External Authentication Providers
OpenDrives systems allow users to authenticate against a third party authentication provider. These ‘external providers’ are not inherent to an OpenDrives system, but are accessed externally via https. This is commonly known as Single Sign On (SSO) and we allow custom entries to any third party provider which conform to either OAuth 2.0 or SAML protocol.
Examples of using external provider authentication is logging in to an OpenDrives system using Okta, Google, or Facebook.
Basic Operations
Basic operations of Create, Update, Read, Delete, List are available.
Note: the List route returns a list of ALL providers, both internal and external. The provider type which is noted in the provider_type
field where string int
implies internal provider and string ext
implies external provider.
List Providers
Get a list of all providers set up on an OpenDrives system
+ URL /api/v2/authorization/provider + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Returns an array of providers
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "provider_type": "int", "provider_name": "saitamaonepunch", "provider_protocol": "ldap", "domain": "one.punch", "raw": "[domain/one.punch]\n\tid_provider = ldap\n\tldap_uri = ldap://saitama.one.punch\n\tldap_search_base = dc=one,dc=punch\n\tldap_id_use_start_tls = true\n\tldap_tls_reqcert = demand\n\tldap_tls_cacert = /etc/ssl/certs/bind_ldap.crt\n\tauth_provider = krb5\n\tkrb5_server = saitama.one.punch\n\tkrb5_realm = ONE.PUNCH\n\tcache_credentials = True\n\tdebug_level = 9\n", "json": { "domain/one.punch": { "id_provider": "ldap", "ldap_uri": "ldap://saitama.one.punch", "ldap_search_base": "dc=one,dc=punch", "ldap_id_use_start_tls": "true", "ldap_tls_reqcert": "demand", "ldap_tls_cacert": "/etc/ssl/certs/bind_ldap.crt", "auth_provider": "krb5", "krb5_server": "saitama.one.punch", "krb5_realm": "ONE.PUNCH", "cache_credentials": "True", "debug_level": "9" } } }, { "provider_name": "imgur", "provider_protocol": "oauth", "provider_type": "ext", "options": { "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "clientID": "myClientId", "clientSecret": "myClientSecret", "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "userProfileURL": "https://api.imgur.com/3/account/me" }, "enabled": true, "host": "192.168.7.62:8080", "hostid": "ae82a9a2" } ]
Get External Provider
Get details on an individual external provider
Request Object
+ URL /api/v2/authorization/provider/external/$PROVIDER_NAME/details + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Returns an object with external provider settings
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "provider_name": "imgur", "provider_protocol": "oauth", "provider_type": "ext", "options": { "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "clientID": "myClientId", "clientSecret": "myClientSecret", "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "userProfileURL": "https://api.imgur.com/3/account/me" }, "enabled": true, "host": "192.168.7.62:8080", "hostid": "ae82a9a2" }
Create External Provider
Create an external provider on your OpenDrives system
Request Object
+ URL /api/v2/authorization/provider/add + Method POST + Parameters provider_name: (string, required) - custom name of provider provider_protocol: (string, required) - procotol used for provider (i.e saml or oauth) host: (string, required) - host of OpenDrives system (i.e 192.168.7.62, hostname.opendrives.com) options: (object, required) - parameters to connect to external provider service. See passport.js docs for more information on specific SAML and Oauth 2.0 parameters. + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "provider_name": "imgur", "provider_protocol": "oauth", "options": { "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "clientID": "myClientId", "clientSecret": "myClientSecret", "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "userProfileURL": "https://api.imgur.com/3/account/me", } "host": "192.168.7.62:8080" }, }
Response Object
Returns external provider database entry
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 4, "hostid": "ae82a9a2", "host": "192.168.7.62:8080", "provider_name": "imgur", "provider_protocol": "oauth", "enabled": true, "options": { "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "clientID": "myClientId", "clientSecret": "myClientSecret", "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "userProfileURL": "https://api.imgur.com/3/account/me/" }, "createdAt": "2020-12-07T19:46:55.045Z", "updatedAt": "2020-12-07T19:46:55.045Z" } ]
Remove External Provider
Removes an external provider from your OpenDrives system
Request Object
+ URL /api/v2/authorization/provider/$PROVIDER_NAME/remove + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Returns the external provider database entry that was removed from the OpenDrives system
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 4, "hostid": "ae82a9a2", "host": "192.168.7.62:8080", "provider_name": "imgur", "provider_protocol": "oauth", "enabled": true, "options": { "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "clientID": "myClientId", "clientSecret": "myClientSecret", "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "userProfileURL": "https://api.imgur.com/3/account/me/" }, "createdAt": "2020-12-07T19:46:55.045Z", "updatedAt": "2020-12-07T19:46:55.045Z" } ]
Update External Provider
Updates an existing external provider on your OpenDrives system.
Note: this will overwrite any existing entry for the external provider and all parameters must exist in order to update. If you are not updating a specific parameter you should still provide that parameters information. See example below in request body and response body. For example, if you want to update just the provider_name
you should pass in the updated provider_name
along with the existing provider_protocol
, host
, and options
Request Object
+ URL /api/v2/authorization/provider/$PROVIDER_NAME/update + Method POST + Parameters provider_name: (string, required) - custom name of provider provider_protocol: (string, required) - procotol used for provider (i.e saml or oauth) host: (string, required) - host of OpenDrives system (i.e 192.168.7.62, hostname.opendrives.com) options: (object, required) - parameters to connect to external provider service. See passport.js docs for more information on specific SAML and Oauth 2.0 parameters. + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "provider_name": "imgur", "provider_protocol": "oauth", "options": { "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "clientID": "myNewClientId", "clientSecret": "myNewClientSecret", "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "userProfileURL": "https://api.imgur.com/3/account/me" }, }
Response Object
Returns the external provider database entry that was removed from the OpenDrives system
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 5, "provider_name": "imgur", "provider_protocol": "oauth", "hostid": "ae82a9a2", "host": "192.168.7.62:8080", "enabled": true, "options": { "authorizationURL": "https://api.imgur.com/oauth2/authorize", "tokenURL": "https://api.imgur.com/oauth2/token", "clientID": "myNewClientId", "clientSecret": "myNewClientSecret", "callbackURL": "https://192.168.7.62:1337/api/v2/authorization/login/callback", "userProfileURL": "https://api.imgur.com/3/account/me/" }, "createdAt": "2020-12-07T19:46:55.045Z", "updatedAt": "2020-12-07T19:46:55.045Z" } ]