Using cURL
OAuth2 Authentication Process
It is recommended to use the Authorization Flow Grant.
The Authorization flow first requires you to request a temporary authorization code that you later exchange for an access token. As we create CSRF cookies to validate the flow, the code needs to be retrieved via a browser. In this document we are redirecting to a Pydio Cells page created to display an authorization code but you can also prefer to use your own page, as long as the URL is added to the list of callback urls allowed for this client.
Client Parameters
We assume here that you have created a dedicated Client inside Cells. Check Create OAuth2 Client for more info.
| Parameter | value |
|---|---|
| Client Name | cells-curl |
| Client ID | cells-curl |
| Client Secret | password |
| Callback URLs | http://mypydio.localhost:8080/oauth2/oob |
| Grant Types | Authorization Code |
| Response Types | Code, Token, IDToken |
You can also use the default client(which is Public) see:
| Parameter | value |
|---|---|
| Client Name | cells-client |
| Client ID | cells-client |
| Client Secret | <empty> |
| Callback URLs | http://mypydio.localhost:8080/oauth2/oob |
| Grant Types | authorization_code |
| Response Types | code, token, id_token |
You can also add, edit the default clients directly in your pydio.json file.
Quick bash setup
DOMAIN="http(s)://yourpydio.com"
AUTHORIZATION_ENDPOINT=`curl --silent $DOMAIN/oidc/.well-known/openid-configuration | jq --raw-output '.authorization_endpoint'`
TOKEN_ENDPOINT=`curl --silent $DOMAIN/oidc/.well-known/openid-configuration | jq --raw-output '.token_endpoint'`
Request Authorization
This will open a browser window if you have a default browser setup. If you don't, then echo and copy and paste this url in your preferred browser
open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=cells-curl&cells_secret=password&redirect_uri=$DOMAIN/oauth2/oob&state=12345678"
Copy the code generated in the clipboard
Exchange the code for an access token
CODE=<paste here>
ACCESS_TOKEN=`curl --silent -u "cells-curl:password" -X POST -d "grant_type=authorization_code&code=$CODE&redirect_uri=$DOMAIN/oauth2/oob" $TOKEN_ENDPOINT | jq --raw-output '.access_token'`
API Call
Below is a sample API call using the Authorization header with the Access Token you have previously retrieved.
curl -H "Authorization: Bearer $ACCESS_TOKEN" $DOMAIN/a/config/ctl
S3 Call
Performing S3 calls using curl is quite complex, as the S3 Authorization mechanism requires specific signatures computation based on each request sent to S3. We suggest using a dedicated command line S3 tool instead, using the ACCESS_TOKEN as Api Key and the string gatewaysecret as password.