{"id":29190723,"url":"https://github.com/owncloud/oauth2","last_synced_at":"2025-07-02T00:11:03.134Z","repository":{"id":12941486,"uuid":"73076742","full_name":"owncloud/oauth2","owner":"owncloud","description":"🔐  Application for using OAuth 2.0 in ownCloud","archived":false,"fork":false,"pushed_at":"2025-01-09T00:27:36.000Z","size":1155,"stargazers_count":31,"open_issues_count":36,"forks_count":25,"subscribers_count":46,"default_branch":"master","last_synced_at":"2025-06-27T21:13:47.181Z","etag":null,"topics":["owncloud-app"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/owncloud.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.md","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-07T12:35:17.000Z","updated_at":"2025-01-09T00:27:40.000Z","dependencies_parsed_at":"2024-02-14T09:27:17.953Z","dependency_job_id":"ee2c8b7f-ae79-495f-a0fc-a3f3a3f4ad4d","html_url":"https://github.com/owncloud/oauth2","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/owncloud/oauth2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Foauth2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Foauth2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Foauth2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Foauth2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/owncloud","download_url":"https://codeload.github.com/owncloud/oauth2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Foauth2/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263052430,"owners_count":23406106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["owncloud-app"],"created_at":"2025-07-02T00:11:02.201Z","updated_at":"2025-07-02T00:11:03.087Z","avatar_url":"https://github.com/owncloud.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔐 OAuth 2.0\n[![Build Status](https://drone.owncloud.com/api/badges/owncloud/oauth2/status.svg?branch=master)](https://drone.owncloud.com/owncloud/oauth2)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=owncloud_oauth2\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=owncloud_oauth2)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=owncloud_oauth2\u0026metric=security_rating)](https://sonarcloud.io/dashboard?id=owncloud_oauth2)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=owncloud_oauth2\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=owncloud_oauth2)\n\nThis app implements the [OAuth 2.0 Authorization Code Flow](https://tools.ietf.org/html/rfc6749#section-4.1).\n\n## Installing the app\nPlace the content of this repository in **owncloud/apps/oauth2**.\n\n## Using the app\n\n### Endpoints\n* Authorization URL: `/index.php/apps/oauth2/authorize`\n* Access Token URL: `/index.php/apps/oauth2/api/v1/token`\n\n### Protocol Flow\n1. [Client registration](https://tools.ietf.org/html/rfc6749#section-2): First the clients have to be registered in the admin settings: `/index.php/settings/admin?sectionid=additional#oauth2`. You need to specify a name for the client (the name is unrelated to the OAuth 2.0 protocol and is just used to recognize it later) and the redirection URI. A client identifier and client secret is being generated when adding a new client. They both consist of 64 characters.\n\n2. [Authorization Request](https://tools.ietf.org/html/rfc6749#section-4.1.1): For every registered client an Authorization Request can be made. The client redirects the resource owner to the [Authorization URL](#endpoints) and requests authorization. The following URL parameters have to be specified: \n    1. `response_type` (required): needs to be `code` because at this time only the Authorization Code Flow is implemented.\n    2. `client_id` (required): the client identifier obtained when registering the client.\n    3. `redirect_uri` (required): the redirection URI specified when registering the client.\n    4. `state` (optional): can be set by the client \"to maintain state between the request and callback\" ([RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1)).\n    5. `user` (optional): can be set to indicate the username of the resource owner \n\n3. [Authorization Response](https://tools.ietf.org/html/rfc6749#section-4.1.2): After the resource owner's authorization the app redirects to the `redirect_uri` specified in the Authorization Request and adds the Authorization Code as URL parameter `code`. An Authorization Code is valid for 10 minutes.\n\n4. [Access Token Request](https://tools.ietf.org/html/rfc6749#section-4.1.3): With the Authorization Code the client can request an Access Token using the [Access Token URL](#endpoints). [Client Authentication](https://tools.ietf.org/html/rfc6749#section-2.3) is done using Basic Auth with the client identifier as username and the client secret as password. The following URL parameters have to be specified:\n    1. `grant_type `: Either `authorization_code` or `refresh_token`.\n    2. `code` and `redirect_uri` (if the grant type `authorization_code` is used).\n    3. `refresh_token` (if the grant type `refresh_token` is used).\n\n5. [Access Token Response](https://tools.ietf.org/html/rfc6749#section-4.1.4): The app responses to a valid Access Token Request with an JSON response like the following. An Access Token is valid for 1 hour and can be refreshed with a Refresh Token.\n\n```json\n{\n    \"access_token\" : \"1vtnuo1NkIsbndAjVnhl7y0wJha59JyaAiFIVQDvcBY2uvKmj5EPBEhss0pauzdQ\",\n    \"token_type\" : \"Bearer\",\n    \"expires_in\" : 3600,\n    \"refresh_token\" : \"7y0wJuvKmj5E1vjVnhlPBEhha59JyaAiFIVQDvcBY2ss0pauzdQtnuo1NkIsbndA\",\n    \"user_id\" : \"admin\",\n    \"message_url\" : \"https://www.example.org/owncloud/index.php/apps/oauth2/authorization-successful\"\n}\n```\n\n## Limitations\nSince no user passwords are handled by the app at all only master key encryption is working (similiar to the Shibboleth app).\n\n## Possible improvements\n- [ ] Add option for using different [scopes](https://tools.ietf.org/html/rfc6749#section-3.3).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowncloud%2Foauth2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowncloud%2Foauth2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowncloud%2Foauth2/lists"}