OAuth for Dokuwiki

This is the simple version of the dokuoauth plugin.

It implements basic oAuth support for DokuWiki using hardcoded tokens instead of the whole oauth-flow. It's mainly intended as example while the dokuoauth plugin is being developed.

The plugin is symmetric: It authenticates OAuth signed requests to dokuwiki as well as adds an oAuth signature to an outgoing request (feed, sync) to hosts for which tokens are defined.

Installation

Configuration

Example tokens.php

// oauth-consumer - outgoing requests - local=consumer
$oauth_providers=array(
    array(
        'host'             => "localhost",
        'user'             => "" , # if not empty only this user can use this token
        'key'              => "ctoken",
        'secret'           => "csecret",
        'token'            => "atoken",
        'token_secret'     => "asecret" ,
        'signature_method' => 'HMAC-SHA1'
    ),
);
 
// Oauth service provider - incoming requests - local=serviceprovider
$oauth_tokens=array(
    array(
        'key'              => "ctoken",
        'secret'           => "csecret",
        'token'            => "atoken",
        'token_secret'     => "asecret" ,
        'user'             => "me" # authenticate this user
    ),
    array(
        'key'              => "ct",
        'secret'           => "cs",
        'token'            => "at",
        'token_secret'     => "as" ,
        'user'             => "admin" # authenticate this user
    ),
);

The $oauth_providers is used for transparently signing outgoing requests. The Plugins intercepts requests via devel:event:httpclient_request_send, and adds an oauth-signature if the hostname matches 'host' and the current (local) user equals the given 'user' (unless 'user' is empty, in which case only the hostname is checked).

$oauth_tokens are for incoming requests with an oauth_signature query parameter. If the tokens match and the signature is valid, the specified 'user' is automatically logged in for this request. It works for any HTTP request, though it's mainly intended for XMLRPC.

There can be multiple $oauth_providers (for different hosts and users) as well as many $oauth_tokens (different users).

Examples and Testing

from dokuwiki

Add a feed to a private namespace to a wiki-page. The outgoing request (to retrieve the feed) will be signed, and the signature will be used to authenticate against DokuWiki again.

{{rss http://localhost/dokuwiki/feed.php?mode=list&ns=private}}

Make sure that the tokens.php on the server lists the host (here localhost) in $oauth_providers and the feed-source has the same tokens and a username that can read the private-namespace in $oauth_tokens.

from the commandline

use oauthsign from oauth-utils.

oauthsign -c ctoken -C csecret -t atoken -T asecret -x "http://localhost/dokuwiki/feed.php?mode=list&ns=private"

debugging

Enable the debug Log (Admin → Configuration-editor → DokuoAuth) and look in the /tmp/oAuth.debug file.

 
wiki/dokuoauth_simple.txt · Last modified: 13.03.2009 15:17 by rgareus