<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <title>OAuth - Gancio</title> <link href="https://github.com/lesion" rel="me"> <link href="eventi@cisti.org" rel="me"> <link rel="webmention" href="https://webmention.io/gancio.org/webmention" /> <link rel="pingback" href="https://webmention.io/gancio.org/xmlrpc" /> <link rel="shortcut icon" href="https://gancio.org/favicon.ico" type="image/x-icon"> <link rel="stylesheet" href="https://gancio.org/assets/css/just-the-docs-default.css"> <link rel="stylesheet" href="https://gancio.org/assets/css/premonition.css"> <script type="text/javascript" src="https://gancio.org/assets/js/vendor/lunr.min.js"></script> <script type="text/javascript" src="https://gancio.org/assets/js/just-the-docs.js"></script> <script src="https://gancio.org/assets/js/jquery-3.3.1.min.js"></script> <link rel="stylesheet" href="https://gancio.org/assets/css/jquery.fancybox.min.css"> <script src="https://gancio.org/assets/js/jquery.fancybox.min.js"></script> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- Begin Jekyll SEO tag v2.8.0 --> <title>OAuth | Gancio</title> <meta name="generator" content="Jekyll v4.3.2" /> <meta property="og:title" content="OAuth" /> <meta property="og:locale" content="en_US" /> <meta name="description" content="A shared agenda for local communities with AP support" /> <meta property="og:description" content="A shared agenda for local communities with AP support" /> <link rel="canonical" href="https://gancio.org/dev/oauth" /> <meta property="og:url" content="https://gancio.org/dev/oauth" /> <meta property="og:site_name" content="Gancio" /> <meta property="og:type" content="website" /> <meta name="twitter:card" content="summary" /> <meta property="twitter:title" content="OAuth" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"A shared agenda for local communities with AP support","headline":"OAuth","url":"https://gancio.org/dev/oauth"}</script> <!-- End Jekyll SEO tag --> </head> <body> <a class="skip-to-main" href="#main-content">Skip to main content</a> <svg xmlns="http://www.w3.org/2000/svg" class="d-none"> <symbol id="svg-link" viewBox="0 0 24 24"> <title>Link</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"> <path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"> <title>Menu</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"> <line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"> <title>Expand</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"> <polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <!-- Feather. MIT License: https://github.com/feathericons/feather/blob/master/LICENSE --> <symbol id="svg-external-link" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-external-link"> <title id="svg-external-link-title">(external link)</title> <path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6"></path><polyline points="15 3 21 3 21 9"></polyline><line x1="10" y1="14" x2="21" y2="3"></line> </symbol> <symbol id="svg-doc" viewBox="0 0 24 24"> <title>Document</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"> <path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"> <title>Search</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <!-- Bootstrap Icons. MIT License: https://github.com/twbs/icons/blob/main/LICENSE.md --> <symbol id="svg-copy" viewBox="0 0 16 16"> <title>Copy</title> <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-clipboard" viewBox="0 0 16 16"> <path d="M4 1.5H3a2 2 0 0 0-2 2V14a2 2 0 0 0 2 2h10a2 2 0 0 0 2-2V3.5a2 2 0 0 0-2-2h-1v1h1a1 1 0 0 1 1 1V14a1 1 0 0 1-1 1H3a1 1 0 0 1-1-1V3.5a1 1 0 0 1 1-1h1v-1z"/> <path d="M9.5 1a.5.5 0 0 1 .5.5v1a.5.5 0 0 1-.5.5h-3a.5.5 0 0 1-.5-.5v-1a.5.5 0 0 1 .5-.5h3zm-3-1A1.5 1.5 0 0 0 5 1.5v1A1.5 1.5 0 0 0 6.5 4h3A1.5 1.5 0 0 0 11 2.5v-1A1.5 1.5 0 0 0 9.5 0h-3z"/> </svg> </symbol> <symbol id="svg-copied" viewBox="0 0 16 16"> <title>Copied</title> <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-clipboard-check-fill" viewBox="0 0 16 16"> <path d="M6.5 0A1.5 1.5 0 0 0 5 1.5v1A1.5 1.5 0 0 0 6.5 4h3A1.5 1.5 0 0 0 11 2.5v-1A1.5 1.5 0 0 0 9.5 0h-3Zm3 1a.5.5 0 0 1 .5.5v1a.5.5 0 0 1-.5.5h-3a.5.5 0 0 1-.5-.5v-1a.5.5 0 0 1 .5-.5h3Z"/> <path d="M4 1.5H3a2 2 0 0 0-2 2V14a2 2 0 0 0 2 2h10a2 2 0 0 0 2-2V3.5a2 2 0 0 0-2-2h-1v1A2.5 2.5 0 0 1 9.5 5h-3A2.5 2.5 0 0 1 4 2.5v-1Zm6.854 7.354-3 3a.5.5 0 0 1-.708 0l-1.5-1.5a.5.5 0 0 1 .708-.708L7.5 10.793l2.646-2.647a.5.5 0 0 1 .708.708Z"/> </svg> </symbol> </svg> <div class="side-bar"> <div class="site-header" role="banner"> <a href="/" class="site-title lh-tight"> Gancio </a> <button id="menu-button" class="site-button btn-reset" aria-label="Toggle menu" aria-pressed="false"> <svg viewBox="0 0 24 24" class="icon" aria-hidden="true"><use xlink:href="#svg-menu"></use></svg> </button> </div> <nav aria-label="Main" id="site-nav" class="site-nav"> <ul class="nav-list"><li class="nav-list-item"><a href="/" class="nav-list-link">Home</a></li><li class="nav-list-item"><button class="nav-list-expander btn-reset" aria-label="toggle items in Usage category" aria-pressed="false"> <svg viewBox="0 0 24 24" aria-hidden="true"><use xlink:href="#svg-arrow-right"></use></svg> </button><a href="/usage" class="nav-list-link">Usage</a><ul class="nav-list"><li class="nav-list-item"><a href="/usage/embed" class="nav-list-link">Embed events in webpages</a></li><li class="nav-list-item"><a href="/usage/moderation" class="nav-list-link">Moderation</a></li><li class="nav-list-item"><a href="/usage/users" class="nav-list-link">Users</a></li><li class="nav-list-item"><a href="/usage/cli" class="nav-list-link">CLI</a></li><li class="nav-list-item"><a href="/usage/federation" class="nav-list-link">Federation</a></li><li class="nav-list-item"><a href="/usage/plugins" class="nav-list-link">Plugins</a></li><li class="nav-list-item"><a href="/usage/custom_css" class="nav-list-link">Custom CSS</a></li><li class="nav-list-item"><a href="/usage/custom_js" class="nav-list-link">Custom Javascript</a></li></ul></li><li class="nav-list-item"><a href="/screenshot" class="nav-list-link">Screenshots</a></li><li class="nav-list-item"><button class="nav-list-expander btn-reset" aria-label="toggle items in Install category" aria-pressed="false"> <svg viewBox="0 0 24 24" aria-hidden="true"><use xlink:href="#svg-arrow-right"></use></svg> </button><a href="/install" class="nav-list-link">Install</a><ul class="nav-list"><li class="nav-list-item"><a href="/install/debian" class="nav-list-link">Debian</a></li><li class="nav-list-item"><a href="/install/nixos" class="nav-list-link">NixOS</a></li><li class="nav-list-item"><a href="/install/docker" class="nav-list-link">Docker</a></li><li class="nav-list-item"><a href="/install/backup" class="nav-list-link">Backup</a></li><li class="nav-list-item"><a href="/install/config" class="nav-list-link">Configuration</a></li><li class="nav-list-item"><a href="/install/nominatim" class="nav-list-link">Nominatim</a></li><li class="nav-list-item"><a href="/install/nginx" class="nav-list-link">Nginx setup</a></li></ul></li><li class="nav-list-item"><button class="nav-list-expander btn-reset" aria-label="toggle items in Hacking category" aria-pressed="false"> <svg viewBox="0 0 24 24" aria-hidden="true"><use xlink:href="#svg-arrow-right"></use></svg> </button><a href="/dev" class="nav-list-link">Hacking</a><ul class="nav-list"><li class="nav-list-item"><a href="/dev/structure" class="nav-list-link">Project Structure</a></li><li class="nav-list-item"><a href="/dev/plugins" class="nav-list-link">Plugins</a></li><li class="nav-list-item"><a href="/dev/oauth" class="nav-list-link">OAuth</a></li><li class="nav-list-item"><a href="/dev/locales" class="nav-list-link">Internationalization</a></li><li class="nav-list-item"><a href="/dev/api" class="nav-list-link">API</a></li></ul></li><li class="nav-list-item"><a href="/contribute" class="nav-list-link">Contribute</a></li><li class="nav-list-item"><a href="/instances" class="nav-list-link">Instances</a></li><li class="nav-list-item"><a href="/about" class="nav-list-link">About</a></li><li class="nav-list-item"><a href="/contacts" class="nav-list-link">Contacts</a></li><li class="nav-list-item"><a href="/federation" class="nav-list-link">Federation</a></li><li class="nav-list-item"><a href="/changelog" class="nav-list-link">Changelog</a></li></ul> </nav> <footer class="site-footer"> This site uses <a href="https://github.com/just-the-docs/just-the-docs">Just the Docs</a>, a documentation theme for Jekyll. </footer> </div> <div class="main" id="top"> <div id="main-header" class="main-header"> <div class="search" role="search"> <div class="search-input-wrap"> <input type="text" id="search-input" class="search-input" tabindex="0" placeholder="Search Gancio" aria-label="Search Gancio" autocomplete="off"> <label for="search-input" class="search-label"><svg viewBox="0 0 24 24" class="search-icon"><use xlink:href="#svg-search"></use></svg></label> </div> <div id="search-results" class="search-results"></div> </div> <nav aria-label="Auxiliary" class="aux-nav"> <ul class="aux-nav-list"> <li class="aux-nav-list-item"> <a href="https://framagit.org/les/gancio" class="site-button" > Source </a> </li> <li class="aux-nav-list-item"> <a href="https://mastodon.cisti.org/@gancio" class="site-button" > @gancio@mastodon.cisti.org </a> </li> </ul> </nav> </div> <div class="main-content-wrap"> <nav aria-label="Breadcrumb" class="breadcrumb-nav"> <ol class="breadcrumb-nav-list"> <li class="breadcrumb-nav-list-item"><a href="/dev">Hacking</a></li> <li class="breadcrumb-nav-list-item"><span>OAuth</span></li> </ol> </nav> <div id="main-content" class="main-content"> <main> <div class="premonition error"> <i class="premonition pn-error"></i> <div class="content"> <p class="header">BETA FEATURE</p><p>Expect bad behavior and open <a href="https://framagit.org/les/gancio/issues">issues</a></p> </div> </div> <h2 class="no_toc" id="oauth"> <a href="#oauth" class="anchor-heading" aria-labelledby="oauth"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> OAuth </h2> <p>An open standard for token-based authentication and authorization on the Internet.</p> <p>Gancio supports OAuth 2.0, an authorization framework described in <a href="https://tools.ietf.org/html/rfc6749">RFC 6749</a> that allows third-party applications to obtain limited access to an HTTP service on behalf of a resource owner, through the use of a standardized authorization flow that generates a client access token to be used with HTTP requests.</p> <p>To obtain an OAuth token for a Gancio instance, make sure that you allow your users to specify the domain they want to connect to before login. Use that domain to <a href="#create-client">acquire a client id/secret</a> and then proceed with normal OAuth 2.</p><hr /> <h2 id="create-client"> <a href="#create-client" class="anchor-heading" aria-labelledby="create-client"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Create client </h2> <p>Create a new application to obtain OAuth2 credentials.</p> <p class="label label-yellow">POST</p> <p><code class="language-plaintext highlighter-rouge">/api/client</code></p> <h4 id="request-parameters"> <a href="#request-parameters" class="anchor-heading" aria-labelledby="request-parameters"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Request parameters </h4> <div class="table-wrapper"><table> <tbody> <tr> <td>client_name</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>A name for your application</td> </tr> <tr> <td>redirect_uris</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Where the user should be redirected after authorization</td> </tr> <tr> <td>scopes</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Space separated list of scopes. If none is provided, defaults to <code class="language-plaintext highlighter-rouge">event:write</code> as it鈥檚 the only supported scope!</td> </tr> <tr> <td>website</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>A URL to the homepage of your app</td> </tr> </tbody> </table></div> <h4 id="example"> <a href="#example" class="anchor-heading" aria-labelledby="example"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Example </h4> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-X</span> POST <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'client_name=Wordpress Event Manager'</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'redirect_uris=https://noblogs.org/'</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'website=https://myapp.example'</span> <span class="se">\</span> http://localhost:13120/api/client </code></pre></div></div> <h4 id="returns"> <a href="#returns" class="anchor-heading" aria-labelledby="returns"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Returns </h4> <p>Application, with <code class="language-plaintext highlighter-rouge">client_id</code> and <code class="language-plaintext highlighter-rouge">client_secret</code></p> <div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"Wordpress Event Manager"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scopes"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"event:write"</span><span class="p">,</span><span class="w"> </span><span class="nl">"website"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"https://myapp.example"</span><span class="p">,</span><span class="w"> </span><span class="nl">"client_secret"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"909029fa12797e6bdfb5baf5e379675dfa4e3ad4"</span><span class="p">,</span><span class="w"> </span><span class="nl">"redirect_uris"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"https://noblogs.org"</span><span class="p">,</span><span class="w"> </span><span class="nl">"client_id"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"0f377e34b2aaf517f7db534f32d26b0dd938fb6d"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre></div></div> <h4 id="list-of-scopes"> <a href="#list-of-scopes" class="anchor-heading" aria-labelledby="list-of-scopes"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> List of scopes </h4> <ul> <li><code class="language-plaintext highlighter-rouge">event:write</code><br /> Grant access to add/update events.</li> </ul> <h2 id="authorize-a-user"> <a href="#authorize-a-user" class="anchor-heading" aria-labelledby="authorize-a-user"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Authorize a user </h2> <p>Displays an authorization form to the user. If approved, it will create and return an authorization code, then redirect to the desired <code class="language-plaintext highlighter-rouge">redirect_uri</code>. The authorization code can be used while requesting a token to obtain access to user-level methods.</p> <p><a href="/assets/oauth_auth.png" data-fancybox="group" data-caption="OAuth authorization form"><img src="/assets/thumbs/oauth_auth.png" alt="/assets/thumbs/oauth_auth.png" /></a></p> <p class="label label-green">GET</p> <p><code class="language-plaintext highlighter-rouge">/authorize</code></p> <h4 id="request-parameters-1"> <a href="#request-parameters-1" class="anchor-heading" aria-labelledby="request-parameters-1"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Request parameters </h4> <div class="table-wrapper"><table> <tbody> <tr> <td>response_type</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Should be set equal to <code class="language-plaintext highlighter-rouge">code</code></td> </tr> <tr> <td>redirect_uri</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Where the user should be redirected after authorization</td> </tr> <tr> <td>scope</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Should be <code class="language-plaintext highlighter-rouge">event:write</code></td> </tr> <tr> <td>client_id</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td><code class="language-plaintext highlighter-rouge">client_id</code>, obtained during app registration.</td> </tr> </tbody> </table></div> <h2 id="obtain-a-token"> <a href="#obtain-a-token" class="anchor-heading" aria-labelledby="obtain-a-token"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Obtain a token </h2> <p class="label label-yellow">POST</p> <p><code class="language-plaintext highlighter-rouge">/oauth/token</code></p> <h4 id="request-parameters-2"> <a href="#request-parameters-2" class="anchor-heading" aria-labelledby="request-parameters-2"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Request parameters </h4> <div class="table-wrapper"><table> <tbody> <tr> <td>client_id</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td><code class="language-plaintext highlighter-rouge">client_id</code> obtained during <a href="#create-client">client registration</a></td> </tr> <tr> <td>client_secret</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td><code class="language-plaintext highlighter-rouge">client_secret</code> obtained during <a href="#create-client">client registration</a></td> </tr> <tr> <td>scope</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Should be <code class="language-plaintext highlighter-rouge">event:write</code></td> </tr> <tr> <td>grant_type</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>Set equal to <code class="language-plaintext highlighter-rouge">authorization_code</code></td> </tr> <tr> <td>code</td> <td><code class="language-plaintext highlighter-rouge">string</code></td> <td>A user authorization code, obtained via <a href="#authorize-a-user">/authorize</a></td> </tr> </tbody> </table></div> </main> <hr> <footer> <div class="d-flex mt-2"> <p class="text-small text-grey-dk-000 mb-0"> <a href="https://framagit.org/les/gancio/-/tree/master/docs/dev/oauth.md" id="edit-this-page">Edit this page</a> </p> </div> </footer> </div> </div> <div class="search-overlay"></div> </div> </body> </html>