https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292017-01-18T16:57:13ZRedmineRedmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=760942017-01-18T16:57:13ZJan from Planio www.plan.io
<ul><li><strong>File</strong> <a href="/attachments/17529">authorized_apps.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17529/authorized_apps.png">authorized_apps.png</a> added</li><li><strong>File</strong> <a href="/attachments/17528">my_account.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17528/my_account.png">my_account.png</a> added</li><li><strong>File</strong> <a href="/attachments/17530">auth_prompt.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17530/auth_prompt.png">auth_prompt.png</a> added</li><li><strong>File</strong> <a href="/attachments/17531">apps.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17531/apps.png">apps.png</a> added</li><li><strong>File</strong> <a href="/attachments/17533">0001-Use-named-routes-for-search-in-base-layout.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17533/0001-Use-named-routes-for-search-in-base-layout.patch">0001-Use-named-routes-for-search-in-base-layout.patch</a> added</li><li><strong>File</strong> <a href="/attachments/17534">0002-Prevent-hash-type-URLs-from-being-namespaced-in-Menu.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17534/0002-Prevent-hash-type-URLs-from-being-namespaced-in-Menu.patch">0002-Prevent-hash-type-URLs-from-being-namespaced-in-Menu.patch</a> added</li><li><strong>File</strong> <i>0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</i> added</li><li><strong>File</strong> <a href="/attachments/17536">0004-Redmine-style-UI-for-Doorkeeper-OAuth2-provider.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17536/0004-Redmine-style-UI-for-Doorkeeper-OAuth2-provider.patch">0004-Redmine-style-UI-for-Doorkeeper-OAuth2-provider.patch</a> added</li><li><strong>File</strong> <a href="/attachments/17537">0005-Add-optional-scope-parameter-to-Role-allowed_to.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17537/0005-Add-optional-scope-parameter-to-Role-allowed_to.patch">0005-Add-optional-scope-parameter-to-Role-allowed_to.patch</a> added</li><li><strong>File</strong> <a href="/attachments/17538">0006-Use-Redmine-s-permissions-as-OAuth2-scopes.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17538/0006-Use-Redmine-s-permissions-as-OAuth2-scopes.patch">0006-Use-Redmine-s-permissions-as-OAuth2-scopes.patch</a> added</li><li><strong>Status</strong> changed from <i>New</i> to <i>Needs feedback</i></li><li><strong>Assignee</strong> deleted (<del><i>Jan from Planio www.plan.io</i></del>)</li></ul><p>The attached patch series implements full OAuth2 provider support for Redmine.</p>
<a name="Background"></a>
<h2 >Background<a href="#Background" class="wiki-anchor">¶</a></h2>
<p>OAuth2 is a widely adopted protocol for granting access to API client applications. More information can be found here:</p>
<ul>
<li><a class="external" href="https://oauth.net/2/">https://oauth.net/2/</a></li>
<li><a class="external" href="https://aaronparecki.com/2012/07/29/2/oauth2-simplified">https://aaronparecki.com/2012/07/29/2/oauth2-simplified</a></li>
</ul>
<a name="Screenshots"></a>
<h2 >Screenshots<a href="#Screenshots" class="wiki-anchor">¶</a></h2>
<p>Here are a few screenshots that show how it looks like:</p>
<p><img src="https://www.redmine.org/attachments/download/17531/apps.png" style="width:500px;" alt="" /><br /><em>Admins are able to create/modify/delete OAuth2 client apps from the user interface.</em></p>
<p><img src="https://www.redmine.org/attachments/download/17459/redmine_oauth2_provider.png" style="width:500px;" alt="" /><br /><em>OAuth2 App credentials are generated and can then be used in API clients.</em></p>
<p><img src="https://www.redmine.org/attachments/download/17530/auth_prompt.png" style="width:500px;" alt="" /><br /><em>In order for an App to gain access to Redmine, it must ask the user for permission.</em></p>
<p><img src="https://www.redmine.org/attachments/download/17528/my_account.png" style="width:500px;" alt="" /><br /><em>Regular users are able to see which apps currently have access to their data from their <strong>My Account</strong> area.</em></p>
<p><img src="https://www.redmine.org/attachments/download/17529/authorized_apps.png" style="width:500px;" alt="" /><br /><em>Regular users are able to revoke access to individual apps.</em></p>
<a name="Live-Demo"></a>
<h2 >Live Demo<a href="#Live-Demo" class="wiki-anchor">¶</a></h2>
<p>We are providing a live demo server and client via these links:</p>
<a name="httpsserverredmine-oauthplanioorg"></a>
<h3 ><a class="external" href="https://server.redmine-oauth.planio.org">https://server.redmine-oauth.planio.org</a><a href="#httpsserverredmine-oauthplanioorg" class="wiki-anchor">¶</a></h3>
<p>Username/Password is <code>admin:oauth2</code>. The content on this server will be reset every 60 minutes. Feel free to create your own OAuth2 applications via the <a href="https://server.redmine-oauth.planio.org/oauth/applications" class="external">Admin section</a>, but please don't modify/delete the "Sinatra Client App".</p>
<a name="httpsclientredmine-oauthplanioorg"></a>
<h3 ><a class="external" href="https://client.redmine-oauth.planio.org">https://client.redmine-oauth.planio.org</a><a href="#httpsclientredmine-oauthplanioorg" class="wiki-anchor">¶</a></h3>
<p>You can use this app to try out the authentication/authorization flow. Feel free to create your own user accounts on the Redmine server for this.</p>
<p>The <code>/issues</code> API will only work if the <code>view_issues</code> scope is requested. If only the standard scopes are requested, you will see an error here (on purpose).</p>
<p>Feel free to download the client app code from our <a href="https://support.plan.io/projects/redmine-oauth2-client/repository" class="external">Planio repository</a> to try out everything locally.</p>
<a name="The-patch-series"></a>
<h2 >The patch series<a href="#The-patch-series" class="wiki-anchor">¶</a></h2>
<ul>
<li><code>0001</code> changes the base layout to use named routes. The old hash-style routes (e.g. <code>{controller => 'search', :action => 'index'}</code>) would get namespaced when the layout is used in a namespaced controller in a plugin or engine which is the case with the Doorkeeper gem introduced later.</li>
<li><code>0002</code> changes the MenuManager in a similar way and prevents the rendered menu links from getting namespaced in the above scenario.</li>
<li><code>0003</code> adds the Doorkeeper Gem and integrates it with Redmine in the relevant places. You could apply patches <code>0001</code>-<code>0003</code> only to get functioning OAuth2 provider support already. In detail, what happens is:
<ul>
<li><code>Gemfile</code> - Gem is added in</li>
<li><code>app/controllers/application_controller.rb</code> - Doorkeeper is used as a new optional authentication mechanism that is tried when regular Redmine API auth fails</li>
<li><code>app/views/my/account.html.erb</code> - Link to Doorkeeper's views for managing a user's authorized apps</li>
<li><code>config/initializers/doorkeeper.rb</code> - <a href="https://github.com/doorkeeper-gem/doorkeeper#configuration" class="external">Configure Doorkeeper</a> so that it ties in with Redmine's user and admin authentication</li>
<li><code>config/routes.rb</code> - Add Doorkeeper specific routes and <code>root_url</code> which is needed by it</li>
<li><code>db/migrate/20170107092155_create_doorkeeper_tables.rb</code> - Migrations to add Doorkeeper tables</li>
<li><code>lib/redmine.rb</code> - Link to Doorkeeper's views for managing available apps within the admin section</li>
<li><code>public/stylesheets/application.css</code> - Icon for Apps</li>
<li><code>test/unit/lib/redmine/i18n_test.rb</code> - Fix locale counting in tests because doorkeeper-i18n introduces languages unknown to Redmine</li>
</ul>
</li>
<li><code>0004</code> - integrates Doorkeeper further by overriding all views with Redmine compatible markup and makes use of Redmine's <code>deny_access</code> and <code>require_login</code> methods which become available once the Doorkeeper controllers are set to inherit from Redmine's <code>ApplicationController</code></li>
<li><code>0005</code> - changes <code>Role#allowed_to?</code> so that it can accept an optional <code>scope</code> parameter which can be an array of permission symbols that will be used as a logical <code>AND</code> filter.</li>
<li><code>0006</code> - Allows OAuth2 client apps to use Redmine permissions as <a href="https://tools.ietf.org/html/rfc6749#section-3.3" class="external">Scopes in the sense of OAuth2</a>. This way, admins and application developers can limit the abilities of client apps. An app will generally have <em>at most</em> the permissions defined by the App definition or as reqested by the app during the auhtorization step. Of course, the app will never have <em>more</em> permissions than the user is has requested authorization for would have in a normal interactive scenario.</li>
</ul>
<a name="Considerations"></a>
<h2 >Considerations<a href="#Considerations" class="wiki-anchor">¶</a></h2>
<a name="Why-use-Doorkeeper"></a>
<h3 >Why use Doorkeeper?<a href="#Why-use-Doorkeeper" class="wiki-anchor">¶</a></h3>
<p>Implementing OAuth2 "by hand" seemed like re-inventing the wheel. Building and maintaining such security-critical code is both error-prone and non-trivial. The <a href="https://github.com/doorkeeper-gem/doorkeeper" class="external">Doorkeeper Gem</a> is the de-facto standard solution for implementing an OAuth2 provider in Rails. It's tried and tested, well-maintained and used by many high profile apps and services.</p>
<p>Integrating it with Redmine required only minor changes to Redmine's code base itself which should hopefully make maintenance of this functionality quite easy.</p>
<a name="Why-can-only-admins-create-apps"></a>
<h3 >Why can only admins create apps?<a href="#Why-can-only-admins-create-apps" class="wiki-anchor">¶</a></h3>
<p>The decision that only Redmine admins can add new API client applications is debatable, but it felt like the easiest solution for this first version. Allowing regular users to create apps would have required more overridden Doorkeeper controllers, new Redmine permissions (e.g. <code>add_apps</code>, <code>view_apps</code>, <code>destroy_apps</code>, etc.)</p>
<p>In addition to that, enabling/diasbling things like the REST API, JSONP support, etc. is currently also only available to admins, so I thought it would be consistent.</p>
<a name="Some-translations-are-missing-Where-are-the-I18n-keys"></a>
<h3 >Some translations are missing! Where are the I18n keys?<a href="#Some-translations-are-missing-Where-are-the-I18n-keys" class="wiki-anchor">¶</a></h3>
<p>At the moment, I've included them via the <a href="https://github.com/doorkeeper-gem/doorkeeper-i18n" class="external"><code>doorkeeper-i18n</code> Gem</a>. Technically, we could pull the locales in to Redmine's code base. However, – in the spirit of open source – I'd advcate in favor of keeping them in the external Gem and working with the Doorkeeper maintainers to improve them if needed. I've fixed <a href="https://github.com/doorkeeper-gem/doorkeeper-i18n/commit/45c6faa5e848af99e4cb8d047d6db5a362d08270" class="external">two</a> <a href="https://github.com/doorkeeper-gem/doorkeeper-i18n/commit/d4e88c4fd7882c0181f4179b29014f6b2e1562c2" class="external">issues</a> with the locales already via pull requests and they were accepted rather quickly.</p>
<p>That's it for now. I am looking forward to your feedback!</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=762972017-01-26T08:57:55ZMarius BĂLTEANU
<ul></ul><p>IMO, I think that the OAuth2.0 provider will be a great addition to Redmine and a feature that we'll use for sure at our future integrations with other apps.</p>
<p>What I like very much is the separation between the users and applications. Now we've some users named like "<application_name>-Generic User" used to authenticate the API calls. Having the possibility to define them as apps and manage their permissions from a different screen is very useful.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=762982017-01-26T09:10:52ZJan from Planio www.plan.io
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/76298/diff?detail_id=59740">diff</a>)</li></ul> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=763662017-01-28T17:59:17ZJan from Planio www.plan.io
<ul><li><strong>File</strong> deleted (<del><i>0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</i></del>)</li></ul> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=763672017-01-28T17:59:45ZJan from Planio www.plan.io
<ul><li><strong>File</strong> <i>0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</i> added</li></ul><p>Slightly updated version of 0003, using wider columns for scopes</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=764042017-01-29T15:23:09ZJan from Planio www.plan.io
<ul><li><strong>File</strong> deleted (<del><i>0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</i></del>)</li></ul> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=764052017-01-29T15:24:07ZJan from Planio www.plan.io
<ul><li><strong>File</strong> <a href="/attachments/17623">0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17623/0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch">0003-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</a> added</li></ul><p>And another fix.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=765402017-02-08T00:24:55ZAkipii Oga
<ul></ul><p>+1</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=800942017-07-17T17:20:05ZCheyenne Wills
<ul></ul><p>+1</p>
<p>What is the current "status" of this? Is this kind of planned for a future release?</p>
<p>We have two apps that could benefit by this (I've been looking at the redmine_oauth_provider plugin, but it appears that it doesn't work with the current level of Redmine).</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=840012018-03-15T09:01:30ZStephane Evr
<ul></ul><p>+1</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=917102019-05-12T21:30:13ZPeter Volkov
<ul></ul><p>I think that "Needs feedback" is a wrong status here. According to <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: New Ticket status "Needs Feedback" (Closed)" href="https://www.redmine.org/issues/12827">#12827</a> this status means that this ticket is waiting for author's feedback, and such tickets are invisible for developers. Jan could you updated patchset and Status here?</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=917772019-05-15T13:25:42ZJan from Planio www.plan.io
<ul><li><strong>Status</strong> changed from <i>Needs feedback</i> to <i>New</i></li></ul><p>I'm setting the status to <strong>New</strong> then, as requested. Ideally, we could get some more feedback from other contributors if the feature is desired and if yes, I'd be happy to rebase the patches on current trunk.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=918002019-05-16T07:33:26ZBernhard Rohloff
<ul></ul><p>I think it can be a nice feature for Redmine and would make it much easier to manage things like bots, dashboards and applications of that kind. IMHO it's definitely worth a rebase.<br />+1</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=947632019-11-04T16:56:19ZJames H
<ul></ul><p>+1</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=952852019-12-12T02:24:02ZKeisuke Matsuura
<ul></ul><p>+1</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=972642020-04-14T18:30:49ZJan S
<ul></ul><p>I'm also interested in this.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=983712020-06-25T20:36:21ZJ. Pablo Zebraitis
<ul></ul><p>+1</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=985962020-07-21T11:06:46ZJens Krämerjk@jkraemer.net
<ul><li><strong>File</strong> <a href="/attachments/25730">0001-oauth-Use-named-routes-in-base-layout-and-account-si.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25730/0001-oauth-Use-named-routes-in-base-layout-and-account-si.patch">0001-oauth-Use-named-routes-in-base-layout-and-account-si.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25731">0002-oauth-Prevent-hash-type-URLs-from-being-namespaced-i.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25731/0002-oauth-Prevent-hash-type-URLs-from-being-namespaced-i.patch">0002-oauth-Prevent-hash-type-URLs-from-being-namespaced-i.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25732">0003-oauth-Add-OAuth2-provider-capability-using-doorkeepe.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25732/0003-oauth-Add-OAuth2-provider-capability-using-doorkeepe.patch">0003-oauth-Add-OAuth2-provider-capability-using-doorkeepe.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25733">0004-oauth-Redmine-style-UI-for-Doorkeeper-OAuth2-provide.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25733/0004-oauth-Redmine-style-UI-for-Doorkeeper-OAuth2-provide.patch">0004-oauth-Redmine-style-UI-for-Doorkeeper-OAuth2-provide.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25734">0005-oauth-Add-optional-scope-parameter-to-Role-allowed_t.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25734/0005-oauth-Add-optional-scope-parameter-to-Role-allowed_t.patch">0005-oauth-Add-optional-scope-parameter-to-Role-allowed_t.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25735">0006-oauth-Use-Redmine-s-permissions-as-OAuth2-scopes.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25735/0006-oauth-Use-Redmine-s-permissions-as-OAuth2-scopes.patch">0006-oauth-Use-Redmine-s-permissions-as-OAuth2-scopes.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25736">0007-oauth-adds-system-test-to-test-the-oauth-provider-ca.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25736/0007-oauth-adds-system-test-to-test-the-oauth-provider-ca.patch">0007-oauth-adds-system-test-to-test-the-oauth-provider-ca.patch</a> added</li></ul><p>I rebased this patch on current master and added a brief system test that covers application creation, authorization and usage with an actual oauth2 client.</p>
<p>I'd also like to add that, since a few weeks, we're using this feature successfully at <a href="https://plan.io/redmine-hosting" class="external">Planio</a> for authenticating the native Planio Storage client apps.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=985972020-07-21T11:17:38ZJan from Planio www.plan.io
<ul><li><strong>Target version</strong> set to <i>Candidate for next minor release</i></li></ul><p>Thanks Jens. I would really enjoy seeing this making its way into a future Redmine release and I believe it will help Redmine get more third party apps and integrations!</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=989522020-08-27T03:07:46ZJens Krämerjk@jkraemer.net
<ul><li><strong>File</strong> <a href="/attachments/25883">0001-Use-named-routes-in-base-layout-and-account-sidebar.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25883/0001-Use-named-routes-in-base-layout-and-account-sidebar.patch">0001-Use-named-routes-in-base-layout-and-account-sidebar.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25882">0002-Prevent-hash-type-URLs-from-being-namespaced-in-Menu.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25882/0002-Prevent-hash-type-URLs-from-being-namespaced-in-Menu.patch">0002-Prevent-hash-type-URLs-from-being-namespaced-in-Menu.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25884">0003-Add-optional-scope-parameter-to-Role-allowed_to.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25884/0003-Add-optional-scope-parameter-to-Role-allowed_to.patch">0003-Add-optional-scope-parameter-to-Role-allowed_to.patch</a> added</li><li><strong>File</strong> <a href="/attachments/25885">0004-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/25885/0004-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch">0004-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</a> added</li></ul><p>Another update to this patch. Notable changes are:</p>
<ul>
<li>updated to Doorkeeper 5.4, which allowed for the following improvements:
<ul>
<li>secrets (tokens, application secret) are now stored as hashes</li>
<li>support for <a href="https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-PKCE-flow" class="external">PKCE</a> (most relevant for non-confidential clients)</li>
</ul>
</li>
<li>introduced an <code>admin</code> scope which allows Administrators to grant admin permissions to client applications</li>
<li>fixed a stored CSRF vulnerability that was present in one of the original Doorkeeper templates. It was only exploitable by Administrators but if you're using an older version of this patch, at least update your views according to this <a href="https://github.com/doorkeeper-gem/doorkeeper/commit/39916a613b7dcc738aa38f7a17e1de9757bd0754" class="external">doorkeeper commit</a></li>
</ul>
<p>We also just released the <a href="https://rubygems.org/gems/omniauth-redmine-oauth2" class="external">omniauth-redmine-oauth2</a> gem (source code at <a href="https://support.plan.io/projects/omniauth-redmine-oauth2/repository" class="external">Planio</a> and <a href="https://github.com/planio-gmbh/omniauth-redmine-oauth2" class="external">Github</a>). We also built a small Rails app to <a href="https://support.plan.io/projects/omniauth-redmine-oauth2/repository/rails-demo" class="external">demonstrate usage of the gem</a> .</p>
<p>Currently this patch makes two I18n tests fail. This is due to the inclusion of the <a href="https://github.com/doorkeeper-gem/doorkeeper-i18n" class="external">doorkeeper-i18n</a> gem, which introduces 4 locales that aren't present in Redmine. In general, we would need to decide if we want to include these 3rd party translation at all (they do not cover all of Redmine's locales by a large margin) or if we incorporate them into Redmine. As of now the patch just overrides a few strings to make the wording more Redmine-like.</p>
<p>Due to the Doorkeeper upgrade I was more or less forced to squash the last 4 commits of the previous patch series, so it's down to 4 commits now.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1010822021-02-24T23:22:41ZMarius BĂLTEANU
<ul><li><strong>Target version</strong> changed from <i>Candidate for next minor release</i> to <i>Candidate for next major release</i></li></ul><p>Jens, I've started to look to the provided patches and to test this feature. For now, I've committed all 4 patches to the <a href="https://gitlab.com/redmine-org/redmine/-/commits/feature/24808_oauth2_support" class="external">Gitlab</a> instance in order to get the tests results. Besides the I18n test fails, there are some Rubocop warnings that should be fixed.</p>
<p>Am I wrong if I say that patches <code>0001</code> and <code>0002</code> can be extracted from this issue and delivered as separated ticket? In this way, we will down this feature to 2 patches and it will be easier to maintain/rebase it.</p>
<p>I've assigning this to the next major release version because the changes are too huge for a minor version.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1019562021-04-12T10:08:45ZJens Krämerjk@jkraemer.net
<ul></ul><p>thanks for looking into this! I just created <a class="issue tracker-3 status-5 priority-4 priority-default closed" title="Patch: Use named routes in base layout and account sidebar (Closed)" href="https://www.redmine.org/issues/35075">#35075</a> and <a class="issue tracker-3 status-5 priority-4 priority-default closed" title="Patch: Menu manager - generate correct URLs when rendering from a namespaced controller (Closed)" href="https://www.redmine.org/issues/35076">#35076</a> with the first two patches of this series. Both should not cause test failures or rubocop warnings. I'll look into these next and update this issue accordingly.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1019572021-04-12T10:16:14ZJan from Planio www.plan.io
<ul></ul><p>Thanks Marius for looking into this. I think it should greatly improve the Redmine API to use state of the art authorization!</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1019722021-04-13T06:33:51ZJens Krämerjk@jkraemer.net
<ul><li><strong>File</strong> <a href="/attachments/27175">0003-Add-optional-scope-parameter-to-Role-allowed_to.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/27175/0003-Add-optional-scope-parameter-to-Role-allowed_to.patch">0003-Add-optional-scope-parameter-to-Role-allowed_to.patch</a> added</li><li><strong>File</strong> <a href="/attachments/27176">0004-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/27176/0004-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch">0004-Add-OAuth2-provider-capability-using-doorkeeper-gem.patch</a> added</li></ul><p>here are the remaining two patches, updated to the most recent doorkeeper release (5.5.1), rebased on current master, and hopefully with a lot less rubocop warnings.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1027632021-06-09T19:29:21ZJames H
<ul></ul><p>+100000000000000</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1029572021-06-24T22:34:52ZMarius BĂLTEANU
<ul><li><strong>Assignee</strong> set to <i>Marius BĂLTEANU</i></li><li><strong>Target version</strong> changed from <i>Candidate for next major release</i> to <i>5.0.0</i></li></ul> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1056732022-02-17T15:51:37ZHarald Welte
<ul></ul><p>Excellent proposal, looking forward to seeing this merged for the next major release.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1057662022-02-24T18:57:45ZMarius BĂLTEANU
<ul><li><strong>Target version</strong> changed from <i>5.0.0</i> to <i>Candidate for next major release</i></li></ul><p>The patches need some changes to work with Rails 6 and zeitwerk autoloader.</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1079242022-09-16T17:54:55ZGael Duret
<ul></ul><p>Hello All,</p>
<p>We actually use RedMine in our company and we use the IMAP fetching email process to create our tickets. This process will stop working on October first as we are connected to an Office365 server and Microsoft will deactivate the basic authentication.<br />We are looking for a way to use OAuth authentication. <br />Our Redmine version:<br />Environment:<br /> Redmine version 5.0.0.stable<br /> Ruby version 2.6.9-p207 (2021-11-24) [x64-mingw32]<br /> Rails version 6.1.4.7<br /> Environment production<br /> Database adapter Mysql2<br /> Mailer queue ActiveJob::QueueAdapters::AsyncAdapter<br /> Mailer delivery smtp</p>
<p>We do not have any Rugby knowledge in the team, we are looking for some explain / help on this subject ?<br />Which patch for our version ? How to setup a patch ?</p>
<p>Thanks</p> Redmine - Feature #24808: OAuth2 support for Redmine API Apps (OAuth2 Provider)https://www.redmine.org/issues/24808?journal_id=1116412023-11-25T07:49:03Zpasquale [:dedalus]
<ul></ul><p><a class="user active" href="https://www.redmine.org/users/107353">Marius BĂLTEANU</a> <a class="user active" href="https://www.redmine.org/users/332">Go MAEDA</a><br />Could this ticket be included in the activities planned for version 6.0?</p>