Questions tagged [oauth-2.0]

1

votes
2

answer
6.1k

Views

How to make the refresh token life long valid and issue a new refresh token each time a new refresh_token grant_type comes in spring security oauth2

I am using spring security oauth2 for authentication for my android application clients.When the client request comes with grant_type as password the server issues the access token and refresh token.If the access token expires i can issue a new access token by sending a request with grant_type as re...
KJEjava48
0

votes
0

answer
2

Views

How to request authentication from a user for a YouTube Analytics API script?

I have a python script that pulls stats from my YouTube channel. I used this sample code here. I have downloaded the Client secret, authorised YouTube API and I am able to see some data in the response. Now I'm trying to pull data for another YouTube channel (from a separate google user, for example...
giac_man
0

votes
0

answer
8

Views

How can I access the birthdate from HWI/OAuthBundle when connecting via google OAuth 2?

I have a PHP Symfony 4.2 application with HWI/OAuthBundle properly configured. I created an OAuth 2 key and secret. I configured it in the hwi_oauth section of the symfony files. I use it to login users via a custom UserProvider. In particular I'm concerned in overwriting the method public function...
Xavi Montero
1

votes
1

answer
39

Views

Express OAuth Authorization for Different Access Methods

I am looking to figure out best practices for the following scenario. I am a relatively new/hobby programmer. I am developing a chat bot that is using Dialogflow. I want users to be able to use different messaging apps to be able to access the data and information in a backed database, but that I...
Mike Nelson
1

votes
0

answer
184

Views

oauth2 server creation Nodejs

I'm trying to implement an OAUTH2 server in nodeJS, which allows client app to login users using my website(like login with google). I tried using oauth2orise(https://www.npmjs.com/package/oauth2orize) and referred few links:- https://hnryjms.io/2014/07/oauth2/ http://scottksmith.com/blog/2014/07/02...
Tanzil KM
1

votes
0

answer
155

Views

Which scopes and APIs to use with Microsoft Live OAuth?

I've been trying to include Microsoft OAuth authentication in my web app using the following documentations : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code And: https://msdn.microsoft.com/en-us/library/hh243647.aspx My question is this : sho...
Michael
1

votes
1

answer
1.1k

Views

Laravel Passport APi - Implicit grant

I want to build a spa via angularjs and use laravel as a api for the spa. Reading trough the docs of laravel passport i discovered that i need to use the implicit grant for this purpose. But i am not really sure in how it should work from front to back. I just want to have the ability to log in a us...
Jules
1

votes
0

answer
630

Views

Linkedin OAuth raising 500 Internal Server Error since January 1st, 2018

I'm having the error below since January 1st, 2018 when trying to login in my system with Linkedin OAuth2: 500 Server Error: Internal Server Error for url: https://api.linkedin.com/v1/people/~:(email-address,first-name,headline,id,last-name,picture-url,positions,public-profile-url)?format=json For t...
Ruben Alves
1

votes
0

answer
91

Views

Using OAuth connection type to Access Salesforce via Talend Data Integration

I am trying to access Salesforce data using Talend Data Integration Tool.I tried establishing connection using OAuth, However there is some issue with Callback Port. Is there anyone who also went through this kind of issue? If yes then what port number did you used.
Nikhil Yadav
1

votes
0

answer
208

Views

Bitrix don't send access token oauth2

I tried to connect with bitrix using software Postman API. The goal was to test some REST comments, but I have problem with authorization. Using Postman I filled up: auth url, access token url, Client ID and Client secret of my bitrix, after that login page is visible and I entered login and passwo...
Menomen
1

votes
0

answer
293

Views

Vertx + OpenAPI + OAuth2 security handler is calling twice

I'm a newbie in vertx world. I used this link for setting up my openapi routing: https://gist.github.com/slinkydeveloper/bdf5929c2506988d78fc08205089409a Here is my sources: api.yaml #other endpoints... /api/v1/protected/verification: post: summary: Summary operationId: verification security: - Ap...
Bakhrom Achilov
1

votes
0

answer
60

Views

OmniAuth::Strategies::OAuth2::CallbackError user_cancelled_login | The user cancelled LinkedIn login

So I am developing a Rails application with LinkedIn authentication. The application works fine in all the cases except the case when user cancels the login. I have already visited all the solutions on this site could possibly help, but no luck. I have designed a very basic login structure and I cou...
KINNARI SHARMA
1

votes
0

answer
347

Views

LinkedIn Authentication using OAuth2.0 in ASP.NET Core 2.0

I am trying to use the LinkedIn authentication in my asp.net core 2.0 app. I am following this article as an example, but its using Core 1.0: Authenticating a user with LinkedIn in ASP.NET Core Some of the code updates to move to Core 2.0 I have made are in the registration of the middleware: publi...
Reza
1

votes
2

answer
333

Views

get refresh token from authorization code google oauth2

I am trying to get Exchange authorization code for refresh and access tokens. here is my post call data I am sending to google. var requestBody = { code:**mycode**, grant_type:'authorization_code', client_secret: **mysecret**, client_id: **clientId**, redirect_uri:'http://localhost:3000' } I am send...
Saurabh Sinha
1

votes
0

answer
1.3k

Views

Getting 403 Forbidden when trying to get authorization code using the authorization code grant type

I have resource, authorization written using Spring boot and OAuth2. The resources are going to access by another web server application. So I thought of using the authorization code grant type but I also want to skip the approval screen. I sent the following url to the auth server to get the author...
user9225538
1

votes
0

answer
52

Views

Laravel Disable JWT Auth when using oauth/authorize for passport

I need to disable jwt auth when i try to do oauth/authorize that passport to do a authorization code grant. It needs to use the original oath of laravel ( I believe). I figure I could use the client_id in the request do something like this: if(request->client_id != null ){ // jwt Auth } But not sure...
LKirin
1

votes
0

answer
24

Views

Verifying user is still valid with passport and Google

When using OAuth2 against Google (or actually any external provider), how is it possible to verify that the user is still logged in to their Google account on the browser and their user is in good standing? I don't want disabled users to access the system after they have been disabled, and to make s...
Didi Kohen
1

votes
0

answer
317

Views

Spring Framework and encode/decode of public key

I am trying to create a new RsaVerifier to check a public key: JwtHelper.decodeAndVerify(token, verifier); I do believe it's a valid public key. I'm copying it correctly from my browser. It does begin with a return character though. It actually has them in several places: -----BEGIN PUBLIC KEY-----\...
Mike
1

votes
0

answer
135

Views

Get Auth0 user's complete Guardian phone number from Management API

I'm using Auth0 as my authentication provider. I've enabled Guardian to facilitate SMS based MFA (Multi Factor Authentication). When a new user signs up, Auth0 registers their phone number. My system provides users the option of opting into SMS messaging on topics of interest to them. Unfortunately...
Frank
1

votes
1

answer
28

Views

implementing other grants when only authorization code is available

I am creating web and mobile apps that reimplement an existing desktop app via the desktop apps publicly available API. This API only provides the Authorization Code Grant path for authentication, which would require me to either: somehow securely store the client secret in the app Implement PKCE &...
Somkun
1

votes
0

answer
72

Views

Request works in postman not IONIC

I'm developing an ionic app with a back-end with Java spring Boot with Spring security on it. When I tried to get a token with postman everything went well but in ionic, I got a 401 HTTP code. I have no cors problem, I have disabled it in my browser. Here is the code from Ionic: login() { return new...
Selwyn Joymangul
1

votes
1

answer
240

Views

oAuth2 security issue with clinet_id and secret key : user can press inspect element and earn clinet_id and secret key

I write a rest api with yii2 and i am using oAuth2 , the problem is when user want login , client web application should send request to get token , request should contain client_id and secret_key and username and password in this case user can simply inspect element and click to network and see pos...
zia
1

votes
0

answer
742

Views

How to set GOOGLE_APPLICATION_CREDENTIALS without using a path

I'm developing a CMS module that needs to use Google OAUTH 2 for server to server applications. According to the official manual one needs to set an environment variable with the path to .json key like so: putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json'); And here is the tricky...
RWS
1

votes
0

answer
319

Views

How to implement Azure AD single tenant auth in React and standalone Golang Web API?

We have a React application created with Create-React-App. Right now, it's being served with nginx:alpine in a docker container in Azure App Services. I don't care much about the server since it only serves the built react app as static files. Aside from that, we also have a golang api running stan...
JohnStephen.19
1

votes
0

answer
78

Views

Which grant type for oauth 2 token in java for single web application[BOT with email,OTP AND web application with username,password]

I have my web application where we are migrating to oauth2 protected API's from spring security. For web application we used oauth2 (grant type password) implementation and it worked. (With username , password entered and oauth token issued) But at the same time we have another part of application r...
Ash
1

votes
1

answer
27

Views

What is the best is the best OAuth grant to use in developing a front-end only app

I am very new to OAuth and I intend implementing an api for a frontend only (html and JavaScript) web app with login abilities using laravel Passport. Both the frontend app and the API server will reside on different servers. I have read a lot about different grants but still confused about which wi...
Silverman42
1

votes
0

answer
357

Views

How to use the OAuth2 toolkit with the Django REST framework with class-based views?

I'm trying to add an API using the Django REST framework to an existing codebase which uses the Django OAuth2 toolkit. The existing views make use of the fact that the OAuth2 toolkit's backend modifies the behavior of Django's login_required decorator so that it uses OAuth2 authentication. The funct...
Kurt Peek
1

votes
1

answer
340

Views

Amazon cognito not giving refresh token provided by federated identity provider (Google login)

I am trying to add a Google login through Amazon Cognito, I have setup everything needed, I have also configured the attribute mapping from google to my pool attributes, I've mapped 'access_token' attribute to 'google_access_token' attribute and 'refresh_token' to 'google_refresh_token'. When sign i...
Madhav Chaturvedi
1

votes
1

answer
383

Views

Return OAuth Access Token in header or POST

I have an Spring OAuth2 server set up and it's working fine when the clients authenticate. The issue is that when the client is the browser the access token is show on the redirect URL on the address bar and the browser remembers it. Is there a way for the Authentication server to send back the acc...
FourtyTwo
1

votes
0

answer
404

Views

OAuth using AWS Lambda and AWS API Gateway

I know AWS has added custom authorizers to support API Gateways (link: https://aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/), but I have a basic question in the context of enabling OAuth on the APIs. I've so far been unable fo find anything concrete on it. The...
Vinay
1

votes
0

answer
8

Views

How to access Wordpress authentication token

We are trying to link our website to Wordpresses API using OAuth 2.0. Hoping that a client can authenticate and post to WordPress from our site. We need to receive an access token to do this. We have successfully connected with Wordpress to receive our access code. We've followed the Wordpress api,...
Joe Benebenek
1

votes
1

answer
149

Views

How to use authenticate a user for google sheets api on a remote server using Node.js?

I am working with Google sheets and node.js and I am able to authorize a user locally and get auth data using cmd using this tutorial https://developers.google.com/sheets/api/quickstart/nodejs but cant authorize it on a remote server like Heroku so I have found an example https://codelabs.developers...
Suyash Doneria
1

votes
1

answer
47

Views

Refreshing safariViewController causes OAuth2 to fail

I made a similar question about the library in question (Keycloak), but I feel it may actually be related to code outside the library. I am trying to use a Safari View Controller with Aerogear OAuth2 in order to login via Google. However, when trying to log in, if you try to refresh in the middle of...
Andrew Alexander
1

votes
1

answer
446

Views

How to restrict google oauth 2.0 to particular domain only in asp.net core web application?

I am using asp.net core web application, I want to restrict the login only to particular domains like @domain.com , I followed few steps involved in this video https://www.youtube.com/watch?v=eCQdo5Njeew for google external authentication which is the older version and I followed this documentation...
stacylouis
1

votes
0

answer
102

Views

Spring fires AuthorizedEvent just before AuthorizationFailureEvent

I am trying spring boot for some project and encountered an security related issue (possibly my mistake). I want to log user requests and operations in following manner (authentication is not a concern yet): Log(User Request ) -> Log(User Authorization Status) -> if (authz is succeed) then { Log (...
öncül korkut
1

votes
0

answer
197

Views

IdentityServer4 - MVC app hosts Aurelia SPA + WebAPI

I'm trying to do something that seems like it would be a straightforward thing. I've looked through the IS4 QuickStarts and found a bunch of things regarding OAuth online, but with the latest changes to Core 2.0, I'm having trouble finding an example of just how to do this. Lots of stuff that's clos...
compgumby
1

votes
0

answer
159

Views

oauth web api call returns 403 forbidden

I implemented OAuth2 in my mvc web api project.I got the token but when I call the web api methods with this token the call will return 403 forbidden.I also called the same web api without the token it's working.Here is my token call: public override Task GrantResourceOwnerCredentials(OAuthGrantRes...
Mussammil
1

votes
0

answer
428

Views

How to fetch oauth2 access token using axios

I have developed a spring-boot application and configured it with oauth2, i'm using reactjs at front-end and using axios to make rest calls, does anybody here know how to fetch access tokens using axios.
Manikanta B
1

votes
0

answer
648

Views

Getting an On-Behalf-Of access token with a token obtained using the implicit flow

TL;DR: I want to use implicit flow to get an access token and have the user consent my app to grab the profile from Microsoft Graph. When getting the on-behalf-of token on the server side, it complains that no consent is given. I have a client application getting an access token from Azure Active Di...
XwipeoutX
1

votes
1

answer
625

Views

MailChimp OAuth2 Access Token

This question is similar to others that have already been asked, but the answers haven't helped and there's a key piece that I think is missing. I'm at step 4 of the MailChimp OAuth2 flow, which requires an out-of-band post to the authorize url (see here). It keeps returning the error: invalid_gra...
SM0827

View additional questions