-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
-
2.1, Future Dev
-
Any
-
MOODLE_21_STABLE
-
What is it
It allows a client to access Moodle web services functions using OAuth as the authentication mechanism, in the same way that clients can use token-based authentication. (Patch currently only supports 2-legged OAuth.)
How a web service client use it
Example code is included in the patch (in the webservice/{rest|soap|xmlrpc}/locallib.php files, in the webservice_*_test_client classes). The REST example is probably the easiest to understand. Basically, once you have OAuth credentials, use your favourite OAuth library to generate an OAuth signature for the HTTP request.
Here is a simplified version of the code from webservice/rest/locallib.php:
$murl = new moodle_url($CFG->wwwrooot . '/webservice/rest/oauthserver.php', array('wsfunction' => 'get_users_by_id', 'userids[0]' => 42));
|
// get the signature method object
|
$webservicemanager = new webservice();
|
$signmethod = $webservicemanager->oauth_get_signature_method($oauth_signmethod);
|
// create an OAuth consumer object with the correct credentials
|
$consumer = new OAuthConsumer($oauth_identifier, $oauth_secret, null);
|
// create an OAuth request and sign it
|
$request = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', $murl->out_omit_querystring(), $murl->params());
|
$request->sign_request($signmethod, $consumer, null);
|
|
|
$murl->params($webservicemanager->oauth_parameter_filter($request->get_parameters(), true));
|
// $murl is now a signed moodle_url that a client can GET to make the OAuth request
|
To obtain an OAuth credential, the admin can go to Site administration > Plugins > Web services > OAuth credentials. That page is based on the Manage tokens page.
How it works internally
Main parts:
- admin/settings/plugins.php, admin/webservice/forms.php, admin/webservice/oauthcredentials.php, lib/externallib.php, webservice/render.php: implement the Site administration > Web services > OAuth credentials page
- webservice/lib.php
- webservice class: added utility functions for OAuth (similar to the utility functions for token-based authentication)
- moodle_oauth_data_store and moodle_oauth_signature_method_RSA_SHA1 classes: adaptor class to get the OAuth client information from Moodle for the OAuth library
- webservice_server class: added code to authenticate using OAuth
- webservice/*/oauthserver.php: server entry point for calling web services (the OAuth equivalent to webservice/*/server.php and webservice/*/simpleserver.php
- webservice/*/locallib.php, admin/webservice/testclient.php, admin/webservice/testclient.php: added code to add OAuth as an option in Site administration > Developer > Web service test client
