Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cyberdem0n/pam-oauth2

OAuth2 pam module
https://github.com/cyberdem0n/pam-oauth2

oauth2 pam

Last synced: 3 months ago
JSON representation

OAuth2 pam module

Host: GitHub
URL: https://github.com/cyberdem0n/pam-oauth2
Owner: CyberDem0n
License: mit
Created: 2017-02-01T10:11:10.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2020-02-19T09:17:51.000Z (almost 5 years ago)
Last Synced: 2024-02-15T14:33:32.819Z (11 months ago)
Topics: oauth2, pam
Language: C
Size: 9.77 KB
Stars: 131
Watchers: 8
Forks: 30
Open Issues: 4
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.rst
- License: LICENSE

Awesome Lists containing this project

README

OAuth2 PAM module
=================

This PAM module enables login with OAuth2 token instead of password.

## How to install it:

```bash
$ sudo apt-get install libcurl4-openssl-dev libpam-dev
$ git submodule init
$ git submodule update
$ make
$ sudo make install
```

## Configuration

```
auth sufficient pam_oauth2.so key1=value2 key2=value2
account sufficient pam_oauth2.so
```

## How it works

Lets assume that configuration is looking like:

```
auth sufficient pam_oauth2.so https://foo.org/oauth2/tokeninfo?access_token= uid grp=tester
```

And somebody is trying to login with login=foo and token=bar.

pam\_oauth2 module will make http request https://foo.org/oauth2/tokeninfo?access\_token=bar (tokeninfo url is simply concatenated with token) and check response code and content.

If the response code is not 200 - authentication will fail. After that it will check response content:

```json
{
"access_token": "bar",
"expires_in": 3598,
"grp": "tester",
"scope": [
"uid"
],
"token_type": "Bearer",
"uid": "foo"
}
```

It will check that response is a valid JSON object and top-level object contains following key-value pairs:
```json
"uid": "foo",
"grp": "tester"
```

If some keys haven't been found or values don't match with expectation - authentication will fail.

### Issues and Contributing

Oauth2 PAM module welcomes questions via our [issues tracker](https://github.com/CyberDem0n/pam-oauth2/issues). We also greatly appreciate fixes, feature requests, and updates; before submitting a pull request, please visit our [contributor guidelines](https://github.com/CyberDem0n/pam-oauth2/blob/master/CONTRIBUTING.rst).

License
-------

This project uses the [MIT license](https://github.com/CyberDem0n/pam-oauth2/blob/master/LICENSE).