From 6f972e3d2f9e874ec07749947acc5a2222b0014a Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 9 Dec 2024 08:36:32 +0100 Subject: [PATCH] Documentation for protocols using OAuth 2.0 authorization code flow to grant access. --- protocols/dropbox.md | 15 +++++++++++---- protocols/googlecloudstorage.md | 23 +++++++++++------------ protocols/googledrive.md | 29 +++++++++++++++++------------ protocols/onedrive.md | 18 +++++++++++------- protocols/sharepoint.md | 21 +++++++++++++-------- 5 files changed, 63 insertions(+), 43 deletions(-) diff --git a/protocols/dropbox.md b/protocols/dropbox.md index 6581199d..5130fc25 100644 --- a/protocols/dropbox.md +++ b/protocols/dropbox.md @@ -12,26 +12,33 @@ Access your [Dropbox](https://db.tt/49NiK95I) without syncing to your computer. ## Connecting -1. You will be asked to link Cyberduck to your Dropbox account on your first connection attempt. +:::{admonition} OAuth 2.0 +:class: note +Dropbox uses a OAuth 2.0 authorization code flow to grant access. +::: + +1. Choose _[Open Connection…](../cyberduck/connection.md)_ or add a _[New Bookmark](../cyberduck/bookmarks.md)_ to save the connection settings. +2. No credentials must be entered for opening a connection, but instead you need to log in to your Dropbox account + and grant access in your web browser after choosing _Connect_. :::{image} _images/Dropbox_Link.png :alt: Dropbox Link :width: 500px ::: -2. Log in to Dropbox and grant permissions to *Cyberduck*. +3. Log in to Dropbox and grant permissions by selecting _Allow_. :::{image} _images/Dropbox_Permissions.png :alt: Dropbox Permissions :width: 500px ::: -3. The authorization code will be submitted to Cyberduck automatically. +4. Allow to _"Open Cyberduck"_ in your web browser to submit the authorization code used to retrieve the access token for authenticating with Dropbox. Subsequent connections will not require authorization. :::{admonition} Multiple Accounts :class: tip -You can connect to multiple accounts at the same time. Create a new bookmark for every account and run through the OAuth flow. Make sure to log out in your browser prior to setting up a new bookmark to make sure the new bookmark is linked to a newly authenticated account. +You can connect to multiple accounts at the same time. Create a new bookmark for every account and run through the OAuth 2.0 flow. Make sure to log out in your browser prior to setting up a new bookmark to make sure the new bookmark is linked to a newly authenticated account. ::: ### Reset OAuth Tokens diff --git a/protocols/googlecloudstorage.md b/protocols/googlecloudstorage.md index 488ff50c..473fdef6 100644 --- a/protocols/googlecloudstorage.md +++ b/protocols/googlecloudstorage.md @@ -25,18 +25,17 @@ In the login prompt of Cyberduck you enter the *Access Key* for the username and ### OAuth 2.0 Access -:::{attention} -Using prior versions to 4.12.0 (Mountain Duck) or 8.4.0 (Cyberduck), you might **not** be able to connect to Google Cloud Storage anymore because of the deprecated OAuth out-of-band flow. -::: - -You must obtain the project ID (`x-goog-project-id`) of your project from the Google Cloud Platform under *Storage Access* from the Google Cloud Storage tab. [Direct link to Google Cloud Storage settings.](https://console.cloud.google.com/storage/settings) - -:::{image} _images/Project_ID_Bookmark_Configuration.png -:alt: Project ID Bookmark Configuration -:width: 500px -::: - -In the login prompt of Cyberduck, you enter the `x-goog-project-id` for the username. The authorization code will be submitted to Cyberduck automatically. You access the page with the authorization code from the link displayed in the login prompt. Click it to open it in a web browser window. You only need to get the authorization code from the website on the first login attempt. Subsequent OAuth authentications will use a refresh token retrieved from the service. +1. Obtain the project ID (`x-goog-project-id`) of your project from the Google Cloud Platform under *Storage Access* from the Google Cloud Storage tab. [Direct link to Google Cloud Storage settings.](https://console.cloud.google.com/storage/settings) + + :::{image} _images/Project_ID_Bookmark_Configuration.png + :alt: Project ID Bookmark Configuration + :width: 500px + ::: +2. Choose _[Open Connection…](../cyberduck/connection.md)_ or add a _[New Bookmark](../cyberduck/bookmarks.md)_ to save the connection settings. +3. Enter the `x-goog-project-id` for the _Username_ +4. Choose _Connect_ to open your web browser. +5. Login to your Google account and grant access to Google Cloud Storage. +6. Allow to _"Open Cyberduck"_ in your web browser to submit the authorization code used to retrieve the access token for authenticating with Google Cloud Storage. Subsequent connections will not require authorization, unless the refresh token expired due to inactivity. :::{attention} Using *[Advanced Protection Program](https://support.google.com/accounts/answer/7539956#non-goog_apps&zippy=%2Ccan-i-use-non-google-apps-services-or-apps-script-with-advanced-protection)* will cause the OAuth login flow to fail. diff --git a/protocols/googledrive.md b/protocols/googledrive.md index 878d9630..ebefaf1c 100644 --- a/protocols/googledrive.md +++ b/protocols/googledrive.md @@ -19,24 +19,29 @@ Download [Mountain Duck](https://mountainduck.io/) as an alternative to *Drive F Connect to your [Google Drive](http://drive.google.com/) to store plain files. +:::{admonition} Advanced Protection Program +:class: warning + +Using *[Advanced Protection Program](https://support.google.com/accounts/answer/7539956#non-goog_apps&zippy=%2Ccan-i-use-non-google-apps-services-or-apps-script-with-advanced-protection)* will cause the OAuth login flow to fail with the error message: `400 admin_policy_enforced`. +::: + ### Authentication -:::{attention} -Using prior versions to 4.12.0 (Mountain Duck) or 8.4.0 (Cyberduck), you might **not** be able to connect to Google -Drive anymore because of the deprecated OAuth out-of-band flow. +:::{admonition} OAuth 2.0 +:class: note +Google Drive uses a OAuth 2.0 authorization code flow to grant access. ::: -Google Drive uses OAuth 2 to allow Cyberduck to access your files on Google Drive. Choose your account email as the -username in the bookmark and choose *Allow* on the website opened in your default web browser to allow Cyberduck to -*View and manage the files in your Google Drive*. The authorization code will be submitted to Cyberduck automatically. -Subsequent connections will not require authorization, unless the refresh token itself is expired due to inactivity. +1. Choose _[Open Connection…](../cyberduck/connection.md)_ or add a _[New Bookmark](../cyberduck/bookmarks.md)_ to save the connection settings. +2. No credentials must be entered for opening a connection, but instead you need to log-in to your Google account +and grant access in your web browser after choosing _Connect_. +3. Choose *Allow* on the website opened in your default web browser to grant access. +4. Allow to _"Open Cyberduck"_ in your web browser to submit the authorization code used to retrieve the access token for authenticating with Google Drive. Subsequent connections will not require authorization, unless the refresh token expired due to inactivity. -:::{admonition} Advanced Protection Program -:class: warning +:::{admonition} Multiple Accounts +:class: tip -Using -*[Advanced Protection Program](https://support.google.com/accounts/answer/7539956#non-goog_apps&zippy=%2Ccan-i-use-non-google-apps-services-or-apps-script-with-advanced-protection)* -will cause the OAuth login flow to fail with the error message: `400 admin_policy_enforced`. +You can connect to multiple accounts at the same time. Create a new bookmark for every account and run through the OAuth 2.0 flow. Make sure to log out in your browser prior to setting up a new bookmark to make sure the new bookmark is linked to a newly authenticated account. ::: ### Google Apps Accounts diff --git a/protocols/onedrive.md b/protocols/onedrive.md index dc9ed0ab..94ab70a2 100644 --- a/protocols/onedrive.md +++ b/protocols/onedrive.md @@ -12,18 +12,22 @@ Download [Mountain Duck](https://mountainduck.io/) as an alternative to the *One ## Connecting -> Microsoft Graph, OneDrive, and SharePoint support using a standard OAuth2 authorization flow. +:::{admonition} OAuth 2.0 +:class: note +Microsoft Graph, OneDrive, and SharePoint use a OAuth 2.0 authorization code flow to grant access. +::: The OneDrive connection profile is bundled by default and connects to the endpoint `https://graph.microsoft.com/v1.0/me`. Login with your personal or business account to `login.microsoftonline.com` when prompted to grant access to Cyberduck. -- OneDrive uses OAuth 2 for authentication with `graph.microsoft.com`. When opening a connection, a web browser window is opened to grant access to OneDrive for Cyberduck. +1. No credentials must be entered for opening a connection, but instead you need to log-in to your Microsoft account + and grant access in your web browser after choosing _Connect_. -:::{image} _images/OneDrive_Sign_In.png -:alt: OneDrive sign in -:width: 500px -::: + :::{image} _images/OneDrive_Sign_In.png + :alt: OneDrive sign in + :width: 500px + ::: -- The authorization code will be submitted to Cyberduck automatically. Subsequent connections will not require authorization, unless the refresh token itself is expired due to inactivity. +2. Allow to _"Open Cyberduck"_ in your web browser to submit the authorization code used to retrieve the access token for authenticating with OneDrive. Subsequent connections will not require authorization, unless the refresh token expired due to inactivity. :::{admonition} Multiple Accounts :class: tip diff --git a/protocols/sharepoint.md b/protocols/sharepoint.md index bc52e634..4eb8964f 100644 --- a/protocols/sharepoint.md +++ b/protocols/sharepoint.md @@ -12,20 +12,25 @@ Download [Mountain Duck](https://mountainduck.io/) to access in Finder on macOS ## SharePoint Online +:::{admonition} OAuth 2.0 +:class: note +Microsoft SharePoint uses a OAuth 2.0 authorization code flow to grant access. +::: + ### Microsoft SharePoint Connection Profile -Connect to *SharePoint Online* with the built-in *Microsoft SharePoint connection profile*. Follow these steps to connect to your *SharePoint Online libraries*: +Connect to *SharePoint Online* with the bundled *Microsoft SharePoint* connection profile. Follow these steps to connect to your *SharePoint Online libraries*: -1. Create a bookmark with Microsoft SharePoint connection profile -2. Enter your email address into the username field. The email address is solely used for internal identification and not actual authentication against SharePoint using OAuth. -3. Double click to connect to the newly created bookmark. A web browser window will open to login to `login.microsoftonline.com` with your `onmicrosoft.com` account. -4. Grant permission to *Cyberduck* for *OneDrive* and *SharePoint*. -5. The authorization code will be submitted to Cyberduck automatically. -6. You are now able to access all sites, subsites, and document libraries thereof as well as all groups you are a member of. +1. Choose _[Open Connection…](../cyberduck/connection.md)_ or add a _[New Bookmark](../cyberduck/bookmarks.md)_ to save the connection settings and select the _Microsoft SharePoint_ connection profile. +2. No credentials must be entered for opening a connection, but instead after choosing _Connect_ you need to log in to `login.microsoftonline.com` with your `onmicrosoft.com` account in your web browser. +3. Grant permission to *Cyberduck* to access your *SharePoint* library. +4. Allow to _"Open Cyberduck"_ in your web browser to submit the authorization code used to retrieve the access token for authenticating with Microsoft SharePoint. Subsequent connections will not require authorization, unless the refresh token expired due to inactivity. +5. You are now able to access all sites, subsites, and document libraries thereof as well as all groups you are a member of. ### Microsoft SharePoint Site Connection Profile -In case you are trying to access a site that isn't listed when connecting with the *Microsoft SharePoint* connection profile you can try to access the missing site with help of the *Microsoft SharePoint Site* connection profile. While using the *Microsoft SharePoint Site* connection profile you are required to use your SharePoint hostname (`contoso.sharepoint.com`) and the URL prefix path configured for your SharePoint site. +In case you are trying to access a site that is not listed when connecting with the *Microsoft SharePoint* connection profile, +you can try to access the missing site with help of the *Microsoft SharePoint Site* connection profile. When using the *Microsoft SharePoint Site* connection profile, you are required to enter the SharePoint hostname (such as `contoso.sharepoint.com`) and the URL prefix path configured for your SharePoint site. :::{note} You can't mount a specific directory with this method as the Path field is used for the URL prefix path.