oauth2: refresh token -> oauth2
That the backend is based on a refresh token is an implementation detail; it might even change at some point if we figure out how to do OAuth2 internally. Better use the shorter "oauth2" name in the "username" property. Also better align .so name and global variable names/defines in configure and Makefile with the name of the backend.
This commit is contained in:
parent
be846f8e60
commit
b26f49eaa3
|
@ -11,7 +11,7 @@ UI support, described below).
|
|||
|
||||
OAuth2 authentication using refresh token is enabled by setting OAuth2
|
||||
refresh token as password and setting username to
|
||||
"username=refresh_token:{'TokenHost': 'https://accounts.google.com', 'TokenPath': '/o/oauth2/token', 'Scope': 'https://www.googleapis.com/auth/carddav https://www.googleapis.com/auth/calendar', 'ClientID': '923794261470.apps.googleusercontent.com', 'ClientSecret': 'SlVBAcxamM0TBPlvX2c1zbEY'}"
|
||||
"username=oauth2:{'TokenHost': 'https://accounts.google.com', 'TokenPath': '/o/oauth2/token', 'Scope': 'https://www.googleapis.com/auth/carddav https://www.googleapis.com/auth/calendar', 'ClientID': '923794261470.apps.googleusercontent.com', 'ClientSecret': 'SlVBAcxamM0TBPlvX2c1zbEY'}"
|
||||
|
||||
Values of ClientId and ClientSecret need to be substituted with
|
||||
correct values (values here are from GOA, see below).
|
||||
|
|
|
@ -3,26 +3,26 @@
|
|||
PKG_CHECK_MODULES(JSON, [json], HAVE_JSON=yes,
|
||||
[PKG_CHECK_MODULES(JSON, [json-c], HAVE_JSON=yes, HAVE_JSON=no)])
|
||||
|
||||
def_refresh_token="no"
|
||||
def_oauth2="no"
|
||||
|
||||
if test "$ENABLE_LIBSOUP" = "yes" && test "$HAVE_JSON" = "yes"; then
|
||||
def_refresh_token="yes"
|
||||
def_oauth2="yes"
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE(refresh-token,
|
||||
AS_HELP_STRING([--enable-refresh-token],
|
||||
AC_ARG_ENABLE(oauth2,
|
||||
AS_HELP_STRING([--enable-oauth2],
|
||||
[enables or disables support for refresh token single-sign-on system without HMI; default is on if development files are available]),
|
||||
[enable_refresh_token="$enableval"
|
||||
test "$enable_refresh_token" = "yes" || test "$enable_refresh_token" = "no" || AC_MSG_ERROR([invalid value for --enable-refresh-token: $enable_refresh_token])
|
||||
test "$enable_refresh_token" = "no" || test "$HAVE_JSON" = "yes" || test "$ENABLE_LIBSOUP" = "yes"|| AC_MSG_ERROR([required pkg(s) not found that are needed for --enable-refresh-token])],
|
||||
enable_refresh_token="$def_refresh_token")
|
||||
if test "$enable_refresh_token" = "yes"; then
|
||||
[enable_oauth2="$enableval"
|
||||
test "$enable_oauth2" = "yes" || test "$enable_oauth2" = "no" || AC_MSG_ERROR([invalid value for --enable-oauth2: $enable_oauth2])
|
||||
test "$enable_oauth2" = "no" || test "$HAVE_JSON" = "yes" || test "$ENABLE_LIBSOUP" = "yes"|| AC_MSG_ERROR([required pkg(s) not found that are needed for --enable-oauth2])],
|
||||
enable_oauth2="$def_oauth2")
|
||||
if test "$enable_oauth2" = "yes"; then
|
||||
# link into static executables, similar to a SyncSource
|
||||
SYNCSOURCES="$SYNCSOURCES src/backends/oauth2/providerrefreshtoken.la"
|
||||
SYNCSOURCES="$SYNCSOURCES src/backends/oauth2/provideroauth2.la"
|
||||
if test "$enable_static" = "yes"; then
|
||||
AC_DEFINE(STATIC_REFRESH_TOKEN, 1, [activate gsso])
|
||||
AC_DEFINE(STATIC_OAUTH2, 1, [activate OAuth2 based on refresh token])
|
||||
fi
|
||||
fi
|
||||
|
||||
# conditional compilation in make
|
||||
AM_CONDITIONAL([USE_REFRESH_TOKEN], [test "$enable_refresh_token" = "yes"])
|
||||
AM_CONDITIONAL([USE_OAUTH2], [test "$enable_oauth2" = "yes"])
|
||||
|
|
|
@ -3,8 +3,8 @@ dist_noinst_DATA += src/backends/oauth2/configure-sub.in \
|
|||
$(NONE)
|
||||
|
||||
src_backends_oauth2_libs =
|
||||
if USE_REFRESH_TOKEN
|
||||
src_backends_oauth2_libs += src/backends/oauth2/providerrefreshtoken.la
|
||||
if USE_OAUTH2
|
||||
src_backends_oauth2_libs += src/backends/oauth2/provideroauth2.la
|
||||
endif
|
||||
MOSTLYCLEANFILES += $(src_backends_oauth2_libs)
|
||||
|
||||
|
@ -22,9 +22,9 @@ else
|
|||
noinst_LTLIBRARIES += $(src_backends_oauth2_libs)
|
||||
endif
|
||||
|
||||
src_backends_oauth2_providerrefreshtoken_la_SOURCES = $(src_backends_oauth2_sources)
|
||||
src_backends_oauth2_providerrefreshtoken_la_LIBADD = $(JSON_LIBS) $(GLIB_LIBS) $(SYNCEVOLUTION_LIBS)
|
||||
src_backends_oauth2_providerrefreshtoken_la_LDFLAGS = -module -avoid-version
|
||||
src_backends_oauth2_providerrefreshtoken_la_CXXFLAGS = $(JSON_CFLAGS) $(GLIB_CFLAGS) $(SYNCEVO_WFLAGS) $(SYNCEVOLUTION_CFLAGS)
|
||||
src_backends_oauth2_providerrefreshtoken_la_CPPFLAGS = -DUSE_REFRESH_TOKEN -I$(top_srcdir)/test $(BACKEND_CPPFLAGS)
|
||||
src_backends_oauth2_providerrefreshtoken_la_DEPENDENCIES = src/syncevo/libsyncevolution.la
|
||||
src_backends_oauth2_provideroauth2_la_SOURCES = $(src_backends_oauth2_sources)
|
||||
src_backends_oauth2_provideroauth2_la_LIBADD = $(JSON_LIBS) $(GLIB_LIBS) $(SYNCEVOLUTION_LIBS)
|
||||
src_backends_oauth2_provideroauth2_la_LDFLAGS = -module -avoid-version
|
||||
src_backends_oauth2_provideroauth2_la_CXXFLAGS = $(JSON_CFLAGS) $(GLIB_CFLAGS) $(SYNCEVO_WFLAGS) $(SYNCEVOLUTION_CFLAGS)
|
||||
src_backends_oauth2_provideroauth2_la_CPPFLAGS = -DUSE_OAUTH2 -I$(top_srcdir)/test $(BACKEND_CPPFLAGS)
|
||||
src_backends_oauth2_provideroauth2_la_DEPENDENCIES = src/syncevo/libsyncevolution.la
|
||||
|
|
|
@ -165,11 +165,11 @@ boost::shared_ptr<AuthProvider> createOAuth2AuthProvider(const InitStateString &
|
|||
// Expected content of parameter GVariant.
|
||||
boost::shared_ptr<GVariantType> hashtype(g_variant_type_new("a{ss}"), g_variant_type_free);
|
||||
|
||||
// 'username' is the part after refresh_token: which we can parse directly.
|
||||
// 'username' is the part after oauth2: which we can parse directly.
|
||||
GErrorCXX gerror;
|
||||
GVariantStealCXX parametersVar(g_variant_parse(hashtype.get(), username.c_str(), NULL, NULL, gerror));
|
||||
if (!parametersVar) {
|
||||
gerror.throwError(SE_HERE, "parsing 'refresh_token:' username");
|
||||
gerror.throwError(SE_HERE, "parsing 'oauth2:' username");
|
||||
}
|
||||
GHashTableCXX parameters(Variant2StrHashTable(parametersVar));
|
||||
|
||||
|
@ -182,27 +182,27 @@ boost::shared_ptr<AuthProvider> createOAuth2AuthProvider(const InitStateString &
|
|||
|
||||
tokenHost = (const gchar *)g_hash_table_lookup(parameters, "TokenHost");
|
||||
if (!tokenHost) {
|
||||
SE_THROW("need 'TokenHost: <string>' in 'refresh_token:' parameters");
|
||||
SE_THROW("need 'TokenHost: <string>' in 'oauth2:' parameters");
|
||||
}
|
||||
|
||||
tokenPath = (const gchar *)g_hash_table_lookup(parameters, "TokenPath");
|
||||
if (!tokenPath) {
|
||||
SE_THROW("need 'TokenPath: <string>' in 'refresh_token:' parameters");
|
||||
SE_THROW("need 'TokenPath: <string>' in 'oauth2:' parameters");
|
||||
}
|
||||
|
||||
scope = (const gchar *)g_hash_table_lookup(parameters, "Scope");
|
||||
if (!scope) {
|
||||
SE_THROW("need 'Scope: <string>' in 'refresh_token:' parameters");
|
||||
SE_THROW("need 'Scope: <string>' in 'oauth2:' parameters");
|
||||
}
|
||||
|
||||
clientID = (const gchar *)g_hash_table_lookup(parameters, "ClientID");
|
||||
if (!clientID) {
|
||||
SE_THROW("need 'ClientID: <string>' in 'refresh_token:' parameters");
|
||||
SE_THROW("need 'ClientID: <string>' in 'oauth2:' parameters");
|
||||
}
|
||||
|
||||
clientSecret = (const gchar *)g_hash_table_lookup(parameters, "ClientSecret");
|
||||
if (!clientSecret) {
|
||||
SE_THROW("need 'ClientSecret: <string>' in 'refresh_token:' parameters");
|
||||
SE_THROW("need 'ClientSecret: <string>' in 'oauth2:' parameters");
|
||||
}
|
||||
|
||||
if (password.empty()) {
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
#include <config.h>
|
||||
|
||||
#if defined(USE_REFRESH_TOKEN) || defined(STATIC_REFRESH_TOKEN)
|
||||
#if defined(USE_OAUTH2) || defined(STATIC_OAUTH2)
|
||||
|
||||
#include "oauth2.h"
|
||||
|
||||
|
@ -32,8 +32,8 @@ static class OAuth2Provider : public IdentityProvider
|
|||
{
|
||||
public:
|
||||
OAuth2Provider() :
|
||||
IdentityProvider("refresh_token",
|
||||
"refresh_token:<parameters>\n"
|
||||
IdentityProvider("oauth2",
|
||||
"oauth2:<parameters>\n"
|
||||
" Authentication using refresh token.\n"
|
||||
" GVariant text dump suitable for g_variant_parse() (see\n"
|
||||
" https://developer.gnome.org/glib/stable/gvariant-text.html).\n"
|
||||
|
|
Loading…
Reference in New Issue