OAuth2 Authentication Process
It is recommended to use the Authorization Flow Grant.
The Authorization flow first requires you to request a temporary authorization code that you later exchange for an access token. As we create CSRF cookies to validate the flow, the code needs to be retrieved via a browser. In this document we are redirecting to a Pydio Cells page created to display an authorization code but you can also prefer to use your own page, as long as the URL is added to the list of callback urls allowed for this client.
We assume here that you have created a dedicated Client inside Cells. Check Create OAuth2 Client for more info.
|Grant Types||Authorization Code|
|Response Types||Code, Token, IDToken|
Quick bash setup
DOMAIN="http(s)://yourpydio.com" AUTHORIZATION_ENDPOINT=`curl --silent $DOMAIN/oidc/.well-known/openid-configuration | jq --raw-output '.authorization_endpoint'` TOKEN_ENDPOINT=`curl --silent $DOMAIN/oidc/.well-known/openid-configuration | jq --raw-output '.token_endpoint'`
This will open a browser window if you have a default browser setup. If you don't, then echo and copy and paste this url in your preferred browser
Copy the code generated in the clipboard
Exchange the code for an access token
CODE=<paste here> ACCESS_TOKEN=`curl --silent -u "cells-curl:password" -X POST -d "grant_type=authorization_code&code=$CODE&redirect_uri=$DOMAIN/oauth2/oob" $TOKEN_ENDPOINT | jq --raw-output '.access_token'`
Below is a sample API call using the Authorization header with the Access Token you have previously retrieved.
curl -H "Authorization: Bearer $ACCESS_TOKEN" $DOMAIN/a/config/ctl
Performing S3 calls using curl is quite complex, as the S3 Authorization mechanism requires specific signatures computation based on each request sent to S3. We suggest using a dedicated command line S3 tool instead, using the
ACCESS_TOKEN as Api Key and the string
gatewaysecret as password.