You have been redirected from an outdated version of the article.
Below is the content available on this topic. To view the old article click here.
OAuth#
Structr has built-in user authentication against internally stored user data and supports external authentication over OAuth.
Structr supports the following OAuth services:
- Twitter (OAuth 1a)
- Facebook, Google, GitHub, LinkedIn (all OAuth 2.0)
To configure external authentication, you need to properly configure the services in structr.conf.
If using the built-in authentication, a user node will be created. Structr never stores clear-text passwords to authenticate a user at login but only a salted SHA-512 hash.
Structr supports the OAuth2 and OAuth1A (Twitter) authentication schemes. In order to make external authentication work over OAuth, you need to configure the services you want to use. Please check the URLs and enter the credentials provided by the respective authentication service provider.
The following pages provide details on how to configure OAuth for the different services:
Please check the URLs and enter the credentials provided by the respective authentication service provider like this.
oauth.github.authorization_location = https://github.com/login/oauth/authorize
oauth.github.token_location = https://github.com/login/oauth/access_token
oauth.github.client_id =
oauth.github.client_secret =
oauth.github.redirect_uri = /oauth/github/auth
oauth.github.user_details_resource_uri = https://api.github.com/user/emails
oauth.github.error_uri = /login
oauth.github.return_uri = /
Search results for "OAuth"
Auth0
oauth.oauth.authorization_location | URL of the authorization endpoint. |
oauth.oauth.token_location | URL of the token endpoint. |
oauth.oauth.client_id | Client ID used for oauth. |
oauth.oauth.client_secret | Client secret used for oauth. |
oauth.oauth.redirect_uri | Structr endpoint for the service oauth authorization. |
oauth.oauth.user_details_resource_uri | Points to the user details endpoint of the service provider. |
oauth.oauth.error_uri | Structr redirects to this URI on unsuccessful authentication. |
oauth.oauth.return_uri | Structr redirects to this URI on successful authentification. |
oauth.oauth.scope | Specifies the scope of the authentifcation. |
LinkedIn
oauth.linkedin.authorization_location | URL of the authorization endpoint. |
oauth.linkedin.token_location | URL of the token endpoint. |
oauth.linkedin.client_id | Client ID used for oauth. |
oauth.linkedin.client_secret | Client secret used for oauth. |
oauth.linkedin.redirect_uri | Structr endpoint for the service oauth authorization. |
oauth.linkedin.user_details_resource_uri | Points to the user details endpoint of the service provider. |
oauth.linkedin.user_profile_resource_uri | Points to the user profile endpoint of the service provider. |
oauth.linkedin.error_uri | Structr redirects to this URI on unsuccessful authentication. |
oauth.linkedin.return_uri | Structr redirects to this URI on successful authentification. |
oauth.linkedin.scope | Specifies the scope of the authentifcation. |
Github
oauth.github.authorization_location | URL of the authorization endpoint. |
oauth.github.token_location | URL of the token endpoint. |
oauth.github.client_id | Client ID used for oauth. |
oauth.github.client_secret | Client secret used for oauth. |
oauth.github.redirect_uri | Structr endpoint for the service oauth authorization. |
oauth.github.user_details_resource_uri | Points to the user details endpoint of the service provider. |
oauth.github.error_uri | Structr redirects to this URI on unsuccessful authentication. |
oauth.github.return_uri | Structr redirects to this URI on successful authentification. |
oauth.github.scope | Specifies the scope of the authentifcation. |
Facebook
oauth.facebook.authorization_location | URL of the authorization endpoint. |
oauth.facebook.token_location | URL of the token endpoint. |
oauth.facebook.client_id | Client ID used for oauth. |
oauth.facebook.client_secret | Client secret used for oauth. |
oauth.facebook.redirect_uri | Structr endpoint for the service oauth authorization. |
oauth.facebook.user_details_resource_uri | Points to the user details endpoint of the service provider. |
oauth.facebook.error_uri | Structr redirects to this URI on unsuccessful authentication. |
oauth.facebook.return_uri | Structr redirects to this URI on successful authentification. |
oauth.facebook.scope | Specifies the scope of the authentifcation. |
Google
oauth.google.authorization_location | URL of the authorization endpoint. |
oauth.google.token_location | URL of the token endpoint. |
oauth.google.client_id | Client ID used for oauth. |
oauth.google.client_secret | Client secret used for oauth. |
oauth.google.redirect_uri | Structr endpoint for the service oauth authorization. |
oauth.google.user_details_resource_uri | Points to the user details endpoint of the service provider. |
oauth.google.error_uri | Structr redirects to this URI on unsuccessful authentication. |
oauth.google.return_uri | Structr redirects to this URI on successful authentification. |
oauth.google.scope | Specifies the scope of the authentifcation. |
Twitter
oauth.twitter.authorization_location | URL of the authorization endpoint. |
oauth.twitter.token_location | URL of the token endpoint. |
oauth.twitter.client_id | Client ID used for oauth. |
oauth.twitter.client_secret | Client secret used for oauth. |
oauth.twitter.redirect_uri | Structr endpoint for the service oauth authorization. |
oauth.twitter.error_uri | Structr redirects to this URI on unsuccessful authentication. |
oauth.twitter.return_uri | Structr redirects to this URI on successful authentification. |
oauth.twitter.scope | Specifies the scope of the authentifcation. |
Triggering the Authentication
Key | Description |
oauth.auth0.client_id | ClientId at provider. |
oauth.auth0.client_secret | Client Secret at provider. |
oauth.auth0.authorization_location | Redirect URI for the authentication process. |
oauth.auth0.token_location | Token URI of provider, called by Structr to optain access_token. |
oauth.auth0.redirect_uri | Called by provider on Structr application after successfull authentication. Triggers Structr to load userdata. |
oauth.auth0.user_details_resource_uri | URI of Oauth provider for user details e.g. username, eMail etc. |
oauth.auth0.error_uri | Error URI within Structr app. |
oauth.auth0.return_uri | Success URI called after successfull login. The resource of this URI usally is a landing page within your Structr application. |
jsonrestservlet.user.autocreate | Has to be set to enabled, so Structr can create usernode if they doesn’t exist yet. |
onOAuthLogin
Available in structr v4.2+
- Is called after a user successfully logs into the system via a configured OAuth provider
- can not prevent the login of a user
- Is called with the two parameters
provider
containing the OAuth provider name that was used for login and userinfo
containing the information pulled from the userinfo endpoint of the OAuth provider.
OAuth Settings
The OAuth Settings tab contains all configuration keys controlling the OAuth setup of the running Structr instance. In particular, Structr supports GitHub, Twitter, LinkedIn, Google and Facebook. The OAuth Settings tab is divided into the following subsections:
Visibility Flags
When the user accessing a node is no admin user and the first check didn’t return, Structr will check the two flags visibleToPublicUsers
and visibleToAuthenticatedUsers
on the data nodes themself. The flag visibleToPublicUsers
makes a node visible to all users, both to those who are authenticated and the non-authenticated ones. The flag visibleToAuthenticatedUsers
only makes a node visible to authenticated users.
General
oauth.servers | Space-seperated List of available oauth services. Defaults to “github twitter linkedin google facebook auth0”. |
Triggering the Authentication
The authentication with the configured provider can be triggered by redirecting the user to the link /oauth/<provider>/login
. For Auth0 the link would be /oauth/auth0/login
.
To redirect the user to this location, the simplest way is to add an anchor HTML tag to your webapplication with the href
attribute set to the location.
onSave
{
"before":{"visibleToAuthenticatedUsers":false,"visibleToPublicUsers":false},
"after":{"visibleToAuthenticatedUsers":true,"visibleToPublicUsers":true},
"added":{},
"removed":{}
}
Visibility
Since a page and all its elements are represented by nodes in the database, access to these elements can be controlled with the standard Structr node-level security model: each node has an owner and two switches that control read-only access, visibleToPublicUsers
and visibleToAuthenticatedUsers
.
Database Contents
Database objects can be made visible for all non-admin users with the visibleToAuthenticatedUsers
flag. Visible in this case implies the read
permission, i.e. the object appears in the result set, and all its local properties can be read. Please note that this flag does not imply visibility for anonymous users which is controlled by visibleToPublicUsers
.