pam-oauth2 icon indicating copy to clipboard operation
pam-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon CyberDem0n

Support POST API requests?

Open alerque opened this issue 4 years ago • 6 comments

I was trying to set this up to authenticate against Keycloak's token endpoint and discovered that it seems to be hard coded to use GET requests w hile the API I have requires the secrets be passed in POST data. I can construct a working query via curl that returns something I think will be processed okay, but when I setup PAM to do the same thing with this module I can only figure out how to get a GET request out.

Comments in #3 which also mentions Keycloak suggest using a different project pam-exec-oauth2 which seems to send POST requests correctly. I going to try setting up that for now, but I would rather switch back to this if a way to authenticate against Keycloak was added.

By the way, I did setup Arch Linux packaging on the AUR for this if anybody wants it.

alerque avatar Apr 30 '21 19:04 alerque

I think one of the existing forks already supports it: https://github.com/WLOGSolutions/pam-oauth2

CyberDem0n avatar Apr 30 '21 19:04 CyberDem0n

Hmm, that does look promising. The documentation is dicy but it looks like it might handle the request.

Would you accept a PR with that change if I cleaned it up a bit? It would be nice to get document working Keycloak support in a tagged release.

alerque avatar Apr 30 '21 20:04 alerque

@alerque per chance did you have some time to spend on a patch?

azmeuk avatar Sep 15 '21 13:09 azmeuk

No I haven't gotten a chance to invest back in this. I am still using pam-exec-oauth2 in production as was my temporary resolution above. I could potentially put it back on my todo list, but not having an answer from the maintainer as to whether that change would even be accepted is not exactly encouraging.

alerque avatar Sep 20 '21 09:09 alerque

@CyberDem0n what do you think?

azmeuk avatar Sep 20 '21 09:09 azmeuk