User Auth Open Authentication (OAuth2)

Introduction

OAuth2 (Open Authentication) is the open industry-standard protocol for secure authorization of clients. It can be used as a way for users to grant web services or applications access to their data stored in ownCloud. The use of OAuth2 in ownCloud greatly enhances security while facilitating the integration of third party applications or web services:

  • Connect ownCloud clients (Desktop, Android, iOS) through a standardized and secure authorization flow.

  • Provide a user authorization interface for developers to facilitate the integration of ownCloud in third party applications.

Benefits Provided by the OAuth2 Interface

  • No user passwords are being stored in ownCloud clients or third party web applications

Instead of connecting clients with username/password, a user only needs to provide the information once in the browser. The respective client is then provided with a unique access token which is used for future connections to the ownCloud server. ownCloud clients or third party applications never get to know the actual login credentials.

  • The use of different access tokens per client provides the ability to selectively revoke user sessions

When using OAuth2 a unique access token is generated for each device or third party application. Users can check their authorized clients in the personal settings and have the ability to selectively invalidate access tokens when e.g. a device is lost. This strengthens control and access security significantly.

The OAuth2 App

OAuth2 functionality is available in ownCloud via the OAuth2 application which is available from the ownCloud Marketplace. For more information on how to set it up, see section Open Authentication (OAuth2)

When using OAuth2, never try to log in with a disabled user.