[Feature Request] occ commands to handle OAuth2 features

[SamuAlfageme]

Would be nice to include a few occ oauth: commands to handle some of the app's functions, e.g.

• Set access_tokenexpiration time
• Add/Generate a new Client (with/without explicit client_id/client_secret)
• Revoke a session (not sure if possible with current implementation - i.e. only the user is able to do so from "Settings > Security")
• ...

[IljaN]

ilja@ilja-lap ~/c/core2> ./occ oauth2:create-client --help
Usage:
  oauth2:create-client [options]

Options:
  -U, --redirect-uri=REDIRECT-URI            Redirect Url
  -N, --name[=NAME]                          Name of the client [default: "a696a05e3d64"]
  -s, --allow-sub-domain[=ALLOW-SUB-DOMAIN]  Allow sub-domain [default: false]

Do we need a possibility to set identifier and secret? I would propose to leave them always auto generated for security reasons or else people will start to generate too short identifierts

[SamuAlfageme]

Do we need a possibility to set identifier and secret?

I'd say yes, but no strong opinion. It makes easier to do #72 and avoid things like #73. To avoid them being too short we could force to be of a required length.

[Dagefoerde]

I think you shouldn't be able to define secrets manually. In my opinion they should be completely random to have the most entropy.
Client ID doesn't really matter, it's transported openly in the URLs anyway, so user-defined strings may only cause problems if they contain very weird chars. Some simple validation might be sufficient here.

[IljaN]

@Dagefoerde Yeah that was my concern, I think we will go the route of not allowing to manually define secrets whatsoever.

[cortho]

@Dagefoerde, @IljaN I disagree.

When the ownCloud clients come with predefined, even hardcoded settings (see

oauth2/appinfo/Migrations/Version20170329194544.php

Line 15 in daf8bdd

private static $registry = [

) why shouldn't this be possible for users?

We would need this, for instance, for automated rollout of larger instances.