Skip to content

Instantly share code, notes, and snippets.

@ptmkenny
Last active February 23, 2021 08:16
Show Gist options
  • Save ptmkenny/4dd5447c8ba8fd988d54174105560eac to your computer and use it in GitHub Desktop.
Save ptmkenny/4dd5447c8ba8fd988d54174105560eac to your computer and use it in GitHub Desktop.
patch league/oauth2-server to allow the permissions check on pantheon

How to set up simple OAuth / OAuth 2.0 on Pantheon

According to the docs (https://pantheon.io/docs/modules-known-issues#simple-oauth--oauth-20), because it is not possible to change file permissions on Pantheon, even in the private directory, you can't use the Oauth module out of the box.

How to fix this

  1. Create the keys and put them in your Pantheon private files directory (for example, /files/private/oauth/public.key, needs permission 770) or commit them to git outside the web root (needs permission 644).

  2. Add the patch to your composer.json:

         "league/oauth2-server": {
             "Break permissions for Pantheon": "patches/oauth2-server_break-permissions-for-pantheon.patch"
         }
    
diff --git a/src/CryptKey.php b/src/CryptKey.php
index e2077f70..1621cd7a 100644
--- a/src/CryptKey.php
+++ b/src/CryptKey.php
@@ -55,7 +55,8 @@ class CryptKey
if ($keyPermissionsCheck === true) {
// Verify the permissions of the key
$keyPathPerms = \decoct(\fileperms($keyPath) & 0777);
- if (\in_array($keyPathPerms, ['400', '440', '600', '640', '660'], true) === false) {
+ // Pantheon: 770 (private files) or 644 (committed to git)
+ if (\in_array($keyPathPerms, ['400', '440', '600', '640', '644', '660', '770'], true) === false) {
\trigger_error(\sprintf(
'Key file "%s" permissions are not correct, recommend changing to 600 or 660 instead of %s',
$keyPath,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment