Last updated March 27, 2014. Created by juampy on October 13, 2013.
Edited by mobcdi. Log in to edit this page.

The OAuth module allows to authenticate Drupal resources through the OAuth 1.0 protocol.

Below are the steps to configure OAuth so it can authenticate requests in Drupal 8.

Requirements

Read installation instructions on PECL's OAuth extension.

The easiest way to install this extension is through PEAR using the following command:

pear install HTTP_OAuth

Installation

Download and install OAuth module from the project page.

If you see an error during installation regarding PECL's OAuth extension, please read the installation instructions in the Requirements section.

Set up

Follow these steps to configure OAuth Authentication for requests:

1. Set OAuth authentication for a REST resource.
2. Adust permissions.
3. Obtain a pair of OAuth consumer and secret keys.
4. Test the resource.

Set OAuth authentication for a REST resource

The following REST configuration allows access to the node resource for OAuth requests on GET method in JSON format:

# Sample rest.settings.yml
resources:
  'entity:node':
    GET:
      supported_formats:
        - json
      supported_auth:
        - oauth

For instructions on how to apply configuration changes in Drupal 8, read Managing configuration in Drupal 8. Alternatively, you can install REST UI module and use its interface to enable and configure the resource through the administration interface.

Adjust permissions

Since we just want authenticated requests to access nodes through REST, we need to adjust permissions so only authenticated users
can access. Therefore, we will check the Authenticated checkbox for the permission Access GET on Content resource:

Selection_001.png

If we want authenticated users to manage their own keys in order to access OAuth protected resources, we need to allow Access own OAuth consumers on the Authenticated role:

Selection_002.png

Finally, go to the bottom of the page and click on Save permissions.

Obtain a pair of OAuth consumer and secret keys

Now we are going to generate a pair of OAuth consumer and secret keys to be used to sign requests.

Open the account page of a user with permission to Access own OAuth consumers and click at at the OAuth consumers tab. There will be no consumers, so we will click on Add consumer and confirm the action:

Selection_003.png

Finally, we have a pair of OAuth consumer and secret keys. We will test them in the next section.

Selection_004.png

Test the resource

Create a node of type page. Assuming that its nid is 1, here is an example to access this node using Guzzle and our pair of keys:

<?php
/**
* @file oauthRequest.php
* Performs an OAuth request to retrieve a node.
*/
require 'vendor/autoload.php';
use
Guzzle\Http\Client;
$client = new Client('http://d8.local');
$client->addSubscriber(new Guzzle\Plugin\Oauth\OauthPlugin(array(
   
'consumer_key'  => 'WkVXLcegufd95miRpD7HXmDDUSsvjtXz',
   
'consumer_secret' => '6gmrXKbSewgKPYqAoVZCmSNinwAE6mEq',
)));
$request = $client->get('node/1', array(
 
'Accept' => 'application/json',
), array(
'debug' => TRUE));
try {
 
$response = $request->send()->json();
 
print_r($response);
}
catch (\
Exception $e) {
 
print_r($e->getMessage());
}
?>

And this is the response from the server:

$ php oauthRequest.php
# Request:
GET /node/1 HTTP/1.1
Host: d8.local
Accept: application/json
User-Agent: Guzzle/3.7.0 curl/7.29.0 PHP/5.4.9-4ubuntu2.3
Authorization: OAuth oauth_consumer_key="WkVXLcegufd95miRpD7HXmDDUSsvjtXz", oauth_nonce="2dc7fe2b302010364e4f562e720c62560cc56372", oauth_signature="f6O99Y87xeOIVX4FuPJQzQK5V0Y%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1381659154", oauth_version="1.0"
# Response:
HTTP/1.1 200 OK
Date: Sun, 13 Oct 2013 10:12:34 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.9-4ubuntu2.3
Cache-Control: must-revalidate, no-cache, post-check=0, pre-check=0, private
X-UA-Compatible: IE=edge,chrome=1
Content-language: en
Last-Modified: Sun, 13 Oct 2013 10:12:34 GMT
ETag: "1381659154"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Transfer-Encoding: chunked
Content-Type: application/json
{"nid":[{"value":"1"}],"uuid":[{"value":"a545c4ab-1ab7-4158-a917-23c55b5d1bdb"}],"vid":[{"value":"1"}],"type":[{"value":"page"}],"langcode":[{"value":"en"}],"title":[{"value":"asdfa"}],"uid":[{"target_id":"1"}],"status":[{"value":"1"}],"created":[{"value":"1381652421"}],"changed":[{"value":"1381652426"}],"promote":[{"value":"0"}],"sticky":[{"value":"0"}],"revision_timestamp":[{"value":"1381652426"}],"revision_uid":[{"target_id":"1"}],"log":[{"value":""}],"body":[{"value":"<p>sadfasf<\/p>\r\n","format":"basic_html","summary":""}]}

Here is another example using PHP's cURL:

<?php
/**
* @file oauthCurl.php
*
* Performs an OAuth request using PHP cURL.
*/
$header[] = 'Authorization: OAuth oauth_consumer_key="WkVXLcegufd95miRpD7HXmDDUSsvjtXz", oauth_nonce="f2686c3f4bac92d74d63c57d76880de5737e8eae", oauth_signature="BatZdFkee%2BC70bHTvaBmsycZAa0%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1381660497", oauth_version="1.0"';
$ch = curl_init('d8.local/node/1');
curl_setopt($ch, CURLOPT_HTTPHEADER,     $header);
$json = curl_exec($ch);
curl_close ($ch);
$data = json_decode($json, true);
print_r($json);
?>

Finally here is an example using curl command:

juampy@juampy-box:~ $ curl --include --request GET --header 'Content-type: application/json' \
--header 'Authorization: OAuth oauth_consumer_key="WkVXLcegufd95miRpD7HXmDDUSsvjtXz", oauth_nonce="f2686c3f4bac92d74d63c57d76880de5737e8eae", oauth_signature="BatZdFkee%2BC70bHTvaBmsycZAa0%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1381660497", oauth_version="1.0"' \
http://d8.local/node/1

Troubleshooting

OAuth module registers errors in requests that are signed with the OAuth protocol. Have a look at admin/reports/dblog to see if you find any hints on what can be wrong. Also, verify that the Status Report (at admin/reports/status) does not show any warnings at the OAuth section.

AttachmentSize
Selection_001.png39.48 KB
Selection_002.png49.29 KB
Selection_003.png34.73 KB
Selection_004.png14.07 KB

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.