Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

migrate oauth2 into upstream #1689

Merged
merged 13 commits into from
Feb 2, 2025
Merged

migrate oauth2 into upstream #1689

merged 13 commits into from
Feb 2, 2025

Conversation

pbiering
Copy link
Collaborator

@pbiering pbiering commented Feb 2, 2025
edited
Loading

@pbiering pbiering added this to the 3.4.x milestone Feb 2, 2025
@pbiering pbiering self-assigned this Feb 2, 2025
@pbiering pbiering modified the milestones: 3.4.x, 3.4.2 Feb 2, 2025
@pbiering pbiering merged commit c2def71 into Kozea:master Feb 2, 2025
19 checks passed
benbucksch
benbucksch reviewed Feb 2, 2025
View reviewed changes
radicale/auth/oauth2.py
req_params = {
"username": login,
"password": password,
"grant_type": "password",
Copy link

@benbucksch benbucksch Feb 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This password grant type is rarely enabled, so this is will usually not work.

Instead, the client app sends the user to an auth page in the browser, which returns an authCode, then the app uses the OAuth server to change that auth code into an access token and refresh token, and then the app passes the access token to the app server (radicale). The app server only needs to check whether the access token is valid.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have assumed this already, see my comments in the discussions...if one really want to have OAuth2 inside radicale and not terminating on reverse proxy in front of, further code contribution is required (incl. all the error handling).

PR(s) are welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benbucksch benbucksch benbucksch left review comments

Assignees

@pbiering pbiering

Labels
auth feature
Projects
None yet
Milestone
3.4.2
Development

Successfully merging this pull request may close these issues.
2 participants
@pbiering @benbucksch