Below are the steps to configure OAuth so it can authenticate requests in Drupal 8.

Requirements

Read installation instructions on PECL's OAuth extension.

The easiest way to install this extension is through PEAR using the following command:

pecl install oauth

Using pear install HTTP_OAuth installs a PEAR implementation not compatible with the D8 version.

Installation

Download and install OAuth module from the project page.

If you see an error during installation regarding PECL's OAuth extension, please read the installation instructions in the Requirements section.

Set up

Follow these steps to configure OAuth Authentication for requests:

1. Set OAuth authentication for a REST resource.
2. Adjust permissions.
3. Obtain a pair of OAuth consumer and secret keys.
4. Test the resource.

Set OAuth authentication for a REST resource

The following REST configuration allows access to the node resource for OAuth requests on GET method in JSON format:

# Sample rest.settings.yml
resources:
  'entity:node':
    GET:
      supported_formats:
        - json
      supported_auth:
        - oauth

For instructions on how to apply configuration changes in Drupal 8, read Managing configuration in Drupal 8. Alternatively, you can install REST UI module and use its interface to enable and configure the resource through the administration interface.

Adjust permissions

Since we just want authenticated requests to access nodes through REST, we need to adjust permissions so only authenticated users
can access. Therefore, we will check the Authenticated checkbox for the permission Access GET on Content resource:

Selection_001.png

If we want authenticated users to manage their own keys in order to access OAuth protected resources, we need to allow Access own OAuth consumers on the Authenticated role:

Selection_002.png

Finally, go to the bottom of the page and click on Save permissions.

Obtain a pair of OAuth consumer and secret keys

Now we are going to generate a pair of OAuth consumer and secret keys to be used to sign requests.

Open the account page of a user with permission to Access own OAuth consumers and click at at the OAuth consumers tab. There will be no consumers, so we will click on Add consumer and confirm the action:

Selection_003.png

Finally, we have a pair of OAuth consumer and secret keys. We will test them in the next section.

Selection_004.png

Test the resource

Create a node of type page. Assuming that its nid is 1, here is a script that uses Guzzle 6 with our pair of keys to request the node:

/**
 * @file oauthRequest.php
 * Performs an OAuth request to retrieve a node.
 */

require 'vendor/autoload.php';

use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Subscriber\Oauth\Oauth1;

$stack = HandlerStack::create();

$middleware = new Oauth1([
  'consumer_key'    => '3JSiwDZVEw7yHipVnAVZeuu6GdWkMzTb',
  'consumer_secret' => 'EPFRN3WQNWXA9UdRbUSUFdTdetvCVGv3',
]);
$stack->push($middleware);

$client = new Client([
  'base_uri' => 'http://d8.local',
  'handler' => $stack,
]);

// Set the "auth" request option to "oauth" to sign using oauth
$response = $client->get('node/1?_format=json', ['auth' => 'oauth', 'debug' => true]);
$body = $response->getBody();
print_r(json_decode((string) $body));

And this is the response from the server:

juampy@juampy-box:~/projects/default/oauth_request $ php oauth_request.php 
Command: 
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to d8.local (127.0.0.1) port 80 (#0)
> GET /node/1?_format=json HTTP/1.1
User-Agent: GuzzleHttp/6.1.0 curl/7.35.0 PHP/5.5.9-1ubuntu4.14
Host: d8.local
Authorization: OAuth oauth_consumer_key="3JSiwDZVEw7yHipVnAVZeuu6GdWkMzTb", oauth_nonce="b7b023e9a6fb90fc03361568bdef68b0ebb4036d", oauth_signature="3riP2rJKRHfdJo6steaudUvUJ3E%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1446730340", oauth_version="1.0"

< HTTP/1.1 200 OK
< Date: Thu, 05 Nov 2015 13:32:20 GMT
* Server Apache/2.4.7 (Ubuntu) is not blacklisted
< Server: Apache/2.4.7 (Ubuntu)
< X-Content-Type-Options: nosniff
< X-Powered-By: PHP/5.5.9-1ubuntu4.14
< Cache-Control: must-revalidate, no-cache, post-check=0, pre-check=0, private
< X-Drupal-Dynamic-Cache: MISS
< X-UA-Compatible: IE=edge
< Content-language: en
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Expires: Sun, 19 Nov 1978 05:00:00 GMT
< X-Generator: Drupal 8 (https://www.drupal.org)
< X-Drupal-Cache: MISS
< Content-Length: 842
< Content-Type: application/json
< 
* Connection #0 to host d8.local left intact

stdClass Object
(
    [nid] => Array
        (
            [0] => stdClass Object
                (
                    [value] => 1
                )

        )

    [uuid] => Array
        (
            [0] => stdClass Object
                (
                    [value] => 6fcae0f0-bba6-45a9-932a-42d4a524525d
                )

        )

    [vid] => Array
        (
            [0] => stdClass Object
                (
                    [value] => 1
                )

        )

    [type] => Array
        (
            [0] => stdClass Object
                (
                    [target_id] => article
                )

        )

    [langcode] => Array
        (
            [0] => stdClass Object
                (
                    [value] => en
                )

        )

    [title] => Array
        (
            [0] => stdClass Object
                (
                    [value] => Title
                )

        )
    // Rest of the node's fields.
)

Troubleshooting

OAuth module registers errors in requests that are signed with the OAuth protocol. Have a look at admin/reports/dblog to see if you find any hints on what can be wrong. Also, verify that the Status Report (at admin/reports/status) does not show any warnings at the OAuth section.

AttachmentSize
Selection_001.png39.48 KB
Selection_002.png49.29 KB
Selection_003.png34.73 KB
Selection_004.png14.07 KB

Comments

webbymatt’s picture

I could not install HTTP_OAUTH through CLI with PEAR - I had to specify the version number: https://pear.php.net/package/HTTP_OAuth/download

pear install HTTP_OAuth
- did not work

pear install HTTP_OAuth-0.3.1
- did work