Authentication problems since upgrade

Pydio Cells
,
1

Hey, I just upgraded from 2.0.8 to 2.1.3 and now my Postman configs don’t work due to OAuth2 authentication problems.

Before the upgrade, I was using “/auth/dex/token” with the authentication options for “basic auth” and the username/password for “cells-front” that is built-in. This config no longer works and returns an HTML page that just says “Loading…”

After reading the updated docs, I tried to use the OIDC endpoint for authentication and this is also not working, see the following screenshot:

Screenshot from 2020-07-31 13-53-36
Screenshot from 2020-07-31 13-53-361296×865 108 KB

Please advise!

EDIT: Ok, I used “cells config list” to find out that the only valid redirect_uri is “https://get2.hhangus.com/auth/callback” and this setting worked. However, I want to be able to login without having to have a user-login screen because this is a backend-client that needs to talk to Pydio. That’s why I was using the auth/dex/token endpoint and I still need to be able to do this going forward. The Postman example doesn’t provide an example of how to do this token request without the user-form, and so I need to know how to do that please.

2

Hello @scott.bentley,

On Cells 2.1 we have completely removed another component (dex) that was used for the authentication to fully utilize a library that handles everything OIDC related, that is why the redirect URI has been updated.

I believe the best case would be to be able to create a connector with an API key/secret combo that you could use to authenticate.
Unfortunately this is not available at this time and is on our list of features that must be added.

3

Thanks @zayn,

It’s unfortunate that the key/secret method (dex) was removed as I was depending on it for my back-end integration. I won’t be able to upgrade from 2.0.x until this feature is re-implemented or I can figure out how to use OIDC without the web-browser login popup.

I’m curious how the cec client can work if there’s no key/secret? A Postman example, without having a web-browser login popup, would be super helpful.

4

ah sorry, what I meant was that you can create a custom set of key/secret (that would allow you to log in without needing to handle tokens or else) for a specific case.`
For instance on spotify, you can create an app with a set of key and secret that allows you to interact with spotify without the need to authenticate each time.

You still have the defaults, cells-client, cells-sync you can actually find their definition inside the pydio.json file.

But it is still about obtaining a token and handling the refresh.

On the cells-client and cells-sync we handle the refresh but if you use it on your own you will need to handle the refresh.

{
          "client_id": "cells-client",
          "client_name": "Cells Client CLI Tool",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "redirect_uris": [
            "http://localhost:3000/servers/callback",
            "https://my-server/oauth2/oob"
          ],
          "response_types": [
            "code",
            "token",
            "id_token"
          ],
          "scope": "openid email profile pydio offline"
        },
5

Hey @zayn has any progress been made on this? As a reminder, the issue is that dex was removed and dex was the only way to login in one single request, i.e. without a user login in a web browser.

EDIT: I was digging through google trying to figure out oauth2 and learned some things. I need a way to get a token without an authentication code, the way dex used to work. That or you’re going to need to document the process to get a code and token using oidc/auth and oidc/token so I can understand how to authorize my own back-end for a user account.