API OAuth » History » Revision 2
Revision 1 (Petr Chalupa, 10/24/2012 06:01 AM) → Revision 2/3 (Petr Chalupa, 10/24/2012 06:05 AM)
h1. API OAuth
There is two legged OAuth protocol added in API allowing request authentication.
Signed request with OAuth (using @oauth_consumer_key@ and @oauth_consumer_secret@) are trusted by Foreman. If request verification is successful a Foreman user is authenticated. Depending on @oauth_map_users@ option the incoming request is executed as admin or as mapped user. If @oauth_map_users@ is enabled users are mapped by @User#login@ passed in @X-FOREMAN-USER@ header.
h2. Setup
# go to http://foreman.url/settings?utf8=%25E2%259C%2593&search=+category++%253D++Auth
# enable OAuth authetication @oauth_active@, set to @true@
# set @oauth_consumer_key@ and @oauth_consumer_secret@
# optionally set @oauth_map_users@ to @true@ to enable user mapping
h2. Troubleshooting
* if you have trouble enabling OAuth authentication watch Foreman log WARN messages.
* or debug OAuth authentication logic, see: source:lib/api/authorization.rb
h2. Security
OAuth does not signs whole request (body and @X-FOREMAN-USER@ are not signed), api should be exposed over HTTPS.