Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30599

OAuth authentication for web services

    XMLWordPrintable

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide
      • Go to Site administration > Plugins > Web services > Overview
      • complete the steps from "One system controlling Moodle with a token", except that for "8. Create a token for a user", create OAuth credentials instead, by going to Site administration > Plugins > Web services > OAuth credentials
      Show
      Go to Site administration > Plugins > Web services > Overview complete the steps from "One system controlling Moodle with a token", except that for "8. Create a token for a user", create OAuth credentials instead, by going to Site administration > Plugins > Web services > OAuth credentials
    • Affected Branches:
      MOODLE_21_STABLE

      Description

      What is it

      It allows a client to access Moodle web services functions using OAuth as the authentication mechanism, in the same way that clients can use token-based authentication. (Patch currently only supports 2-legged OAuth.)

      How a web service client use it

      Example code is included in the patch (in the webservice/{rest|soap|xmlrpc}/locallib.php files, in the webservice_*_test_client classes). The REST example is probably the easiest to understand. Basically, once you have OAuth credentials, use your favourite OAuth library to generate an OAuth signature for the HTTP request.

      Here is a simplified version of the code from webservice/rest/locallib.php:

      $murl = new moodle_url($CFG->wwwrooot . '/webservice/rest/oauthserver.php', array('wsfunction' => 'get_users_by_id', 'userids[0]' => 42));
      // get the signature method object
      $webservicemanager = new webservice();
      $signmethod = $webservicemanager->oauth_get_signature_method($oauth_signmethod);
      // create an OAuth consumer object with the correct credentials
      $consumer = new OAuthConsumer($oauth_identifier, $oauth_secret, null);
      // create an OAuth request and sign it
      $request = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', $murl->out_omit_querystring(), $murl->params());
      $request->sign_request($signmethod, $consumer, null);
       
      $murl->params($webservicemanager->oauth_parameter_filter($request->get_parameters(), true));
      // $murl is now a signed moodle_url that a client can GET to make the OAuth request

      To obtain an OAuth credential, the admin can go to Site administration > Plugins > Web services > OAuth credentials. That page is based on the Manage tokens page.

      How it works internally

      Main parts:

      • admin/settings/plugins.php, admin/webservice/forms.php, admin/webservice/oauthcredentials.php, lib/externallib.php, webservice/render.php: implement the Site administration > Web services > OAuth credentials page
      • webservice/lib.php
        • webservice class: added utility functions for OAuth (similar to the utility functions for token-based authentication)
        • moodle_oauth_data_store and moodle_oauth_signature_method_RSA_SHA1 classes: adaptor class to get the OAuth client information from Moodle for the OAuth library
        • webservice_server class: added code to authenticate using OAuth
      • webservice/*/oauthserver.php: server entry point for calling web services (the OAuth equivalent to webservice/*/server.php and webservice/*/simpleserver.php
      • webservice/*/locallib.php, admin/webservice/testclient.php, admin/webservice/testclient.php: added code to add OAuth as an option in Site administration > Developer > Web service test client

      See also

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              moodle.com moodle.com
              Reporter:
              hchathi Hubert Chathi
              Peer reviewer:
              Jérôme Mouneyrac
              Participants:
              Component watchers:
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated: