated when creating the application in the IPS4 AdminCP. |
redirect_uri |
string |
The URL in your app where users will be sent after authorization. |
code |
string |
Required. The code you received as a response in Step 2, above. |
{
"access_token": "abcdefabcdefabcdefabcdefabcdefabcdefabc",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "user.profile user.email",
"refresh_token": "123456123456123456123456123456123456123"
}
GET http(s)://ipboard/applications/oauth2server/interface/oauth/me.php?...
Name | Type | Description |
---|---|---|
access_token |
string |
Required. The access token provided in Step 3 above. |
Note that you can also pass the token in the HTTP Authorization header, e.g.:
Authorization: Bearer <access_token>
For example, this can be done in curl as follows:
curl -H "Authorization: Bearer <access_token>" https://ipboard/applications/oauth2server/interface/oauth/me.php
{
"id": 44,
"username": "wohali",
"displayName": "wohali",
"email": "wohali@website.com",
"profileUrl": "https:\/\/ipboard\/profile\/44-wohali\/",
"avatar": "https:\/\/ipboard\/uploads\/profile\/photo-thumb-44.png"
}
GPLv2. See LICENSE.