Overview

Drupal’s Simple OAuth (OAuth2) & OpenID Connect module is described as an implementation of the OAuth 2.0 Authentication Framework RFC.

https://www.drupal.org/project/simple_oauth

For related articles, please also refer to examples of cookie authentication and JWT authentication.

Installation

There appear to be version 5.x and 6.x of the simple_oauth module, but this time version 5.x is used. Install with the following:

composer.pharrequire'drupal/simple_oauth:^5.2'

However, when using Sakura Rental Server, the following error occurred. PHP's sodium extension was required.

cRLUYTYAUIo/uopooolsnmcnaduPutespondarreetomiito-------ncrtaspnnirbaanhleoggnelsssdldRb/////naelrsgqetttrcroluuuuuta.eccumeeeuouoesssssaiotproodivvvpbptrrrrrlvpih.mmer1eeeauae/////setoajppperrrlclcxlllllolinrsooemhhhc/otoooooyoossneoosismecccccr,nfrneednaaai/ipnaaaaauaerretdddmjmoslllllnyiqhnseeepwpsi////o-luaurcsssltleppppp`uweispeic/e[ernhhhhhpidrdpeoo_4_.sppppphct,ebaosuaaao.oj,/////pahetsluuua1as88888n-r'eeidtttu.uov.....aednthhht5tne11111-rlvrdon222h,hr/////iuleuurro---[[rieeeeenn-rppuitooo55eftttttidtadpeppp..qyccccc`Ceilaasbeee2.2u/////opn/tlennn.,.itpccccimegse/wiii03rhhoooonpnidsirddd,4,eapnnnnodmite---.st.ffffase/pmhsccc4i....enclpoooo.dtnddddtrcoelplnnn.x.rhi////eim_eavnnn,-,ueaimorwepo_ceeeedpypmcpmisoaokdccc5e5acarcitsuaattt.v.laugyanhetugt---x,2r.ipca-rhteosss-.seicthl`W.:heeed5xink.e-)j^iarrre.-mei.i.t-s5nnvvvv0dpninioito.feee].elaningon2oirrr0vebiisn'rn[r,]_leoaamsvvveoeerlnat222qradeldta...ueuw-oil465i.qtihpwol...r,uhnil/na000eicaucb,5r^yhtpolrrd.e5ofgmeeer3.uforpqqu.s2riraosu.upxtlmdsei,ia-e.e-eetrrldvisrsreve/eene,.os2scvrsiaqlf.o]har=dol6lrotfeeocpc.ceraiixwkao1oedslutncb]b^qefes-gtkuu8usisesroacrci/a:doagcecrobddteiqiealbiehs/u/ueyuse.jij^etmiwrw9xhbP`artett2yHn--Ptdo4l4sodor.c.opriri1o1fdeunteg.b.oinpemi5u5uuiaCmonc|nmdlLpvac^d-/Ioali4csrl/.doimascsj2rnmoroawunpdifnttpelelotiaice.yres4ltt_nf.s/-oipti1acisaga.a.toseuncb5irrtokl|semvhrae^f[ie[eg4i8sr5eb.a.s.tsy2b0i^2h|l.n2.ecl^e0g.0suc4-4,ero.bbfrb3yerreu|toenc^lam.qtc5c6s,uli.o,yaiy0bot5rjuui.elwcrsxdotc.f-c[i,sidek4s/yaexe.aj8sbvtd1tw.tl]e.it9ee.nt5s[.mso]f4x.bi.i.-yosa1dInpb.enssel5vst.ce,,teiavfb9leiy.lrc.0hl,.oovc0raeo4-drb.aeesu4lnsic.pa/ocxhboni-alas/d1eu.je,twvPht]H2[.P-4.'o.,sp1e.9sn5.oi,5dd.i-xuc-mo.dn,eenvxe4]tc.et4bn-.ussxtie-ordtnveh.ever,[pv5a2.c.0k4.a.0g0,e,ivs2..,f5i.5x0.e,3d.vxt2-o.d6e1.v00].,.2.v02.(6l.o1c]k.fileversion)byapartialupdateandthatversiondoesnotmatch.Makesureyoulistitasanargumentfortheupdatecommand.

Therefore, following the reference below, I added the PHP-sodium extension.

https://qiita.com/tomcat0090/items/2564baa9179747b4d855

However, since the above site targets PHP version 8.0.x while the PHP version I am using is 8.1.24, I made some changes to the “3. Download and Compile PHP Extension” section.

#m#cwtcmm#cwtc/mg#cceE#pskdgad/aadgadu/ampaxOho1d2erckk3erscka4ttF5pd.i.~tloee.~tprek.me.ir/xin/-hneon-uCDuhzbf&iDuhxplfId<sVcmr-ostvsi&nostj-oitnuEieepwrtfogswrtf8cgeslOor~an/pdumtn/p.austeFni/t{llsliraallsp1lrtas=fwe~oo:iuekloo:h./el/$yw/ac/bmelac/p2plsHwWuda/s-da/-4hoOI/osldo1-clw8p-td$Mnprra/od.pha/w.e/whiHEshk/nswi0rensw1x8ieuO/tpildrnu.ecdr..t.tmMua.noclm1fkcp21hP.EsligcCo-8iCh4s-Hsrlnaoa1xop.bpPw/aiDlmd.=m.tdihwlti/p.0$pnainpE~wi-rsil.Hieru/-x/comerli1Olt.mpctupancceb8Mebhoeshl|t,s.Edzpnnrpo~lot/Pi2ifs/.pgr/idauHsziilihriubirsPtegoonpeessu.rr=nci/psromg/Ei/ae/d.zlxb#ulxsliootus/toourcetErpedcmganin/hnia/lsoslpsullinuo/im/iosrceopbn/eaxnhsplt/poht/es/dphpnoei-ihsdxu8spiitm./oue/1p8nmnr.o./.se2i1sil4n/ooe.tbnatsi}sanerts.p/bhlzypi2o-bucsroo#ndPfiAHiudPgmj-u81s.-.t1w0i.lbt1iih8nn-.kastroafydroi.rugmzthPeKGc_oCrOrNeFcItG_PPHAPTH8=.$1H.O2M4E/suosurr/cleocal/lib/pkgconfig/LDFLAGS=-L$HOME/usr/local/lib/

After performing the above, running the following again resulted in successful module installation.

composer.pharrequire'drupal/simple_oauth:^5.2'

Then, the module was enabled with the following.

vendor/bin/drushensimple_oauth

Creating an OAuth Client

I was unable to find documentation on configuring the simple_oauth module, but this time I will reference the following “Next.js for Drupal” documentation.

https://next-drupal.org/learn/preview-mode/create-oauth-client

Since the operating procedures are described in the above documentation, I will provide screenshots and notes below.

1. Create Role

/admin/people/roles

2. Assign Permissions

In particular, Bypass content access control appeared to be a necessary item for the subsequent process.

3. Create User

/admin/people/create

This time, I created a user named next.

4. Generate Keys

/admin/config/people/simple_oauth

For Generate keys, ../ is given as an example, but when using Sakura Rental Server, a path like /home/{username}/.ssh/drupal is more appropriate.

Therefore, first create a folder with a command like the following:

mkdir-p/home/{username}/.ssh/drupal

Enter the above path in the form displayed when clicking the Generate keys button.

After that, click the “Save configuration” button to save the settings.

5. Create Consumer

/admin/config/services/consumer/add

The OAuth client creation is now complete.

Testing with Postman

Specify POST with {DRUPAL path}/oauth/token.

In Body, specify x-www-form-urlencoded, with Key as grant_type and Value as client_credentials.

Also, specify the following in Pre-request Script.

ccccpooooonnnnssssstttttmaDDmenRRyn.UUScsPPtoeAArdtLLieE__ndnCCgSvLLtiII=rrEEioNN`nnTT$gm__{eISD=nDERtCUbV=RPtaEAor"TLai{_(at=CmbhLyle"ISe{Et(CtNr"LhTieIe_nnEIgcNCD)oTL};d_I:eIE$dDN{ATDuy_RBtoSUahuEPs"CAe,jRL6uE_4esTCntLecyInocoEcdruNoeeTddaj_eStuStesEurdtCsi}Rin"sEngeTg)t};}`b";tafSutnrcitnigontoencode

As a result, the following JSON data can be obtained.

{}"""teaoxckpceienrs_ests_y_tpioenk""e::n""3:B0e0"a,eryeJr0"e,XAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6..."

When verifying the above access_token with jwt.io, it can be confirmed that the User ID is 4, and the scope is set to “authenticated user” and the previously specified “Next.js Site.”

Trying OAuth2 Authentication with Drupal’s REST UI

Drupal Configuration

For how to use Postman, please also refer to the following article.

Access /admin/config/services/rest/resource/entity%3Anode/edit and select “oauth2” as the authentication provider.

Postman Operations (JSON:API)

Try sending a POST request as follows.

{path where DRUPAL is installed}/jsonapi/node/article

{}"}data""}"ta:ytpt{er""it:biut"tlneeos"d":e:-"-{PaargteicTliet"l,e"

At this time, select Bearer Token in Authorization and enter the token obtained earlier.

As a result, the content was added correctly.

When the token has expired, the following “Unauthorized” result was returned.

Postman Operations (Non-JSON:API)

On the other hand, when requesting {path where DRUPAL is installed}/node?_format=json, the following result was returned.

{}"message":"Accesstokencouldnotbeverified"

Since it worked when using the JSON Web Token Authentication module, there may be an error somewhere in the configuration. I would like to continue investigating.

Summary

I introduced a usage example of the simple_oauth module. There may be some errors, but we hope this serves as a useful reference.