Qy/OakCloud Planet

2017-11-13 14:05| 发布者: andy| 查看: 152| 评论: 0

摘要: Welcome to ownCloud News, our contributor blog roll. ownCloud contributors should ask to get added!Opinions are the responsibility of those who express them. See our privacy policy.If you'd like to st ...

Welcome to ownCloud News, our contributor blog roll. ownCloud contributors should ask to get added!

Opinions are the responsibility of those who express them. See our privacy policy.

If you'd like to stay up to date with ownCloud news you could also subscribe to our newsletter!

Introducing OAuth2 secure authorization flow
October 25, 2017

We are happy to announce that ownCloud supports OAuth2 now!

OAuth2 is the open industry-standard protocol for secure authorization of Web APIs. It can be used as a way for users to grant web services or applications access to their data stored in ownCloud and the new generation of ownCloud Clients (Desktop/Android/iOS) fully supports OAuth2-based authorization. The use of OAuth2 in ownCloud greatly enhances security while facilitating the integration of third party applications or web services.

Brought to you by the Community

A student project at the University of Münster kicked this off: Students wanted to connect their ownCloud, powered by sciebo, to the Moodle learning platform. This awesome community project was later adopted, professionalized and stabilized by ownCloud engineers.

What is OAuth2 good for?

There are several use cases in ownCloud for the OAuth2 implementation:

First of all, with OAuth2 you can connect ownCloud clients (Desktop, Android, iOS) through a standardized and secure authorization flow. This enables on the one hand that clients or third party applications never get to know a user’s actual login credentials but automatically get a separate “password” or token, respectively. On the other hand such application-specific tokens can be revoked selectively enabling users to disconnect their authorized clients. When e.g. a device is lost, no passwords can be extracted from it and access to an ownCloud account can easily be revoked for this particular device by the user in self-service using ownCloud’s web interface.

Apart from that, OAuth2 provides a user authorization interface for developers to facilitate the integration of ownCloud in third party applications – this extends the possibilities for secure integration of ownCloud with other applications. That the authentication is now handled by the server makes integration of identity management services (SAML/SSO) easier, as clients just need to be authorized by the server. Previously all clients had to handle the whole authentication process themselves. Future support of various authentication protocols in ownCloud is highly facilitated as it can now be handled entirely by server-side implementations. Clients are authorized independently via OAuth2.

OAuth2 also introduces new possibilities for access control: In the future you will be able to use granular device- and application-specific access controls within an ownCloud account via OAuth Scopes. If you want your phone to only interact with files while other API endpoints (e.g. user management for administrator accounts) are only accessible using the “real” user credentials, you will be able to define access rights associated with applications. Furthermore read-only clients and even application-specific folder permissions (e.g. certain folders can’t be accessed via clients) are great use cases that can be realized based on OAuth2.

How to start using OAuth2

OAuth2 is designed to be the new default way of connecting clients to an ownCloud Server (basic authentication will still be possible for legacy WebDAV clients or when an ownCloud Server does not support OAuth2). It’s easy, seamless and the most secure method ever:

To connect the ownCloud clients you need a server which has the OAuth2 app installed and enabled. If this is the case, you can just open your ownCloud client, enter the address of your ownCloud and connect. Next the web view opens your ownCloud login page.


Now you have to enter your credentials and authorize the application. The ownCloud Server provides unique tokens (access and refresh tokens) to the client, so the client is authorized to start its operations.


Having completed this quick process an ownCloud client is connected instantly and operates as usual.

Platform feature status

OAuth2 v0.2 server-side (requires ownCloud Server 10.0.3 or later) released to ownCloud Marketplace (https://marketplace.owncloud.com/apps/oauth2)
ownCloud Android App 2.5.0 with OAuth2 support released (https://play.google.com/store/apps/details?id=com.owncloud.android)
ownCloud iOS App 3.7.0 with OAuth2 support upcoming (early November 2017)
ownCloud Desktop client 2.4.0 with OAuth2 support upcoming (early November 2017)

We recommend using OAuth2 for all ownCloud installations to make users’ lives easier and more secure.

Discuss this on central!

read more


oauth2是开放的工业标准协议的安全授权的Web API。它可以作为用户授权的Web服务或应用程序访问他们的数据存储在云,ownCloud客户新一代的方式(桌面/ Android / iOS)完全支持基于oauth2授权。在对oauth2 ownCloud的使用极大地增强了安全性,便于集成第三方应用程序或Web服务。


有实施的oauth2 ownCloud几个使用案例:





连接需要服务器已安装并启用应用程序的oauth2 ownCloud客户端。如果是这样的话,你可以打开你的ownCloud客户端,输入你的地址和连接的云。下一个Web视图中打开你的ownCloud登录页面。




oauth2 v0.2服务器端(需要ownCloud服务器10.0.3或以后)发布ownCloud市场(https://marketplace.owncloud.com/apps/oauth2)
ownCloud的Android应用程序与oauth2 2.5.0发布的支持(https://play.google.com/store/apps/details?ID=com. ownCloud Android)。
ownCloud ios 3.7.0与oauth2支持即将到来的(2017年11月上旬)