Skip to content

Commit

Permalink
chore: add docs how to obtain bearer token (#6328)
Browse files Browse the repository at this point in the history
* chore: add docs how to obtain bearer token

* Added configurable ttl to settings

---------

Co-authored-by: SamTV12345 <[email protected]>
  • Loading branch information
webzwo0i and SamTV12345 authored Apr 29, 2024
1 parent 70a536c commit 8a76d2c
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 9 deletions.
6 changes: 5 additions & 1 deletion doc/api/http_api.md
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ Responses are valid JSON in the following format:

### Authentication

Authentication works via an OAuth token that is sent with each request as a post parameter. You can add new clients that can sign in via the API by adding new entries to the sso section in the settings.json.
Authentication works via an OAuth token that is sent with each request as an Authorization header, i.e. `Authorization: Bearer YOUR_TOKEN`. You can add new clients that can sign in via the API by adding new entries to the sso section in the settings.json.


#### Example for browser login clients
Expand Down Expand Up @@ -200,6 +200,10 @@ E.g. a service that creates a pad for a user or a service that inserts a text in
}
```

Obtain a Bearer token:

`curl --request POST --url 'https://your.server.tld/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials`


### Node Interoperability

Expand Down
13 changes: 12 additions & 1 deletion settings.json.docker
Original file line number Diff line number Diff line change
Expand Up @@ -669,5 +669,16 @@
"redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
}
]
}
},

/* Set the time to live for the tokens
This is the time of seconds a user is logged into Etherpad
"ttl": {
"AccessToken": 3600,
"AuthorizationCode": 600,
"ClientCredentials": 3600,
"IdToken": 3600,
"RefreshToken": 86400
}
*/
}
11 changes: 11 additions & 0 deletions settings.json.template
Original file line number Diff line number Diff line change
Expand Up @@ -671,4 +671,15 @@
}
]
}

/* Set the time to live for the tokens
This is the time of seconds a user is logged into Etherpad
"ttl": {
"AccessToken": 3600,
"AuthorizationCode": 600,
"ClientCredentials": 3600,
"IdToken": 3600,
"RefreshToken": 86400
}
*/
}
8 changes: 1 addition & 7 deletions src/node/security/OAuth2Provider.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,7 @@ const configuration: Configuration = {
} as Account
}
},
ttl:{
AccessToken: 1 * 60 * 60, // 1 hour in seconds
AuthorizationCode: 10 * 60, // 10 minutes in seconds
ClientCredentials: 1 * 60 * 60, // 1 hour in seconds
IdToken: 1 * 60 * 60, // 1 hour in seconds
RefreshToken: 1 * 24 * 60 * 60, // 1 day in seconds
},
ttl: settings.ttl,
claims: {
openid: ['sub'],
email: ['email'],
Expand Down
10 changes: 10 additions & 0 deletions src/node/utils/Settings.ts
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,16 @@ exports.title = 'Etherpad';
*/
exports.favicon = null;

exports.ttl = {
AccessToken: 1 * 60 * 60, // 1 hour in seconds
AuthorizationCode: 10 * 60, // 10 minutes in seconds
ClientCredentials: 1 * 60 * 60, // 1 hour in seconds
IdToken: 1 * 60 * 60, // 1 hour in seconds
RefreshToken: 1 * 24 * 60 * 60, // 1 day in seconds
}



/*
* Skin name.
*
Expand Down

0 comments on commit 8a76d2c

Please sign in to comment.