Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document dynamic client auth #16

Open
TimothyBJacobs opened this issue May 7, 2020 · 2 comments
Open

Document dynamic client auth #16

TimothyBJacobs opened this issue May 7, 2020 · 2 comments
Assignees
Labels
documentation Improvements or additions to documentation

Comments

@TimothyBJacobs
Copy link
Member

To use a dynamic client, make the same OAuth connection request but substitute a JWT Software Statement for the client_id parameter. At the moment, the JWT should be signed with HS256 and password as the secret ( this will be changed ).

The flow will continue as normal. When the user is redirected back to the redirect_uri it will include a client_id parameter in addition to authorization code or token.

@TimothyBJacobs TimothyBJacobs added the documentation Improvements or additions to documentation label May 7, 2020
@TimothyBJacobs TimothyBJacobs self-assigned this May 7, 2020
@TimothyBJacobs
Copy link
Member Author

An example software statement:

{
  "software_id": "A uuid",
  "redirect_uris": [
    "https://example.org/oauth"
  ],
  "client_name": "Your Client"
}

@TimothyBJacobs
Copy link
Member Author

Software statements can now be unsecured, ie with a "none" algorithm instead of the dummy password we had.

I've also added a WP CLI command to assist in generating the software statement. Example usage:

usage: wp oauth2 create-software-statement <client_uri> [<software_id>] --client_name=<client_name> --redirect_uri=<redirect_uri> [--<field>=<value>]
$ wp oauth2 create-software-statement https://timothybjacobs.com --client_name="My App" --redirect_uri="https://timothybjacobs.com/oauth"
Generated software id: 9d2f6eba-2b66-4fbc-9d31-63edd7a6b2f9
Success: Generated Statement: "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjbGllbnRfdXJpIjoiaHR0cHM6XC9cL3RpbW90aHliamFjb2JzLmNvbSIsInNvZnR3YXJlX2lkIjoiOWQyZjZlYmEtMmI2Ni00ZmJjLTlkMzEtNjNlZGQ3YTZiMmY5IiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczpcL1wvdGltb3RoeWJqYWNvYnMuY29tXC9vYXV0aCJdLCJjbGllbnRfbmFtZSI6Ik15IEFwcCJ9."

It spits out a software id you can use as your client_id when making a connect request. Note the trailing . is part of the JWT.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

No branches or pull requests

1 participant