Currently, simple oauth requires to you to store your keys in the filesystem and put the path to them within the module's config.

I'm thinking it might be worth integrating with the Key module so that users can optionally choose to use that to store their keys using any of its supported providers. This, for example, would enable users to store their keys in third-party off-site secure lockers such as Lockr.

Is there any interest in this?

Issue fork simple_oauth-3133698

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

  • 6.0.x Comparechanges, plain diff MR !45
  • 5.2.x Comparecompare
  • 6.x Comparecompare
  • simple_oauth-3133698-6.0.x Comparecompare
    • 1 hidden branch
  • 3133698-support-for-the Comparechanges, plain diff MR !44
About issue forks

Comments

nicrodgers created an issue. See original summary.

nicrodgers’s picture

nicrodgers
Primary language English
Location Monmouthshire, UK
commented

I think this would actually be difficult to implement given that the oauth2-server doesn't currently support taking keys directly, but requires the path to the files on the filesystem. See https://github.com/thephpleague/oauth2-server/issues/1007

bradjones1’s picture

bradjones1
Primary language English
commented
Version: 8.x-4.x-dev » 5.x-dev

afi13 made their first commit to this issue’s fork.

afi13 opened merge request !44

afi13’s picture

afi13 commented
Version: 5.x-dev » 6.0.x-dev

afi13 opened merge request !45

afi13 closed merge request !44

bojan_dev’s picture

bojan_dev commented
Status: Active » Needs work

I like the idea, thanks for sharing.
But the current MR wouldn't work because it's tightly coupled, so if you don't have the key module installed you will get errors.

I wonder if we should make the key module dependent in the 6.0, or implement a loose coupled implementation, e.g: a key service which gives the possibility to swap out the key storage.

@e0ipso & @bradjones1 what do you guys think?

afi13’s picture

afi13 commented
Status: Needs work » Active

Key module is used only if installed, why do you think you will have errors without the module? I've added moduleExists condition to the settings form, without the Key module installed you can't change the storage type. Of course, it can be done better and a solution with some key storage plugins or a service would be more flexible, but even now it should work without errors I guess.

bojan_dev’s picture

bojan_dev commented
Status: Active » Needs work

Key module is used only if installed, why do you think you will have errors without the module?

If you take a look on the 'AuthorizationServerFactory.php', 'ResourceServer.php' and 'simple_oauth.services.yml' files, you will see that you have added there the 'key.repository' service (which is defined in the key module) as a dependency on the constructors.

afi13’s picture

afi13 commented

oh, I see, you are right

kopeboy’s picture

kopeboy
Primary language Italian
Location Milan
commented
Issue summary: View changes

This would be very nice and I guess more secure!
(fixed Key module link)

Vasyl Manachynskyi made their first commit to this issue’s fork.

anicoto’s picture

anicoto
Primary language Spanish
Location Houston, TX
commented

I have this issue on a production site but this ticket haven't been updated in 2 years. I could try to rebase the branch but before that, have someone found a better workaround?

rakugaki made their first commit to this issue’s fork.

rakugaki’s picture

rakugaki commented

have updated the pr to work with current release.

but i don't think its really in a merge-able state.

need to remove the hard dependency on key and wrap all the key related stuff in `if ($moduleHandler->moduleExists('key'))`.... but i dont particularly want to invest time in that if there is little interest from other users and clear direction from the maintainers that its an acceptable solution.

edit: to anyone messing about with the pr, you will want to base64 encode the keys before putting them in your .env file. eg:

cat config/simple_oauth/keys/public.key | base64 -w 0