Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59844

Enable OAuth 2 token-based authentication for requests in webdav_client

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Install the patched repository_owncloud plugin (https://github.com/learnweb/moodle-repository_owncloud, branch: demo-mdl-59844): git clone https://github.com/learnweb/moodle-repository_owncloud.git -b demo-mdl-59844 repository/owncloud.
      2. Set up Nextcloud (for convenience, get a short-term demo from https://demo.nextcloud.com)
      3. In Nextcloud settings, configure a client for Moodle: Login to Nextcloud as admin; Navigate to Settings -> Admin -> Security; Add a client (Name: "Moodle", Redirection URI: "Your Moodle URL + /admin/oauth2callback.php" – the redirect must be reachable from your machine, not from Nextcloud, e.g. "localhost" is fine!).
      4. Follow steps 3 and 4 from https://github.com/learnweb/moodle-repository_owncloud#installation to create an issuer and a repository instance.
      5. Open a file upload dialog somewhere in Moodle (e.g. in "Private files") and try logging in to Nextcloud.
      6. Verify that you can see the files from your Nextcloud folder.
      7. Click on a file and select it for upload (linking is not relevant here! It's the data transfer that must work).
      8. Open that file from within Moodle and verify that contents are identical.

      Please make sure that you are really on the patched version of the plugin (cf. the modified git clone instruction in step 1). The regular version rolls its own WebDAV client; whereas the new one would completely rely on the (now modified) webdavlib in Moodle core.

      Show
      Install the patched repository_owncloud plugin ( https://github.com/learnweb/moodle-repository_owncloud , branch: demo-mdl-59844 ): git clone https://github.com/learnweb/moodle-repository_owncloud.git -b demo-mdl-59844 repository/owncloud . Set up Nextcloud (for convenience, get a short-term demo from https://demo.nextcloud.com ) In Nextcloud settings, configure a client for Moodle: Login to Nextcloud as admin ; Navigate to Settings -> Admin -> Security ; Add a client (Name: "Moodle", Redirection URI: "Your Moodle URL + /admin/oauth2callback.php" – the redirect must be reachable from your machine, not from Nextcloud, e.g. "localhost" is fine!). Follow steps 3 and 4 from https://github.com/learnweb/moodle-repository_owncloud#installation to create an issuer and a repository instance. Open a file upload dialog somewhere in Moodle (e.g. in "Private files") and try logging in to Nextcloud. Verify that you can see the files from your Nextcloud folder. Click on a file and select it for upload (linking is not relevant here! It's the data transfer that must work). Open that file from within Moodle and verify that contents are identical. Please make sure that you are really on the patched version of the plugin (cf. the modified git clone instruction in step 1). The regular version rolls its own WebDAV client; whereas the new one would completely rely on the (now modified) webdavlib in Moodle core.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_34_STABLE
    • Pull Master Branch:
      MDL-59844-master

      Description

      Currently, the WebDAV client (lib/webdavlib.php) supports "basic" and "digest" authentication methods. In contrast, applications that use OAuth 2 token-based authentication want to use the "bearer" authentication method. In that method, actual authentication & authorisation has taken place beforehand elsewhere so that username and password have to be neither stored nor transmitted. Instead, credentials are replaced by a token which is passed as a header:

      Authorization: Bearer %s , where %s is replaced by a randomly generated token string.

      This is required for ownCloud / Nextcloud integrations that use the OAuth 2 code flow for authentication & authorisation. ownCloud and Nextcloud both rely heavily on WebDAV to work with files. Adding Bearer auth would help develop plugins a lot. Sadly it is not possible to just extend the webdav_client class, because all relevant methods are declared private and can therefore not be overriden.

        Attachments

        1. actually works.png
          actually works.png
          42 kB
        2. basic auth config.png
          basic auth config.png
          41 kB
        3. breakpoint __set.png
          breakpoint __set.png
          217 kB

          Issue Links

            Activity

              People

              • Votes:
                4 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Nov/17