[Owncloud] WebDAV with OAuth 2.0 support

Michael Gapczynski mtgap at owncloud.com
Sun Oct 28 14:11:28 UTC 2012


We had earlier decided that we needed to implement OAuth 1.0a for the API 
instead of OAuth 2.0. This is because of the fact that the security in OAuth 
2.0 is only done by TLS and we shouldn't force this requirement on users.


Michael

On Sunday, October 28, 2012 02:18:02 PM fkooman at tuxed.net wrote:
> On Sun, Oct 28, 2012 at 1:22 PM, fkooman at tuxed.net <fkooman at tuxed.net> 
wrote:
> > The first part of implementing OAuth 2.0 in Owncloud is more or less
> > finished, i.e.: it works for me with some simple cURL testing :)
> 
> If you want to play with this yourself, you can take a look at the
> OAuth 2.0 playground environment at
> https://frko.surfnetlabs.nl/workshop/ to get a better idea on what
> OAuth is, how it works and see it in action with some sample
> applications.
> 
> The Owncloud app is available in the Github repository at
> https://github.com/owncloud/apps/tree/master/user_oauth. You can point
> the OAuth Token Info endpoint to
> https://frko.surfnetlabs.nl/workshop/php-oauth/tokeninfo.php for the
> token validation.
> 
> However, it is still hard to test as there is no WebDAV client that
> supports OAuth, and there is no automatic provisioning in Owncloud,
> although the user_saml app does this. This would need to be integrated
> in the OAuth plugin as well so accounts are automatically created on
> first use.
> 
> Regards,
> François
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud



More information about the Owncloud mailing list