plugin-oauth2 icon indicating copy to clipboard operation
plugin-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon kanboard

OAuth2 does not work with OwnCloud

Open 12delta opened this issue 4 years ago • 2 comments

Actual behaviour

It is not possible to connect the OAuth2 Client Plugin to the OwnCloud OAuth2 Provider App. You get an External Authentication Error. Problem is that the OwnCloud expect the Client ID an Client Secret as Basic Authentication, but Kanboard send it as client_id and client_secret parameter.

Expected behaviour

It should work.

Steps to reproduce

  • Install the Kanboard OAuth2 Plugin
  • Install the OwnCloud OAuth2 App
  • Enable URL ReWrite (veriy importent)
  • Request Client credentials from OwnCloud by giving the Callback https://kanboard.local/oauth/callback
  • Settings in Kanboard:
    • Client ID and Client Secret from OwnCloud
    • Authorize URL: https://owncloud.local/index.php/apps/oauth2/authorize
    • Token URL: https://owncloud.local/index.php/apps/oauth2/api/v1/token
    • User API URL: https:///owncloud.local/index.php/apps/oauth2/api/v1/userinfo
    • Username Key: sub
    • Name Key: name
    • Email Key: email
    • User ID Key: sub
    • Allow Account Creation: Yes
  • Login with OAuth2 login. Account is autocreated, if it would work. (see workaround by code patch)

Workaround

On fetching the Auth2 Token OwnCloud response with an error.

https://github.com/owncloud/oauth2/blob/fc47f947de78e7180f3c73455159683fb667dc89/lib/Controller/OAuthApiController.php#L114

Just patch https://github.com/kanboard/kanboard/blob/8cee04101d351fb5321f225963d589883761d214/app/Core/Http/OAuth2.php#L116 with this:

    public function getAccessToken($code)
    {
        if (empty($this->accessToken) && ! empty($code)) {
            $params = array(
                'code' => $code,
                'client_id' => $this->clientId,
                'client_secret' => $this->secret,
                'redirect_uri' => $this->callbackUrl,
                'grant_type' => 'authorization_code',
                'state' => $this->getState(),
            );

            $authBasic = 'Authorization: Basic ' . base64_encode($this->clientId . ':' . $this->secret);
            $response = json_decode($this->httpClient->postForm($this->tokenUrl, $params, array('Accept: application/json', $authBasic)), true);

            $this->tokenType = isset($response['token_type']) ? $response['token_type'] : '';
            $this->accessToken = isset($response['access_token']) ? $response['access_token'] : '';
        }

        return $this->accessToken;
    }

This adds the client_id and client_secret also as basic authentication.

Configuration

  • Kanboard version: 1.2.11
  • Database type and version: MySQL
  • PHP version: 7.2
  • OS: Linux
  • Browser: Firefox 68

12delta avatar Aug 26 '19 20:08 12delta