Using Cloudron as OAuth 2 provider
The OAuth 2 protocol can be used to allow users with an account in your Cloudron to sign into an external service.
For this post, we will see how you can use Cloudron OAuth functionality to allow Cloudron users in cloudron.info to login to Kanboard at kanboard.example.com.
Register OAuth application
Create an OAuth application in your Cloudron under the API Access menu.
The dialog requires 3 parameters:
The Application Name is the name of the external application. Set this to something memorable.
Authorization Callback URL is the URL that the Cloudron will callback after authentication. This value must be set to https://kanboard.example.com/oauth/callback.
Once authenticated, Scope specifies the resources to which the application has access. The profile scope indicates that the app only gets access to the user's profile and nothing else.
Make note of the Client ID and Client Secret. We will use them when configuring the OAuth2 plugin on Kanboard.
Configure OAuth2 plugin on Kanboard
First install the OAuth2 plugin in Kanboard (Plugins -> Plugin Directory -> Install), Then, configure it to use your Cloudron for authentication (Settings -> Integrations)
Client IDis the value obtained when registering the OAuth application.Client Secretis the value obtained when registering the OAuth application.Authorize URLmust be set tohttps://my.<domain>/api/v1/oauth/dialog/authorizeToken URLmust be set tohttps://my.<domain>/api/v1/oauth/tokenUser API URLmust be sethttps://my.<domain>/api/v1/profile
The rest of the values define the mapping for the User profile API response.
Username Keymust be set tousernameName Keymust be set todisplayNameEmail Keymust be set toemailUser ID Keymust be set toid
Testing the flow
You can now test the authentication flow on Kanboard.
Logging in using the OAuth link, takes you to the Cloudron authentication screen. On successful login, the Cloudron redirects you to Kanboard. Kanboard automatically picks up the display name, username, id and email information from the user's profile.