Advertising sustains the DA. Ads are hidden for members. Join today

On this page

Authorization methods

Last updated on
3 March 2023

In the 8.x-3.x branch, authorization plugins have been introduced to allow you to choose which authorization method you want to use.

Authorization methods

Anonymous

No configuration required. The server website will be requested as an anonymous user.

If the server website is behind HTTP Password protection, you can provide a username and password that will be used for that.

The anonymous role on the server website should have the "Access channels list" permission to be able to access the content.

Basic auth

Set the username and password of the Drupal user on the server website that will be used for authentication.

The user on the server website should have the "Access channels list" permission to be able to access the content.

Header

Set an HTTP header name and value that will be added to requests against the server website.

Oauth2

The Simple Oauth (> 8.x-4.5) module is recommended to provide an Oauth server on the server website.

Read its documentation on how to setup the module.

In addition to the Simple Oauth module setup, here are the extra steps for Entity Share:

Server website

When setting up your consumer:

  • in "User" field, select the user you want to use, for example: my_user
  • in "New secret", set an arbitrary value, for example: 123456
  • in "Scope", the role which you have created needs to have "Access channels list" and the "Grant OAuth2 codes" permissions.

Client website

When selecting "Oauth2" authorization methods, for this example, we will use "Local storage":

  1. "Username" and "Password" fields have to be the same as for the user in consumer settings on the server website. For example: my_user, my_password
  2. "Client ID":
    1. Simple Oauth 8.x-4.x: it is the consumer UUID that you can obtain on the server website on /admin/config/services/consumer
    2. Simple Oauth 5.2.x: it is the consumer Client ID that you can obtain on the server website on /admin/config/services/consumer
  3. "Client Secret": it is the same as "New Secret" in Consumer Settings. For example: 123456
  4. "Authorization path on the remote website": you can use the default value
  5. "Token path on the remote website": you can use the default value
  6. Save settings and you shall see the message "OAuth token obtained from remote website and stored."

Key module integration

The module provides an optional integration with the Key module.

Here is the page about the concepts and terminology of the Key module.

Credentials used to authorize pulling from remotes may be more securely stored using the Key module. Additional optional modules allow the storage in an external key/value storage service. With only the Key module, credentials may be stored in JSON format in files outside the web root.

  1. Configure Keys: Key types for Entity Share are listed in Key config form (/admin/config/system/keys). Instructions for each type are shown in the form.
  2. Create a remote and select Key module as the credential provider, then select the appropriate key.

Help improve this page

Page status: No known problems

You can: