plugin-oauth2
plugin-oauth2 copied to clipboard
OAuth2 does not work with OwnCloud
Actual behaviour
It is not possible to connect the OAuth2 Client Plugin to the OwnCloud OAuth2 Provider App. You get an External Authentication Error. Problem is that the OwnCloud expect the Client ID an Client Secret as Basic Authentication, but Kanboard send it as client_id
and client_secret
parameter.
Expected behaviour
It should work.
Steps to reproduce
- Install the Kanboard OAuth2 Plugin
- Install the OwnCloud OAuth2 App
- Enable URL ReWrite (veriy importent)
- Request Client credentials from OwnCloud by giving the Callback
https://kanboard.local/oauth/callback
- Settings in Kanboard:
- Client ID and Client Secret from OwnCloud
- Authorize URL:
https://owncloud.local/index.php/apps/oauth2/authorize
- Token URL:
https://owncloud.local/index.php/apps/oauth2/api/v1/token
- User API URL:
https:///owncloud.local/index.php/apps/oauth2/api/v1/userinfo
- Username Key:
sub
- Name Key:
name
- Email Key:
email
- User ID Key:
sub
- Allow Account Creation: Yes
- Login with OAuth2 login. Account is autocreated, if it would work. (see workaround by code patch)
Workaround
On fetching the Auth2 Token OwnCloud response with an error.
https://github.com/owncloud/oauth2/blob/fc47f947de78e7180f3c73455159683fb667dc89/lib/Controller/OAuthApiController.php#L114
Just patch https://github.com/kanboard/kanboard/blob/8cee04101d351fb5321f225963d589883761d214/app/Core/Http/OAuth2.php#L116 with this:
public function getAccessToken($code)
{
if (empty($this->accessToken) && ! empty($code)) {
$params = array(
'code' => $code,
'client_id' => $this->clientId,
'client_secret' => $this->secret,
'redirect_uri' => $this->callbackUrl,
'grant_type' => 'authorization_code',
'state' => $this->getState(),
);
$authBasic = 'Authorization: Basic ' . base64_encode($this->clientId . ':' . $this->secret);
$response = json_decode($this->httpClient->postForm($this->tokenUrl, $params, array('Accept: application/json', $authBasic)), true);
$this->tokenType = isset($response['token_type']) ? $response['token_type'] : '';
$this->accessToken = isset($response['access_token']) ? $response['access_token'] : '';
}
return $this->accessToken;
}
This adds the client_id
and client_secret
also as basic authentication.
Configuration
- Kanboard version: 1.2.11
- Database type and version: MySQL
- PHP version: 7.2
- OS: Linux
- Browser: Firefox 68