OAuth2 client authentication

kostya · July 4, 2018, 8:41am

Hello! Immediately ask forgiveness for my English. I tried to configure OAuth2 client authentication. But failed. Here is the code that I use for the test:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
    <head>
        <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
        <title>Nextcloud Authentication</title>
    </head>
    <body>
 
<?php
 
    $client_id = ''; // Client ID

    $client_secret = ''; // Client secret

    $redirect_uri = 'https://example.com/nextcloud/oauth2.php'; // Redirect URIs

 
 
    $url = 'https://cloud.example.com/index.php/apps/oauth2/authorize';

 
    $params = array(

        'redirect_uri'  => $redirect_uri,

        'response_type' => 'code',

        'client_id'     => $client_id

    );

 
    echo $link = '<p><a href="' . $url . '?' . urldecode(http_build_query($params)) . '">Nextcloud Authentication</a></p>';

 
    if (isset($_GET['code'])) {

        $result = false;

        echo "<br>code = " . $_GET['code'] . "<br><br>";

        $params = array(

            'client_id'     => $client_id,

            'client_secret' => $client_secret,

            'redirect_uri'  => $redirect_uri,

            'grant_type'    => 'authorization_code',

            'code'          => $_GET['code']

        );

 
        $url = 'https://cloud.example.com/index.php/apps/oauth2/api/v1/token';

 
        $curl = curl_init();

        curl_setopt($curl, CURLOPT_URL, $url);

        curl_setopt($curl, CURLOPT_POST, 1);

        curl_setopt($curl, CURLOPT_POSTFIELDS, urldecode(http_build_query($params)));

        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

        $result = curl_exec($curl);

        curl_close($curl);

        $tokenInfo = json_decode($result, true);

 
        echo "<br><br>" . print_r($tokenInfo);

    }

 
?>
 
    </body>
</html>

When navigating to the URL “https://cloud.example.com/index.php/apps/oauth2/authorize” and granting access to the application, everything seems to go fine, after the redirect I get the code in the parameters. But one thing, it throws me out of the account if I was logged in.

Everything would be fine, but when I try to access tocken I get an error. Literally:
"
Internal Server Error

The server was unable to complete your request.

If this happens again, please send the technical details below to the server administrator.

More details can be found in the server log.
Technical details

_ Remote Address: 127.0.0.1_
_ Request ID: skItAuhDOHGbP7ws3XfB_
"
In the Nextcloud log, I get a message like:

{
“reqId”: “skItAuhDOHGbP7ws3XfB”,
“level”: 3,
“time”: “2018-07-04T08:06:53+00:00”,
“remoteAddr”: “127.0.0.1”,
“user”: “–”,
“app”: “index”,
“method”: “POST”,
“url”: “/index.php/apps/oauth2/api/v1/token”,
“message”: “Exception: {“Exception”:“OCA\\OAuth2\\Exceptions\\AccessTokenNotFoundException”,“Message”:”",“Code”:0,“Trace”:"#0 \/var\/www\/html\/cloud.example.com\/nextcloud\/apps\/oauth2\/lib\/Controller\/OauthApiController.php(71): OCA\\OAuth2\\Db\\AccessTokenMapper->getByCode(‘23fQ\/cc1IXFNKWw…’)\n#1 [internal function]: OCA\\OAuth2\\Controller\\OauthApiController->getToken(*** sensitive parameters replaced ***)\n#2 \/var\/www\/html\/cloud.example.com\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(161): call_user_func_array(Array, Array)\n#3 \/var\/www\/html\/cloud.example.com\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(91): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OCA\\OAuth2\\Controller\\OauthApiController), ‘getToken’)\n#4 \/var\/www\/html\/cloud.example.com\/nextcloud\/lib\/private\/AppFramework\/App.php(115): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OCA\\OAuth2\\Controller\\OauthApiController), ‘getToken’)\n#5 \/var\/www\/html\/cloud.example.com\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main(‘OCA\\\\OAuth2\\\\Cont…’, ‘getToken’, Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#6 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#7 \/var\/www\/html\/cloud.example.com\/nextcloud\/lib\/private\/Route\/Router.php(297): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#8 \/var\/www\/html\/cloud.example.com\/nextcloud\/lib\/base.php(999): OC\\Route\\Router->match(’\/apps\/oauth2\/ap…’)\n#9 \/var\/www\/html\/cloud.example.com\/nextcloud\/index.php(37): OC::handleRequest()\n#10 {main}",“File”:"\/var\/www\/html\/cloud.example.com\/nextcloud\/apps\/oauth2\/lib\/Db\/AccessTokenMapper.php",“Line”:53}",
“userAgent”: “–”,
“version”: “13.0.2.1”
}

What can be wrong? In Nextcloud, I configured only the OAuth2 client.

kostya · July 4, 2018, 4:56pm

I apologize, forgot to specify the system parameters. Hence: Nextcloud 13.0.2, Apache/2.4.18, PHP7.0.30, Ubuntu 16.04.

kostya · July 4, 2018, 5:58pm

I just updated to the Nextcloud 13.0.4 and the error while getting access tocken disappeared, it all worked. But it still sign out me from my account after granting access to the application. No messages in the nextcloud log.

kostya · July 5, 2018, 5:18pm

I, like a psycho, quietly with myself conduct a conversation. Anyway. As I already wrote, it still sign out me from my account after granting access for the application. On this occasion, I decided to digest the code of “Nextcloud” and that’s what I found. In the module “nextcloud / core / Controller / ClientFlowLoginController.php” in line 334 there is such code:


// Clear the token from the login here

$this->tokenProvider->invalidateToken($sessionId);

I do not quite understand the clever design of the developers. If this line is commented out then everything works fine. Maybe in the next releases all will be corrected. It remains to be hoped and content with this “hack”.