Custom OAuth

fonctionnalité

#1

What did you do?

I’m actually developing an OAuth connector for Enedis API. Everything is working with your konnector dev flow (standalone mode and dev mode). By providing the access_token in the konnector.dev everything is fine.

By reading your documentation, I’ve seen that the cozy-stack is implementing the OAuth flow itself: https://docs.cozy.io/en/cozy-stack/auth/#what-about-oauth2

What happened?

By reading Enedis API documentation, i saw that their implementation of OAuth 2.0 flow is a bit custom…

  • They want a duration param on their /authorization endpoint
  • They give back the code + an id required for every data query.

My question is simple, is there a way to override the stack OAuth flow ? Or is it possible for you to implement parameters for developers using the OAuth flow of the stack ?


#2

Hello,

it would be very nice to have a connector for the Enedis API. Thanks for your work!

I’m Bruno and I works on the stack (the server part of Cozy). The OAuth flow is implemented in the stack in two different ways:

  • it can be a provider (for example, we can have a browser extension that can use the stack API to consume or put data in a Cozy by authenticating via OAuth)
  • it can be a client for external services to help the connectors authenticate to those services.

In your case, it is the latter, and it is documented here: https://docs.cozy.io/en/cozy-stack/konnectors-workflow/#oauth-and-service-secrets. In practice, the stack will use a document in CouchDB to know the configuration of the external services.

My question is simple, is there a way to override the stack OAuth flow ?

Currently, it is not possible. It is something I’d like to add, but it’s not yet a priority.

Or is it possible for you to implement parameters for developers using the OAuth flow of the stack ?

It is possible to add parameters to the stack. But the good news is that I think it is not necessary. Let’s see:

They want a duration param on their /authorization endpoint

When configuring the authorize endpoint in the CouchDB document, you can use an URL with query string parameters, like https://api.enedis.com/oauth2/authorize?duration=1Y.

They give back the code + an id required for every data query.

The stack read the whole JSON response on the token endpoint, and puts the things that is not the standard fields in the extras section of the account. So, the id should be readable by the connector.

I haven’t tested those 2 tricks, so don’t hesitate to ask us if you have any issue.


#3

Hi!

First thank you for the tricks and explanations. I had a little bit of time today to test my solution with your reply.

Your first trick seems to work great! However, I have an issue that cannot allow me to test the last point… In the manifest, in order to enable the OAuth, I have add the following line according to your documentation:

“oauth”: { “scope”;: [] }

The problem is that enedis authorize endpoint is currently not supporting this parameter … I have a 500 issue even with tools like postman.

I tried a bunch of things : to remove it, to put enedis real endpoint url… but the stack seems to really need it order to work. When I remove it from the manifest I can see the scope parameter set to undefined in the request (see the following example):

https://gw.hml.api.enedis.fr/group/espace-particuliers/consentement-linky/oauth2/authorize?client_id=***;duration=P6M;redirect_uri=***;response_type=code;scope=undefined;state=***

So my question is simple: Do I miss something on how to disable this parameter? Is it even possible?


#4

We did not see this problem before. Here is a PR on harvest (which is used by the home application) which will allow you to set :

“oauth”: { “scope”: [] }

and the scope parameter will be removed from the url. But you will have to wait for nexthome application version and also next version of the stack for this to work properly.


#5

And I have also made a change in the stack: https://github.com/cozy/cozy-stack/commit/df25a5dac4c51a963382c26f7847bd9a1b569aef