NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-01-31 16:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity
gancio-upstream/docs/dev/oauth.md
les 822acd7714 [doc] minor
2020-01-21 22:36:32 +01:00

3.2 KiB
Raw Blame History

layout title permalink parent nav_order
default OAuth /dev/oauth Hacking 4

error "BETA FEATURE" Expect bad behavior and open issues

OAuth

{: .no_toc } An open standard for token-based authentication and authorization on the Internet.

Gancio supports OAuth 2.0, an authorization framework described in RFC 6749 that allows third-party applications to obtain limited access to an HTTP service on behalf of a resource owner, through the use of a standardized authorization flow that generates a client access token to be used with HTTP requests.

To obtain an OAuth token for a Gancio instance, make sure that you allow your users to specify the domain they want to connect to before login. Use that domain to acquire a client id/secret and then proceed with normal OAuth 2.

Create client

Create a new application to obtain OAuth2 credentials.

POST {: .label .label-yellow } /api/client

Request parameters

| client_name | string | A name for your application | | redirect_uris | string | Where the user should be redirected after authorization | | scopes | string | Space separated list of scopes. If none is provided, defaults to event:write as it's the only supported scope!| | website | string | A URL to the homepage of your app |

Example

curl -X POST \
        -d 'client_name=Wordpress Event Manager' \
        -d 'redirect_uris=https://noblogs.org/' \
        -d 'website=https://myapp.example' \
        http://localhost:13120/api/client

Returns

Application, with client_id and client_secret

{
   "name" : "Wordpress Event Manager",
   "scopes" : "event:write",
   "website" : "https://myapp.example",
   "client_secret" : "909029fa12797e6bdfb5baf5e379675dfa4e3ad4",
   "redirect_uris" : "https://noblogs.org",
   "client_id" : "0f377e34b2aaf517f7db534f32d26b0dd938fb6d"
}

List of scopes

  • event:write
    Grant access to add/update events.

Authorize a user

Displays an authorization form to the user. If approved, it will create and return an authorization code, then redirect to the desired redirect_uri. The authorization code can be used while requesting a token to obtain access to user-level methods.

/assets/thumbs/oauth_auth.png{: data-fancybox="group" data-caption="OAuth authorization form"}

GET {: .label .label-green} /authorize

Request parameters

| response_type | string | Should be set equal to code | | redirect_uri | string | Where the user should be redirected after authorization | | scope | string | Should be event:write| | client_id | string | client_id, obtained during app registration. |

Obtain a token

POST {: .label .label-yellow } /oauth/token

Request parameters

| client_id | string | client_id obtained during client registration | | client_secret | string | client_secret obtained during client registration | | scope | string | Should be event:write| | grant_type | string | Set equal to authorization_code | | code | string | A user authorization code, obtained via /authorize |