external icon indicating copy to clipboard operation
external copied to clipboard
verified publisher icon nextcloud

Implement token based authentication

Open MichaelBarth opened this issue 7 years ago • 6 comments

Due it is not possible to continue the nextcloud php-session I suggest to implement a token basted authentication. You would just need an extra field for a "secret" in the configuration page.

MichaelBarth avatar Dec 06 '18 21:12 MichaelBarth

Hu? I don't get what you are trying to do. Mind explaining a bit more?

nickvergessen avatar Dec 17 '18 11:12 nickvergessen

Hi. What I would need (and this seems to be the same issue), would be a configurable http_auth (basic / digest) method. The external site entry would be the client, sending authentication information to the external site.

  • Obviously it should not be http_auth_basic, since you do not want to be responsible for saving the credentials (in cleartext), although you could offer it under no warranty.
  • http_auth_digest would only save the digest_hash of a password-information-combination.
  • I googled shortly to find jwt.io as an alternative token-based authentication method that seems to be wildly used.
  • Surely there are more...and more sophisticated, but it would be nice, if simple web pages could be supported first, e.g. those using http_auth

In all of the above cases, the external-sites-app would have to store some credentials per-user-basis.

So, if I find time, I surely will find out, what authentication methods are native to NC, that might be supported, i.e. the external-sites-app uses the stored credentials to log in to the external site. Now, what the "stored credentials" are, that surely depends on your authentication backend in NC.

Does this explain enough what @MichaelBarth probably means?

jolly-jump avatar Dec 20 '18 14:12 jolly-jump

Yes - that what jolly-jump wrote is exactly my intention.

MichaelBarth avatar Feb 15 '19 11:02 MichaelBarth

cool !

Yes - that what jolly-jump wrote is exactly my intention.

great idee !!!

moarf56 avatar Mar 31 '19 09:03 moarf56

I just pulled a modified version of the external app, that has the ability to enter a password, so that the parameters are encrypted. The decryption script can be found in the docs folder. Here is a link to my fork. https://github.com/MichaelBarth/external To get it running: 1.) Edit conifg.php and add the line 'integrity.check.disabled' => true, 2.) Install external app from App Store 3.) Replace files with files in my respository

I hope, that my code is implemented in future, do not know ....

MichaelBarth avatar Jul 24 '19 13:07 MichaelBarth

Just want you let know, that my version is running with 100 users and no problems. https://github.com/MichaelBarth/external I would be happy, that my functions are included in the official version. I actually do not know how to... So I need help (@nick)

MichaelBarth avatar Sep 04 '19 16:09 MichaelBarth

I implemented JWT tokens in https://github.com/nextcloud/external/pull/310

It comes with a docs/jwt-sample.php which shows how the info can be accessed.

Can you please test and verify that #310 solves your usecase? A testing package that hopefully works from 23-25 is attached there. But might be it's not enough to just allow the versions in which case 25 needs to be used for testing.

nickvergessen avatar Sep 16 '22 13:09 nickvergessen