Hi,
is it possible to use the AWS SDK to upload a file via s3 API of Pydio Cells? Or must I write it on my own, because of different authentication processes etc.
Also what is the best way to generate a token, when I write a background process where no browser is available?
I already had a look on the different grant_types, but the password flow doesn’t seems to work correctly. I only get the following message:
Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.
Hello Sike
Thanks for posting and welcome on the forum.
Did you have a look at https://pydio.com/fr/docs/developer-guide/using-postman ? It’s a very good starting point to reproduce this with your favorite s3 client : auth request to retrieve token, then (at the bottom of the page) how to use the token in s3 requests.
-c
yes I already had a look on this documentation and I also have a postman collection with working examples, but I don’t have that much experience with OAuth2 and OpenID. My problem is now that I want to create a background service which should upload a file via API, but I don’t know how I can get the authorization grant without a browser when I use the authorization_code as grant_type. What are my opportunities? I already had a deeper look at the password credentials grant, but the library which Pydio uses doesn’t seem to support it ( https://www.ory.sh/hydra/docs/faq/). Also the device grant isn’t supported until now (https://github.com/ory/hydra/issues/1553).
My other question is, if I can use a public SDK like the AWS SDK for Java to upload files or if I have to implement it on myself.
Hello @sike
you can in fact go around oidc by using the frontend login endpoint. Have a look at our cells-sdk-go code here (https://github.com/pydio/cells-sdk-go/blob/master/transport/oidc/tokens.go#L121) you do not need to handle the full oauth flow in that case.
Once you have the token yes you should be able to use your AWS SDK by providing the token as the Access Key and “gatewaysecret” (fixed string) as the Secret.
Hey Sike, like you I have implemented a back-end that uploads files to Pydio and I can probably help you figure out the S3 part. However, since upgrading to v2.1 I can no longer use “password” authentication and I’m also stuck trying to figure out how to get a token without a browser.
I’ll follow this thread and hopefully we can help each other out!
For the S3 part, I used the AWS S3Client (PHP) package provided by Amazon themselves. This made the connection routine quite easy as I simply created a new S3Client with settings as so:
[
'endpoint'=> <cells host uri>,
'use_path_style_endpoint'=>true,
'version'=>'latest',
'region'=>'us-east-1',
'credentials'=>[
'key'=><JWT here>,
'secret'=>'gatewaysecret' //hard-coded in cells v2.0.x, not sure about 2.1 yet
]
]
In order to PUT a file then, you use the S3Client created as so:
$result = $s3->putObject([
'Bucket'=>'io', //hard-coded in pydio
'Key'=> <put your file path here, starting with the workspace slug> e.g. "personal-files/a/folder/a/file.txt",
'SourceFile'=><local file path to upload>
]);
$s3->waitUntil('ObjectExists', [//wait until file exists i.e. file upload is complete
'Bucket'=>'io',
'Key'=><same as above>
]);
return $result;