You have been redirected from an outdated version of the article. Below is the content available on this topic. To view the old article click here.

OAuth

Structr has built-in user authentication against internally stored user data and supports external authentication over OAuth.

Structr supports the following OAuth services:

Twitter (OAuth 1a)
Facebook, Google, GitHub, LinkedIn (all OAuth 2.0)

To configure external authentication, you need to properly configure the services in structr.conf.

If using the built-in authentication, a user node will be created. Structr never stores clear-text passwords to authenticate a user at login but only a salted SHA-512 hash.

OAuth

Structr supports the OAuth2 and OAuth1A (Twitter) authentication schemes. In order to make external authentication work over OAuth, you need to configure the services you want to use. Please check the URLs and enter the credentials provided by the respective authentication service provider.

The following pages provide details on how to configure OAuth for the different services:

Twitter	https://dev.twitter.com/docs/auth/oauth
Google	https://developers.google.com/accounts/docs/OAuth2
Facebook	https://developers.facebook.com/docs/reference/dialogs/oauth/
LinkedIn	https://developer.linkedin.com/documents/authentication
GitHub	https://developer.github.com/v3/oauth/

Please check the URLs and enter the credentials provided by the respective authentication service provider like this.

oauth.github.authorization_location = https://github.com/login/oauth/authorize
oauth.github.token_location = https://github.com/login/oauth/access_token
oauth.github.client_id = 
oauth.github.client_secret = 
oauth.github.redirect_uri = /oauth/github/auth
oauth.github.user_details_resource_uri = https://api.github.com/user/emails
oauth.github.error_uri = /login
oauth.github.return_uri = /

Search results for "OAuth"

Auth0

oauth.oauth.authorization_location	URL of the authorization endpoint.
oauth.oauth.token_location	URL of the token endpoint.
oauth.oauth.client_id	Client ID used for oauth.
oauth.oauth.client_secret	Client secret used for oauth.
oauth.oauth.redirect_uri	Structr endpoint for the service oauth authorization.
oauth.oauth.user_details_resource_uri	Points to the user details endpoint of the service provider.
oauth.oauth.error_uri	Structr redirects to this URI on unsuccessful authentication.
oauth.oauth.return_uri	Structr redirects to this URI on successful authentification.
oauth.oauth.scope	Specifies the scope of the authentifcation.

Configuration Settings: Auth0

oauth.linkedin.authorization_location	URL of the authorization endpoint.
oauth.linkedin.token_location	URL of the token endpoint.
oauth.linkedin.client_id	Client ID used for oauth.
oauth.linkedin.client_secret	Client secret used for oauth.
oauth.linkedin.redirect_uri	Structr endpoint for the service oauth authorization.
oauth.linkedin.user_details_resource_uri	Points to the user details endpoint of the service provider.
oauth.linkedin.user_profile_resource_uri	Points to the user profile endpoint of the service provider.
oauth.linkedin.error_uri	Structr redirects to this URI on unsuccessful authentication.
oauth.linkedin.return_uri	Structr redirects to this URI on successful authentification.
oauth.linkedin.scope	Specifies the scope of the authentifcation.

Configuration Settings: LinkedIn

Github

oauth.github.authorization_location	URL of the authorization endpoint.
oauth.github.token_location	URL of the token endpoint.
oauth.github.client_id	Client ID used for oauth.
oauth.github.client_secret	Client secret used for oauth.
oauth.github.redirect_uri	Structr endpoint for the service oauth authorization.
oauth.github.user_details_resource_uri	Points to the user details endpoint of the service provider.
oauth.github.error_uri	Structr redirects to this URI on unsuccessful authentication.
oauth.github.return_uri	Structr redirects to this URI on successful authentification.
oauth.github.scope	Specifies the scope of the authentifcation.

Configuration Settings: Github

Facebook

oauth.facebook.authorization_location	URL of the authorization endpoint.
oauth.facebook.token_location	URL of the token endpoint.
oauth.facebook.client_id	Client ID used for oauth.
oauth.facebook.client_secret	Client secret used for oauth.
oauth.facebook.redirect_uri	Structr endpoint for the service oauth authorization.
oauth.facebook.user_details_resource_uri	Points to the user details endpoint of the service provider.
oauth.facebook.error_uri	Structr redirects to this URI on unsuccessful authentication.
oauth.facebook.return_uri	Structr redirects to this URI on successful authentification.
oauth.facebook.scope	Specifies the scope of the authentifcation.

Configuration Settings: Facebook

Google

oauth.google.authorization_location	URL of the authorization endpoint.
oauth.google.token_location	URL of the token endpoint.
oauth.google.client_id	Client ID used for oauth.
oauth.google.client_secret	Client secret used for oauth.
oauth.google.redirect_uri	Structr endpoint for the service oauth authorization.
oauth.google.user_details_resource_uri	Points to the user details endpoint of the service provider.
oauth.google.error_uri	Structr redirects to this URI on unsuccessful authentication.
oauth.google.return_uri	Structr redirects to this URI on successful authentification.
oauth.google.scope	Specifies the scope of the authentifcation.

Configuration Settings: Google

Twitter

oauth.twitter.authorization_location	URL of the authorization endpoint.
oauth.twitter.token_location	URL of the token endpoint.
oauth.twitter.client_id	Client ID used for oauth.
oauth.twitter.client_secret	Client secret used for oauth.
oauth.twitter.redirect_uri	Structr endpoint for the service oauth authorization.
oauth.twitter.error_uri	Structr redirects to this URI on unsuccessful authentication.
oauth.twitter.return_uri	Structr redirects to this URI on successful authentification.
oauth.twitter.scope	Specifies the scope of the authentifcation.

Configuration Settings: Twitter

Triggering the Authentication

Key	Description
`oauth.auth0.client_id`	ClientId at provider.
`oauth.auth0.client_secret`	Client Secret at provider.
`oauth.auth0.authorization_location`	Redirect URI for the authentication process.
`oauth.auth0.token_location`	Token URI of provider, called by Structr to optain access_token.
`oauth.auth0.redirect_uri`	Called by provider on Structr application after successfull authentication. Triggers Structr to load userdata.
`oauth.auth0.user_details_resource_uri`	URI of Oauth provider for user details e.g. username, eMail etc.
`oauth.auth0.error_uri`	Error URI within Structr app.
`oauth.auth0.return_uri`	Success URI called after successfull login. The resource of this URI usally is a landing page within your Structr application.
`jsonrestservlet.user.autocreate`	Has to be set to enabled, so Structr can create usernode if they doesn’t exist yet.

Handling User Sessions: Triggering the Authentication

onOAuthLogin

Available in structr v4.2+

Is called after a user successfully logs into the system via a configured OAuth provider
can not prevent the login of a user
Is called with the two parameters provider containing the OAuth provider name that was used for login and userinfo containing the information pulled from the userinfo endpoint of the OAuth provider.

Advanced Topics: onOAuthLogin

OAuth Settings

The OAuth Settings tab contains all configuration keys controlling the OAuth setup of the running Structr instance. In particular, Structr supports GitHub, Twitter, LinkedIn, Google and Facebook. The OAuth Settings tab is divided into the following subsections:

Configuration Settings: OAuth Settings

Visibility Flags

When the user accessing a node is no admin user and the first check didn’t return, Structr will check the two flags visibleToPublicUsers and visibleToAuthenticatedUsers on the data nodes themself. The flag visibleToPublicUsers makes a node visible to all users, both to those who are authenticated and the non-authenticated ones. The flag visibleToAuthenticatedUsers only makes a node visible to authenticated users.

Fundamental Concepts: Visibility Flags

General

oauth.servers	Space-seperated List of available oauth services. Defaults to “github twitter linkedin google facebook auth0”.

Configuration Settings: General

Triggering the Authentication

The authentication with the configured provider can be triggered by redirecting the user to the link /oauth/<provider>/login. For Auth0 the link would be /oauth/auth0/login.

To redirect the user to this location, the simplest way is to add an anchor HTML tag to your webapplication with the href attribute set to the location.

Handling User Sessions: Triggering the Authentication

onSave

{
	"before":{"visibleToAuthenticatedUsers":false,"visibleToPublicUsers":false},
	"after":{"visibleToAuthenticatedUsers":true,"visibleToPublicUsers":true},
	"added":{},
	"removed":{}
}

Advanced Topics: onSave

Visibility

Since a page and all its elements are represented by nodes in the database, access to these elements can be controlled with the standard Structr node-level security model: each node has an owner and two switches that control read-only access, visibleToPublicUsers and visibleToAuthenticatedUsers.

Fundamental Concepts: Visibility

Database Contents

Database objects can be made visible for all non-admin users with the visibleToAuthenticatedUsers flag. Visible in this case implies the read permission, i.e. the object appears in the result set, and all its local properties can be read. Please note that this flag does not imply visibility for anonymous users which is controlled by visibleToPublicUsers.

REST Guide: Database Contents