Qy/OakCloud Planet

2017-11-13 14:05| 发布者: andy| 查看: 152| 评论: 0

摘要: Welcome to ownCloud News, our contributor blog roll. ownCloud contributors should ask to get added!Opinions are the responsibility of those who express them. See our privacy policy.If you'd like to st ...


Welcome to ownCloud News, our contributor blog roll. ownCloud contributors should ask to get added!

Opinions are the responsibility of those who express them. See our privacy policy.

If you'd like to stay up to date with ownCloud news you could also subscribe to our newsletter!

ownCloud
Introducing OAuth2 secure authorization flow
October 25, 2017

We are happy to announce that ownCloud supports OAuth2 now!

OAuth2 is the open industry-standard protocol for secure authorization of Web APIs. It can be used as a way for users to grant web services or applications access to their data stored in ownCloud and the new generation of ownCloud Clients (Desktop/Android/iOS) fully supports OAuth2-based authorization. The use of OAuth2 in ownCloud greatly enhances security while facilitating the integration of third party applications or web services.


Brought to you by the Community

A student project at the University of Münster kicked this off: Students wanted to connect their ownCloud, powered by sciebo, to the Moodle learning platform. This awesome community project was later adopted, professionalized and stabilized by ownCloud engineers.

What is OAuth2 good for?

There are several use cases in ownCloud for the OAuth2 implementation:

First of all, with OAuth2 you can connect ownCloud clients (Desktop, Android, iOS) through a standardized and secure authorization flow. This enables on the one hand that clients or third party applications never get to know a user’s actual login credentials but automatically get a separate “password” or token, respectively. On the other hand such application-specific tokens can be revoked selectively enabling users to disconnect their authorized clients. When e.g. a device is lost, no passwords can be extracted from it and access to an ownCloud account can easily be revoked for this particular device by the user in self-service using ownCloud’s web interface.

Apart from that, OAuth2 provides a user authorization interface for developers to facilitate the integration of ownCloud in third party applications – this extends the possibilities for secure integration of ownCloud with other applications. That the authentication is now handled by the server makes integration of identity management services (SAML/SSO) easier, as clients just need to be authorized by the server. Previously all clients had to handle the whole authentication process themselves. Future support of various authentication protocols in ownCloud is highly facilitated as it can now be handled entirely by server-side implementations. Clients are authorized independently via OAuth2.

OAuth2 also introduces new possibilities for access control: In the future you will be able to use granular device- and application-specific access controls within an ownCloud account via OAuth Scopes. If you want your phone to only interact with files while other API endpoints (e.g. user management for administrator accounts) are only accessible using the “real” user credentials, you will be able to define access rights associated with applications. Furthermore read-only clients and even application-specific folder permissions (e.g. certain folders can’t be accessed via clients) are great use cases that can be realized based on OAuth2.

How to start using OAuth2

OAuth2 is designed to be the new default way of connecting clients to an ownCloud Server (basic authentication will still be possible for legacy WebDAV clients or when an ownCloud Server does not support OAuth2). It’s easy, seamless and the most secure method ever:

To connect the ownCloud clients you need a server which has the OAuth2 app installed and enabled. If this is the case, you can just open your ownCloud client, enter the address of your ownCloud and connect. Next the web view opens your ownCloud login page.

 

Now you have to enter your credentials and authorize the application. The ownCloud Server provides unique tokens (access and refresh tokens) to the client, so the client is authorized to start its operations.


 

Having completed this quick process an ownCloud client is connected instantly and operates as usual.

Platform feature status

OAuth2 v0.2 server-side (requires ownCloud Server 10.0.3 or later) released to ownCloud Marketplace (https://marketplace.owncloud.com/apps/oauth2)
ownCloud Android App 2.5.0 with OAuth2 support released (https://play.google.com/store/apps/details?id=com.owncloud.android)
ownCloud iOS App 3.7.0 with OAuth2 support upcoming (early November 2017)
ownCloud Desktop client 2.4.0 with OAuth2 support upcoming (early November 2017)
 

We recommend using OAuth2 for all ownCloud installations to make users’ lives easier and more secure.

Discuss this on central!

read more
-----------------------------------------------------------------------

我们很高兴的宣布,ownCloud支持oauth2现在!

oauth2是开放的工业标准协议的安全授权的Web API。它可以作为用户授权的Web服务或应用程序访问他们的数据存储在云,ownCloud客户新一代的方式(桌面/ Android / iOS)完全支持基于oauth2授权。在对oauth2 ownCloud的使用极大地增强了安全性,便于集成第三方应用程序或Web服务。

社区
在大学我ü明斯特踢了一个学生项目:学生想连接自己的云,由sciebo,对Moodle学习平台。这个可怕的社区项目后来被采纳,专业化和稳定的ownCloud工程师。

什么是oauth2好吗?
有实施的oauth2 ownCloud几个使用案例:
首先,与oauth2可以连接ownCloud客户端(台式机、Android、iOS)通过规范和安全认证流程。这使得一方面客户端或第三方应用程序永远不知道用户的实际登录凭据,而是自动获得单独的“密码”或令牌。另一方面,这种特定于应用程序的令牌可以选择性地撤销,从而允许用户断开它们的授权客户机。当一个设备丢失,没有密码,可以从中提取并获得一个ownCloud账户很容易被吊销这个特殊的装置中使用的Web界面的用户自助服务的云。

除此之外,oauth2为开发者提供了一种方便第三方应用集成接口–ownCloud用户授权延伸的可能性,确保与其他应用程序集成的云。现在,认证服务器处理的是身份管理服务一体化(SAML/SSO)更容易,客户只需要通过服务器授权。以前,所有客户机都必须自己处理整个身份验证过程。在各种认证协议支持ownCloud未来非常方便因为它现在可以通过服务器端的实现完全管理。客户授权独立通过oauth2。

oauth2还介绍了访问控制的新的可能性:在未来,你将能够使用颗粒的装置和应用程序特定的访问控制在ownCloud帐户通过OAuth范围。如果您希望您的手机只与文件交互,而其他API端点(例如管理员帐户的用户管理)只能使用“真正的”用户凭据访问,您将能够定义与应用程序相关的访问权限。此外,只读的客户甚至是特定于应用程序的文件夹的权限(例如某些文件夹不能访问客户)是伟大的使用案例,可以实现基于oauth2。

如何开始使用oauth2

oauth2设计为客户端连接到服务器默认的ownCloud的新途径(基本认证仍然可以遗留WebDAV客户端或当ownCloud服务器不支持oauth2)。它是容易的,无缝的和最安全的方法:

连接需要服务器已安装并启用应用程序的oauth2 ownCloud客户端。如果是这样的话,你可以打开你的ownCloud客户端,输入你的地址和连接的云。下一个Web视图中打开你的ownCloud登录页面。

现在您必须输入您的凭据并授权应用程序。的ownCloud服务器提供了独特的标记(访问和刷新令牌)给客户,让客户授权开始运作。

在完成这个快速过程的ownCloud客户端连接即时运作如常。

平台的功能状态

oauth2 v0.2服务器端(需要ownCloud服务器10.0.3或以后)发布ownCloud市场(https://marketplace.owncloud.com/apps/oauth2)
ownCloud的Android应用程序与oauth2 2.5.0发布的支持(https://play.google.com/store/apps/details?ID=com. ownCloud Android)。
ownCloud ios 3.7.0与oauth2支持即将到来的(2017年11月上旬)
ownCloud桌面客户端2.4.0与oauth2支持即将到来的(2017年11月上旬)

我们建议使用oauth2所有ownCloud设备让用户的生活更轻松、更安全。


吃惊

伤心

期待


最新评论

相关分类

 
QQ在线咨询
售前咨询热线
13435808100
售后服务热线
13435808100
返回顶部