Investigate WebDAV authentication with OAuth2 token

[michzimny]

Currently, the fuse image assumes that WebDAV authentication is done with username and password. We want to investigate authenticating with OAuth2 token instead.

Moreover, as the token may expire, it should be passed to the container via a file, not an env var, so the container could reread it periodically.

Is it what we mean, @diocas?

[michzimny]

Our current fuse/webdav lib is davfs2. There's a thread in the davfs2 bugzilla, in which the lib author said he would not implement OAuth tokens. However, he gave suggestions for a workaround:

With option "add_header" you can add any header you want, e.g. your non-standard authorization header. Details are in "man davfs2.conf".

Additional advise:

• Remove all file permission for group and others from file davfs2.conf, so nobody but you can read your token.
• Your header-value probably contains spaces. You must enclose the value in double quotes.
• Additionaly set option "ask_auth 0" to prevent useless input requests.

We could probably try it (although the asking person from that thread seems to be failing with this workaround). However, an open issue remains that there is probably no way to replace the token value on the fly. Remounting is rather not an option.

Other options are trying some alternative libraries, e.g. webdavfs.

CC @diocas

[diocas]

Yes, the real issue is the fact that we cannot update the token. We could try the workaround (but then how does it work if he does base64(user:pass)?). If it works we ask the guy to allow reading the password from a file, which doesn't seem to big of a task.. Could we implement it ourselves and do a PR?

We can also try alternatives, but didn't you discard others because of their performance?
That webdavfs, doesn't it also prevent the use of a file?

[michzimny]

The workaround works fine. I tested it with Nextcloud and documented in #8.

The missing part is extending the davfs2 library. I forked it into https://github.com/sciencemesh/davfs2 and start specifying requirements for that extension here.