Document OAuth2 feature

[pmaier1]

Soon we will release a new app that adds server-side OAuth2 support (https://github.com/owncloud/oauth2).
It will be used for connecting the ownCloud clients (desktop and mobile) in a standardized and secure way and to make integrations in 3rd party software easier by providing an authorization interface.
We need user (what is it?, benefits?, connecting clients to oC via OAuth2, revoking sessions, etc.) and admin (basic configuration, restricting use to the official clients or branded custom clients, etc.) docs for this.

Some input in my PR for the app description e.g. on the marketplace owncloud/oauth2#78

Please check the flows and functionalities (for client-side you will need to use a nightly version of 2.4 as it's not released yet).
More input can be provided by me, @michaelstingl and @SamuAlfageme

Fixes owncloud/oauth2#57

[pmaier1]

App is released, adjusting priority.

[pmaier1]

https://marketplace.owncloud.com/apps/oauth2

[settermjd]

Thanks for adding me @pmaier1. I'll get on it.

[pmaier1]

We also need to document the known limitations for larger enterprise scenarios, e.g. issues with F5 web application firewalls. @michaelstingl Can you please provide input for this here?

[michaelstingl]

@butonic 's OAuth code Flow Sequence Diagram:
https://github.com/owncloud/oauth2/wiki/OAuth-code-Flow-Sequence-Diagram

[michaelstingl]

No limitations. Only some things we are trying to solve, couldn't be solved if there is an pre-V13 F5 for example. From my understanding, it isn't worse than without OAuth2.

[settermjd]

Thanks @michaelstingl

[pmaier1]

No limitations. Only some things we are trying to solve, couldn't be solved if there is an pre-V13 F5 for example.

So shouldn't we document the limitation that with F5 in versions <13 in front of oC you won't be able to use OAuth2?

[michaelstingl]

You can use OAuth2, no problem. But it's more tricky to solve the issue with the short expiration of the F5-/IdP-Session. If you have short sessions, they are still short with OAuth2. Not a limitation.

[pmaier1]

Input: https://owncloud.org/blog/introducing-oauth2-secure-authorization-flow

[pmaier1]

Fixes owncloud/oauth2#57

[SamuAlfageme]

As mentioned in the issue and scattered in different places, we also need to tell: owncloud/oauth2#49 -> this is about both Apache modules required for the app to work out and VirtualHost configuration to support it.

[settermjd]

Thanks @SamuAlfageme