diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 23 |
1 files changed, 10 insertions, 13 deletions
@@ -30,21 +30,18 @@ You'll need a web server that can run CGI scripts, then you'll want a script that runs chkoauth2 with the appropriate options. Something like: #!/bin/sh + OAUTH2_AUTHORIZATION_URL="https://example.com/authorize" \ + OAUTH2_INTROSPECTION_URL="https://example.com/introspect" \ OAUTH2_CLIENT_ID="<OAuth2 client id>" \ OAUTH2_CLIENT_SECRET="<OAuth2 client secret>" \ - chkoauth2 \ - https://example.com/oauth/authorize \ - https://example.com/oauth/introspect \ - --scope create \ - another.cgi - -The sample script uses environment variables to provide the OAuth2 client -identity for interacting with the introspection endpoint, which is hosted at -example.com. chkoauth2 expects your web server to provided the Authorization -header in the `HTTP_AUTHORIZATION` environment variable. If the header contains -a valid Bearer token, and the token grants the required scope(s) ("create", in -this case), then chkoauth2 will invoke `another.cgi`. Otherwise, an appropriate -error will be returned. + chkoauth2 --scope create another.cgi + +The sample script is using environment variables to provide the configuration +for the OAuth2 authorization server. chkoauth2 expects your web server to +provided the Authorization header in the `HTTP_AUTHORIZATION` environment +variable. If the header contains a valid Bearer token, and the token grants the +required scope(s) ("create", in this case), then chkoauth2 will invoke +`another.cgi`. Otherwise, an appropriate error will be returned. The full list of granted scopes is passed to the application through the `OAUTH2_SCOPES` environment variable, allowing the wrapped CGI to check for an |