Need bearer token authentication for API calls

[yasharpm]

No description provided.

[navid-shokri]

https://doc.owncloud.com/server/next/admin_manual/configuration/server/security/oauth2.html 🎯
there is an app that can handle the Oauth2 protocol

my Oauth setup can be found here: ℹ️
https://github.com/pondersource/dev-stock/tree/oauth

[navid-shokri]

owncloud/oauth2#295 🎯

it seems we can generate an access token using this method without interacting with GUI

[navid-shokri]

https://doc.owncloud.com/server/next/developer_manual/core/apis/externalapi.html 🎯
this is another way that is suggested in Owncloud

[navid-shokri]

https://doc.owncloud.com/server/next/developer_manual/core/apis/provisioning-api.html 👀

this is interesting too

[navid-shokri]

I hope it helps ℹ️
https://github.com/owncloud/oauth2/blob/master/lib/AuthModule.php

👎 it did not 🔴

[shokri-navid]

there is a discussion thread on this topic:
owncloud/oauth2#354

[navid-shokri]

It seems there are four Options: 🏁

1- implement the client_credentials grant type best on the below RFC:
https://datatracker.ietf.org/doc/html/rfc6749
2- use the basic authorization header.
3- create an unofficial authorization/authentication approach just for our application. base on the OAuth2 app infrastructure and our needs.
💥 4- It seems that issuing the token by ownCloud could be a bad approach. because all the Owncloud servers should inform the rd-API about the user/client. but as I know SRAM is a token provider and it can issue access tokens for all users to access their Owncloud server. So, I guess it is more reasonable that we assign the token generation to the SRAM and just handle the given access token in our app (scimController)💥

@michielbdejong

[navid-shokri]

for the first option, there is a more detailed workflow clarification. ℹ️
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4

[T0mWz]

We use this in another app, to check of a user is authenticated
https://doc.owncloud.com/server/next/developer_manual/core/apis/externalapi.html

[T0mWz]

Simple authentication token is also an option, which should be configured in config before.

[navid-shokri]

❓
I create a Middleware to check the existence and validity of the "Authorization" header in Scim Requests.
but it seems that the Authorization header is not accessible in the Request object. so, I just put the authorization header inside 'x-auth' header.
is it good to approve or should I find a way to work just with the authorization header?

@michielbdejong

[michielbdejong]

let's go with the x-auth approach!

[navid-shokri]

🎉
so, it is done.