summaryrefslogtreecommitdiff
path: root/README.md
blob: 10587c28394e27e218eb0ea8e5186b9a44772959 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

chkoauth2
=========

chkoauth2 is a CGI-based wrapper which will validate OAuth2 bearer tokens before
executing another script.

chkoauth2 also includes an IndieAuth extension, which will pass the user's
profiler URL to the wrapped script. See the IndieAuth specification for more
information: https://indieauth.spec.indieweb.org/#access-token-verification


INSTALLATION
------------

You will need Rust and Cargo to build and install this project.

To install in your home directory, run:

  cargo install --path .

To disable the IndieAuth extension, add the `--no-default-features` flag. To
install elsewhere, use the --root flag. See `cargo install --help` for more
options.


USAGE
-----

You'll need a web server that can run CGI scripts, then you'll want a script
that runs chkoauth2 with the appropriate options. Something like:

    #!/bin/sh
    OAUTH2_AUTHORIZATION_URL="https://example.com/authorize" \
    OAUTH2_INTROSPECTION_URL="https://example.com/introspect" \
    OAUTH2_CLIENT_ID="<OAuth2 client id>" \
    OAUTH2_CLIENT_SECRET="<OAuth2 client secret>" \
    chkoauth2 --scope create another.cgi

The sample script is using environment variables to provide the configuration
for the OAuth2 authorization server. chkoauth2 expects your web server to
provided the Authorization header in the `HTTP_AUTHORIZATION` environment
variable. If the header contains a valid Bearer token, and the token grants the
required scope(s) ("create", in this case), then chkoauth2 will invoke
`another.cgi`. Otherwise, an appropriate error will be returned.

The full list of granted scopes is passed to the application through the
`OAUTH2_SCOPES` environment variable, allowing the wrapped CGI to check for an
optional scope. If the IndieAuth extension is enabled, the profile URL is passed
in the `INDIEAUTH_ME` environment variable.

chkoauth2 can log debug and warning information to stderr. The log level is set
by adding the `RUST_LOG` environment variable to `error`, `warn`, `info`,
`debug`, or `trace`.


CONTRIBUTING
------------

Send feedback, questions, or patches to jesse@jesterpm.net.


LICENSE
-------

This software is distributed under the MIT License. See LICENSE for more
information.
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-14 23:26:40 +0000