From 406c2eca191aed531dac74eaffafa70e956914b6 Mon Sep 17 00:00:00 2001 From: Jesse Morgan Date: Sun, 28 Jan 2024 11:21:51 -0800 Subject: Accept all OAuth2 client configuration through environment variables --- README.md | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 2c0dd4c..10587c2 100644 --- a/README.md +++ b/README.md @@ -30,21 +30,18 @@ You'll need a web server that can run CGI scripts, then you'll want a script that runs chkoauth2 with the appropriate options. Something like: #!/bin/sh + OAUTH2_AUTHORIZATION_URL="https://example.com/authorize" \ + OAUTH2_INTROSPECTION_URL="https://example.com/introspect" \ OAUTH2_CLIENT_ID="" \ OAUTH2_CLIENT_SECRET="" \ - chkoauth2 \ - https://example.com/oauth/authorize \ - https://example.com/oauth/introspect \ - --scope create \ - another.cgi - -The sample script uses environment variables to provide the OAuth2 client -identity for interacting with the introspection endpoint, which is hosted at -example.com. chkoauth2 expects your web server to provided the Authorization -header in the `HTTP_AUTHORIZATION` environment variable. If the header contains -a valid Bearer token, and the token grants the required scope(s) ("create", in -this case), then chkoauth2 will invoke `another.cgi`. Otherwise, an appropriate -error will be returned. + chkoauth2 --scope create another.cgi + +The sample script is using environment variables to provide the configuration +for the OAuth2 authorization server. chkoauth2 expects your web server to +provided the Authorization header in the `HTTP_AUTHORIZATION` environment +variable. If the header contains a valid Bearer token, and the token grants the +required scope(s) ("create", in this case), then chkoauth2 will invoke +`another.cgi`. Otherwise, an appropriate error will be returned. The full list of granted scopes is passed to the application through the `OAUTH2_SCOPES` environment variable, allowing the wrapped CGI to check for an -- cgit v1.2.3