Is the Calendar App accessible by OAUTH2 authorization?

Hello,

I’m using ownCLoud 10.8.0.4 Community edition. There is an activated Calendar application. And I just activated the OAuth2 application. I have done it hoping to access the calendar from my code through oauth2 instead of login/password.

I’ve checked the access to protected URL “https://domain.tld/ocs/v1.php/cloud/capabilities” by OAuth2 and it works.

If I read events from Calendar using HTTP request with authorization “Basic” by login/password.
I got all the expected data. My request looks like this:

REPORT http://domain.tld/remote.php/dav/calendars/USER_NAME/CALENDAR_NAME HTTP/1.1
User-Agent: Mozilla/5.0
Content-Type: application/xml; charset="utf-8"
Authorization: Basic ......

<?xml version='1.0' encoding='utf-8'?>
<C:calendar-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav">
    <D:prop>
        <C:calendar-data/>
    </D:prop>
    <C:filter>
        <C:comp-filter name="VCALENDAR"><C:comp-filter name="VEVENT"/>
        </C:comp-filter>
    </C:filter>
</C:calendar-query>

But when I tried to make the same request using authorization “Bearer” by Oauth2 token I’ve got something weird and unexpected:

HTTP/1.1 404 Not Found
Content-Type: application/xml; charset=utf-8

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotFound</s:exception>
  <s:message>File not found: USER_NAME in 'principals'</s:message>
</d:error>

What is the reason? Something wrong with my request?
Thank you.

With regards,
Alex.

BTW I’ve tested the case with the official docker container owncloud/server and I got the same results. So it looks there is a bug in ownCloud Calendar Application related to OAuth2.

What does the owncloud.log say about this failure?

There 3 records related to the issue in the
owncloud.log (4.0 KB)

1

{
"reqId": "YZuBuqkKn29YeRuiHw5ZCAAAAEA",
"level": 0,
"time": "2021-11-22T12:40:42+01:00",
"remoteAddr": "xxx.xxx.xxx.xxx",
"user": "--",
"app": "OC\\Authentication\\Token\\DefaultTokenProvider::invalidateToken",
"method": "GET",
"url": "\/remote.php\/dav\/calendars\/USER_NAME\/CALENDAR_NAME\/?export",
"message": "invalidating token c764fe1fe4ab9e365010dd16531214d05e22099ff8b3a1f613e176d9667199310365b2eb4f9c4ab30970a27b9b83ad0e8e81042b6a9e537ec23d827b78f0c2c5"
}

2

{
"reqId": "YZuBuqkKn29YeRuiHw5ZCAAAAEA",
"level": 0,
"time": "2021-11-22T12:40:42+01:00",
"remoteAddr": "xxx.xxx.xxx.xxx",
"user": "--",
"app": "OC\\Authentication\\Token\\DefaultTokenProvider::generateToken",
"method": "GET",
"url": "\/remote.php\/dav\/calendars\/USER_NAME\/CALENDAR_NAME\/?export",
"message": "generating token c764fe1fe4ab9e365010dd16531214d05e22099ff8b3a1f613e176d9667199310365b2eb4f9c4ab30970a27b9b83ad0e8e81042b6a9e537ec23d827b78f0c2c5, uid USER_NAME, loginName USER_NAME, pwd empty, name python-requests\/2.26.0, type temporary"
}

3

{
"reqId": "YZuBuqkKn29YeRuiHw5ZCAAAAEA",
"level": 0,
"time": "2021-11-22T12:40:42+01:00",
"remoteAddr": "xxx.xxx.xxx.xxx",
"user": "USER_NAME",
"app": "webdav",
"method": "GET",
"url": "\/remote.php\/dav\/calendars\/USER_NAME\/CALENDAR_NAME\/?export",
"message": "Exception: HTTP\/1.1 404 File not found: USER_NAME in 'principals': {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotFound\",\"Message\":\"File not found: USER_NAME in 'principals'\",\"Code\":0,\"Trace\":\"#0 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Tree.php(78): Sabre\\\\DAV\\\\SimpleCollection->getChild('USER_NAME')\\n#1 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/apps\\\/dav\\\/lib\\\/Tree.php(51): Sabre\\\\DAV\\\\Tree->getNodeForPath('principals\\\/USER...')\\n#2 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(335): OCA\\\\DAV\\\\Tree->getNodeForPath('principals\\\/USER...')\\n#3 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(388): Sabre\\\\DAVACL\\\\Plugin->getPrincipalMembership('principals\\\/USER...')\\n#4 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(641): Sabre\\\\DAVACL\\\\Plugin->principalMatchesPrincipal('principals\\\/user...')\\n#5 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(199): Sabre\\\\DAVACL\\\\Plugin->getCurrentUserPrivilegeSet(Object(OCA\\\\DAV\\\\CalDAV\\\\Calendar))\\n#6 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/DavAclPlugin.php(51): Sabre\\\\DAVACL\\\\Plugin->checkPrivileges('calendars\\\/USER_...', Array, 1, false)\\n#7 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(846): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\DavAclPlugin->checkPrivileges('calendars\\\/USER_...', '{DAV:}read')\\n#8 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(89): Sabre\\\\DAVACL\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#9 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(456): Sabre\\\\DAV\\\\Server->emit('beforeMethod:GE...', Array)\\n#10 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(253): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#11 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/apps\\\/dav\\\/lib\\\/Server.php(334): Sabre\\\\DAV\\\\Server->start()\\n#12 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#13 \\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/remote.php(165): require_once('\\\/www\\\/htdocs\\\/w99...')\\n#14 {main}\",\"File\":\"\\\/www\\\/htdocs\\\/w999999e\\\/domain.tld\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/SimpleCollection.php\",\"Line\":97}"
}

The latest message has exception info:

{
"Exception": "Sabre\DAV\Exception\NotFound",
"Message": "File not found: USER_NAME in 'principals'",
"Code": 0,
"Trace": "......"
"File": "/www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAV/SimpleCollection.php",
"Line": 97
}

I’ve decoded and prettified the trace data a bit:

#0 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAV/Tree.php(78): Sabre\DAV\SimpleCollection->getChild('USER_NAME')
#1 /www/htdocs/w999999e/domain.tld/apps/dav/lib/Tree.php(51): Sabre\DAV\Tree->getNodeForPath('principals/USER...')
#2 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAVACL/Plugin.php(335): OCA\DAV\Tree->getNodeForPath('principals/USER...')
#3 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAVACL/Plugin.php(388): Sabre\DAVACL\Plugin->getPrincipalMembership('principals/USER...')
#4 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAVACL/Plugin.php(641): Sabre\DAVACL\Plugin->principalMatchesPrincipal('principals/user...')
#5 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAVACL/Plugin.php(199): Sabre\DAVACL\Plugin->getCurrentUserPrivilegeSet(Object(OCA\DAV\CalDAV\Calendar))
#6 /www/htdocs/w999999e/domain.tld/apps/dav/lib/Connector/Sabre/DavAclPlugin.php(51): Sabre\DAVACL\Plugin->checkPrivileges('calendars/USER_...', Array, 1, false)
#7 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAVACL/Plugin.php(846): OCA\DAV\Connector\Sabre\DavAclPlugin->checkPrivileges('calendars/USER_...', '{DAV:}read')
#8 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/event/lib/WildcardEmitterTrait.php(89): Sabre\DAVACL\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
#9 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAV/Server.php(456): Sabre\DAV\Server->emit('beforeMethod:GE...', Array)
#10 /www/htdocs/w999999e/domain.tld/lib/composer/sabre/dav/lib/DAV/Server.php(253): Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
#11 /www/htdocs/w999999e/domain.tld/apps/dav/lib/Server.php(334): Sabre\DAV\Server->start()
#12 /www/htdocs/w999999e/domain.tld/apps/dav/appinfo/v2/remote.php(31): OCA\DAV\Server->exec()
#13 /www/htdocs/w999999e/domain.tld/remote.php(165): require_once('/www/htdocs/w99...')
#14 {main}

What do you think about it?

Currently, I only can confirm the issue. I got the same.

1 Like

Continuing the discussion from Is the Calendar App accessible by OAUTH2 authorization?:

I can see that you are running the wrong url from the calendar (or the old one):

https://[SERVER]/remote.php/dav/calerdars/[USERNAME]/owncloud

Could you try this one?

Nothing wrong, IMHO.

This is precisely what I’m using, and doesn’t work.

https://{{server}}/remote.php/dav/calendars/{{user}}/{{calendar}}

If the “owncloud” in your URL is calendar name then this is exactly the URL that I’m running and that works with auth Basic and doesn’t work with auth Bearer.

Yes, this is it

Any other ideas to solve the issue or at least to get a workaround?