Token Authenticator
 | Allow authenticating on XWiki using a token |
| Type | JAR |
| Category | Other |
| Developed by | |
| Support |
XWiki SAS
Community:
|
| Rating | |
| License | GNU Lesser General Public License 2.1 |
| Compatibility | XWiki 14.10.2+ is required. |
Table of contents
Description
It's possible to allow accessing any XWiki resource using a OAuth2/OpenID Connect access token.
For that you will need to setup a special authenticator ("Token based authenticator" in the UI) which will act as a bridge to authenticate the user if a token is found in the request or fallback to the "real" authenticator otherwise.
You can also configure it in the xwiki.cfg file with the property xwiki.authentication.authclass. The name of the class is org.xwiki.contrib.oidc.token.TokenAuthService in 2.21.0+ (and org.xwiki.contrib.oidc.provider.OIDCBridgeAuth in previous versions).
By default, the fallback is the standard XWiki authenticator, but you can indicate a specific one using the property oidc.token.authenticator in 2.21.0+ (oidc.provider.authenticator in previous versions) in the xwiki.properties configuration file.
Also, users can manage (create/delete) application access/tokens associated to them in their profile.
The token management allow creating a token that never expires, or choose a custom expiration date for it. The expiration time of the token is measured in days, so the minimum lifetime of a token is a day. Some predefined lifetimes (7, 30, 60 or 90 days) help the users create a token quickly. As per standard functioning of tokens, whenever the token's lifetime has expired, a new token needs to be generated and replaced in the applicationsĀ using it.
Configuration
The provider can be configured in xwiki.properties file:
#-# Indicate if the token creation UI should be enabled or not.
#-# By default, it's enabled only if the Token Authenticator is identified as the configured authenticator
#-# but it might be necessary in some use cases to explicitly enable it (because it's actually a fallback authenticator, etc.).
# oidc.consent.createConsentEnabled=truePrerequisites & Installation Instructions
We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).
You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.
Versions
Dependencies
Dependencies for this extension (org.xwiki.contrib.oidc:token-authenticator 2.22.1):
- org.xwiki.contrib.oidc:oidc-consent 2.22.1
- org.xwiki.contrib:authservice-backport-api 1.1.1
