Hi @ktohalloran! In order for an aggregator to connect to a farmOS instance, the farmOS instance needs to have an OAuth2 client configured with appropriate scopes. The Aggregator also needs to be configured to use the same client ID and scopes when it generates the authorization link.
Maybe you are already doing that? Figured that would be the first thing to mention in case you haven’t… (and for others who find this thread in the future).
SurveyStack has their own aggregator, and they provide an OAuth client via their farm_surveystack
module here: GitHub - mstenta/farm_surveystack: farmOS SurveyStack.io integration module. - So basically, in order to connect a farmOS instance to the SurveyStack Aggregator, that module needs to be installed on the farmOS instance.
If you look at farm_surveystack.install, when the module is installed it creates the OAuth2 consumer:
// Create an "SurveyStack.io Aggregator" consumer.
$consumer = Consumer::create([
'label' => 'SurveyStack.io Aggregator',
'client_id' => 'surveystack_aggregator',
'grant_types' => [
'authorization_code',
'refresh_token',
'password',
],
'scopes' => ['farm_manager'],
'access_token_expiration' => 3600,
'secret' => NULL,
'confidential' => FALSE,
'third_party' => FALSE,
'redirect' => 'https://surveystack.farmos.group/authorize-farm',
]);
$consumer->save();
And when it’s uninstalled, it deletes it:
// Delete the SurveyStack Aggregator consumer.
$consumers = \Drupal::entityTypeManager()->getStorage('consumer')
->loadByProperties(['client_id' => 'surveystack_aggregator']);
if (!empty($consumers)) {
$consumer = reset($consumers);
$consumer->delete();
}
And then, on the Aggregator side, the backend
container’s environment variables are configured to use that client ID:
AGGREGATOR_OAUTH_CLIENT_ID=surveystack_aggregator
AGGREGATOR_OAUTH_CLIENT_SECRET=
AGGREGATOR_OAUTH_SCOPES=[{"name":"farm_manager","label":"farmOS Manager","description":"Allow access to farmOS records."}]
AGGREGATOR_OAUTH_DEFAULT_SCOPES=["farm_manager"]
Note that the SurveyStack Aggregator currently uses the farm_manager
scope/role, which grants a high level of access. Ultimately it depends on what your particular application needs, so that’s up to you to determine the right level.
I also tried authorizing via the API.
I offer Aggregator hosting through Farmier and one of the features is the ability to register a new farmOS instance and automatically add it to an aggregator. This all happens via API calls, so it is definitely possible to do everything via the API.
The one catch is that it uses the password grant type for the authorization, which means that you need to know the user’s password ahead of time. The way I do it is I generate a random password, then create a dedicated user for the authorization with that password (using drush
), and then I use Python to add and authorize the farmOS instance with the aggregator via that user. Happy to share some of that code if it would be helpful.
Otherwise, you can also manually authorize through the Aggregator UI. Log into the normal frontend (not /docs
), select “Manage Farms” on the left, and click the “Add a farm” button. Fill in a name and the URL, check the “Active” box, and click “Save”. It should appear in the “Manage Farms” list, with a red “Unauthorized” button. Click that, scroll to the bottom, and click “Request Authorization”, then click the “Generate Authorization Link” button. Copy the link that is generated into a new tab, and it will take you to the farmOS instance you want to authorize. Make sure you are logged in as the farmOS user you want to authorize as! Once you authorize, you’ll be told that you can close the window, and everything should be wired up.
Also: be sure to configure a cron job on the server that is running the aggregator to refresh the access tokens! Otherwise the authorizations will expire. More details here: farmOS-aggregator/docs/deployment.md at 2.x · farmOS/farmOS-aggregator · GitHub
If you run into issues, let us know! We haven’t had dedicated funding to work on the Aggregator, and there are some known bugs/issues. We have some funding to take a pass through and make some updates soon, so now is a good time to report anything you find. 
Hope that all helps!