Questions tagged [oauth-2.0]

1

votes
0

answer
52

Views

Desktop application accessing AWS with Azure AD federation SSO

I have a desktop application that has the ability to access AWS S3 buckets. Our enterprise uses Azure AD for user management. What we would like to accomplish is to Authenticate users in our enterprise via Azure AD and let them access the S3 resource through our DESKTOP application (programmatically...
Rags
1

votes
1

answer
65

Views

Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware Warning: 0 : invalid bearer token received

I'm getting this warning each time a user tries to access a protected api endpoint. The authentication works out fine and user is seemingly authenticated but I've been unable to figure out why this error keeps on happening. I'm running this on a localhost dev server with no https/ssl enabled. I migh...
Daniel
1

votes
1

answer
24

Views

OAuth2: Returning to App After Logging in

I'm using a cocoapod named (p2/OAuth2) in order to log in an account with GitHub. I'm just playing because I want to know how OAuth2 works. The following is what I have so far in my view controller (UIViewController). import UIKit import p2_OAuth2 class ViewController: UIViewController { // MARK: -...
El Tomato
1

votes
1

answer
254

Views

How does OAuth handle authorization?

We have implemented a RESTful API using RestEasy. Now we are planning to build our own OAuth implementation and will integrate it with our Rest API. I do not fully understand how OAuth handles authorization of every request to the API. My understanding is as follows: User is authenticated by the OAu...
Sagar Zond
1

votes
1

answer
26

Views

How to get user's Object ID in Azure AD B2C oauth2 login

I am using the following custom api to get access_token when the user is found in Azure AD B2C: https://patient360app.b2clogin.com/patient360app.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth and it is returning me the following response: how can I get user's Object ID with the above response?
3iL
1

votes
1

answer
54

Views

How to keep logged in to an OAuth2 Authentication Server?

This question describes how a single-page app keeps logged a user logged in with OAuth2 without using a refresh token (since a SPA can't reliably keep a refresh token secret). A critical point is that when the user's access token expires it gets another one from the authorization server, which is ex...
DJClayworth
1

votes
0

answer
107

Views

AWS api gateway with oauth2 and spring security

I have aws api gateway in front. with api gateway to direct http endpoint of ALB(Application load balancer) passthrough.. And ECS fargate as ALB target group. I have 3 microservices developed in spring boot. Now I want to integrate oauth2 and spring security for my rest APIs. How to integrate it wi...
Mihir Shah
1

votes
1

answer
33

Views

How to use OAuth 2.0 correctly in SPA?

I'am working on an project where we have a Vue.js Frontend and a Microservices architecture for the backend hosted in Azure Service Fabric. We wan't to add an IdentityService for authentication using IdentityServer4. What we want to achieve is a login that is basically the same as stackoverflow prov...
Kanadagermane
1

votes
0

answer
15

Views

Node/React Login System supporting OAuth2 for Alexa/Google Actions development

Does anyone know of any open source solutions for implementing Alexa or Google Actions account linking ? Using passport.js for Express routes to support social login npm oauth2-server to implement oauth endpoints I've put together my experiences as an open source package react-express-oauth-login-sy...
Steve Ryan
1

votes
1

answer
26

Views

how to get secret key(access token) in React app from another UI app for SSO

We have two web application let's say http://app1.com and http://app2.com hosted on the different domain. App1-> communicate to OAuth server to get the access token, which we store in browser's local storage. App2 -> simple frontend app developed in React. Now we want to navigate to app2 from app1 w...
ManojP
1

votes
0

answer
37

Views

Integrate Google Signin to existing OAuth

Back-end server in Java, stores users in DB. Someone integrated OAuth2 in the app. An user logs in and then in any place I can call this code: SecurityContextHolder.getContext().getAuthentication().getPrincipal(); to get the currently logged in user. Now I want to use Google Signin. I have back-end...
user1523271
1

votes
2

answer
151

Views

Error 'Service has been disabled for this account' while running identity.getAuthToken for chrome extension

I am trying to create an extension that uses the selected data and saves it to google sheets. Sounds pretty simple though but I am stuck at the Auth2 part. Here's what I have done so far: I have created a manifest.json and uploaded it on the chrome developer dashboard to obtain the 'key' and 'id'. U...
Garima
1

votes
2

answer
361

Views

Get Google Analytics data using GAPI without login in

I have a news website and I have to show the 'Top 5 most visited news of the day' using the data tracked with google analytics, but I haven't managed to make it work. Every code example I've found shows a pop up to login, as if he had his google account linked with the data in analytics, but obvious...
Camilo
1

votes
2

answer
40

Views

Spring boot 2 + Oauth2 - Securing the Rest Calls in Microservices

Im working on a spring boot 2 micro services . now im planning to secure to my rest calls using the OAUTH2 . I found lot of articles reg that Spring 2 + OAUTH2 integration but does not match with my requirement , all of them use tables and secure calls using the roles , My application login works...
PremKumarR
1

votes
1

answer
754

Views

How do mobile apps gain long-lived access to their API's?

Our company is building a mobile app (iOS) which needs to talk to our API, which is secured by OpenIdConnect/OAuth2, using IdentityServer. My question is, most apps i've used these days ask for the user to login/register once, then never again. Assuming they are accessing their API's using OAuth2 to...
RPM1984
1

votes
1

answer
0

Views

OpenId Connect: adding extra/custom parameter at the token endpoint call

With our IdP server team we discussed while implementing code authorization flow with OIDC and they proposed to add a new http/query parameter to the http call to token endpoint named 'resourceServer', would you say it should be possible to OIDC implementations such as apache httpd oidc module (cert...
NicuMarasoiu
1

votes
1

answer
551

Views

Getting response as 'Unauthorized' while sending access token via URI Query Parameter

We are creating REST API and implemented oAuth 2, using YII framework. We are facing a strange issue, while we are trying to access the resource and sending access token via 'Authorization Request Header Field' we are getting the expected output. e.g. curl -i -H 'Accept:application/json' -H 'Authori...
Chaitenya
1

votes
1

answer
413

Views

Exchanging a code for a token in OpenID Connect authorization code flow

The OpenID Connect Basic Client Implementer's Guide claims in section 2.1.6.1 that the client must send a POST request to the identity provider's /token route in order to exchange the authorization code for a token. The sample shown there looks like this: POST /token HTTP/1.1 Host: server.example.co...
Golo Roden
1

votes
1

answer
647

Views

OAuth security for calling Controllers using Attrubutes?

Is there anyway, that you can lets say use OAuth in MVC and enable acces to a controller using Attributes like in validation process. Lets say i have public class myownController { [LoginRequired] public ActionResult Index(){ //this can be accesed only of the user is logged in. } }
Mihai
1

votes
1

answer
500

Views

Why not just use a long TTL reference token in replace of access and refresh JWT tokens?

I'm building both a mobile and single-page app and have been evaluating auth techniques that allow for immediate access/token revocation. I see Auth0 and Stormpath use both access and refresh tokens in addition to allowing for revoking tokens. What's the point of a refresh token and short TTL acc...
Bradford
1

votes
1

answer
98

Views

Asserting identity to Google APIs with App Engine development server

I have a Golang app running on App Engine and I would like to call the Analytics API to process some metrics. Both on App Engine and on the development server. This page describes the overall procedure using a service account for server-to-server communication and getting an access token using OAuth...
murrekatt
1

votes
1

answer
1.2k

Views

How to get userId from access token for Gmail OAuth2.0

What I'm trying to do I'm trying to create a web app that would fetch emails from a user's Gmail. I understand that I would require authentication via Google OAuth 2.0. What I'm trying to do is setting a watch() request on an inbox. Then, when the watched inbox gets an email, I want to get notified....
ShivanKaul
1

votes
3

answer
336

Views

User authentication methods for REST api project

My web server has a REST API. I need to add user authentication to my app, and my thought process behind it is this: Get the user's username and password from the app form Encrypt the password and Base64 encode both the username and password Send the data to the REST API over HTTPS Web server verifi...
user5434408
1

votes
1

answer
919

Views

Why is User.Identity.IsAuthenticated not true after GoogleAuthentication?

I'm trying to debug an issue with OWIN and GoogleAuthentication, everything works on the redirect to google and then google redirects back and my custom GoogleAuthProvider is called and then finally a redirect occurs back to the desired page. Unfortunately after the redirect back to the desired pa...
Mark Rogers
1

votes
0

answer
60

Views

OAuth2 implementation error. The third party sent an invalid redirect URI

I want to implement Oauth in my vb.net web form application. I use response.redirect to go to the url containing all information like client id,secret,redirect url etc. My redirect url is 'http://localhost:50689/NetDocsTokenStatus.aspx' . The url redirects me to the net documents website where I inp...
anu
1

votes
0

answer
190

Views

How to implement “Login with LinkedIn” with “OAuth 2.0” in Android

In OAuth1.0 'Login with Linkedin' Working fine but before few days Linkedin make some changes in their policy, please refer below link for more detail, https://engineering.linkedin.com/blog/2018/12/developer-program-updates I also tried some GitHub example and other reference but unfortunately not w...
Kunal Shah
1

votes
2

answer
1k

Views

linkedin oauth authorization fails with “Bummer, something went wrong”

Bummer, something went wrong https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=test&redirect_uri=http://test.custom.com/abc/linkedin&state=DCEeFWf45A53sdfKef424asgTyhgTR5 when I use the above url I am getting 'Bummer, something went wrong. We're having difficulty connectin...
Anoop Valluthadam
1

votes
0

answer
57

Views

Adding a resource server to an existing JSF/Spring security application

Currently, we've implemented a centralized authorization server using the oauth2.0 protocols and a password flow. I will post the user, pwd, secret and clientID to the auth server endpoint, get a JWT back and be on my way. What I currently have in this existing 'client' application is some spring se...
user10776719
1

votes
1

answer
267

Views

Failed to find access token for token

I use postMan, enter the request address http://localhost:8011/umrah/oauth/token?client_id=client_2&username=1234567&password=123456&grant_type=password&client_secret=123456, click the send button, an error occurs,It works fine in memory, when I want to use Jdbc token storage,Idea console error: f...
D.mengqi
1

votes
1

answer
106

Views

Getting list of Google Calendar events using googleapis

Following googleapis documentation I've retrieved tokens including refresh_token: { access_token: 'ya29.Glv_LONG-STRING', token_type: 'Bearer', refresh_token: '1/7k6BLAH-BLAH-BLAH', expiry_date: 1532141656948 } How can I get list of Google Calendar events using this when access_token is not valid an...
Alexander
1

votes
0

answer
257

Views

Laravel Passport always returns 401 Unauthenticated

I'm driving crazy! I've been searching around the web on thousands of StackOverFlow questions and haven't solved my issue. I'm developing an API REST with Laravel Framework 5.7 and Passport 7.0. I've setup every file following the documentation and I'm able to get a token with grant_type=password (w...
1

votes
0

answer
198

Views

Network Error at XMLHttpRequest.s.onerror (oidc-client.min.js:3) with angular 7 and Asp.net core 2.2

Trying to use the identity server 4 for authentication in asp.net core 2.2 with angular 7 application. oidc-login-redirect.html var config = { userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }) }; var mgr = new Oidc.UserManager(config); mgr.signinRedirectCallback().then(() => {...
San Jaisy
1

votes
1

answer
24

Views

How do I debug omni-auth2 client and provider?

How do I debug omni-auth2 apps? One example of such pair is here: https://github.com/webgoal/spike-oauth-rails52 How do I debug problems with configuration. I need to find out if the client is really talking to the provider and if so what response it gets, 401 code does not help in fixing the app.
ruby_object
1

votes
0

answer
50

Views

Electron + Angular (7) OAuth 2.0 Redirect

I am using the the AppAuth-JS library to do help with doing and Auth Code Flow + PKCE in my Electron + Angular (7) project based off this seed. After building the built package and trying to launch the app all my redirects back to local host keep failing. When running the app in development mode usi...
JoellyR
1

votes
1

answer
291

Views

Ruby Oauth-plugin Authorization Not working

I'm using the Ruby oauth-plugin (version 0.4.0.pre7) to make my Rails (3.0.3) app an oauth provider. The install worked fine, and I think the provider aspect is working fine as well. However, I'm getting stuck at the authorization stage. Here's what I'm doing, post-install: Create an oauth client @c...
ideaoforder
1

votes
0

answer
77

Views

access spinnaker api using curl

I am trying to use api methods to manage spinnaker, creating pipelines if have to be specific. Reason for not using spin cli or other tools is plan to launch this automation at aws lambda. using google oauth and get methods are working fine when using browser. but when try to do same with curl get n...
Ahsan Naseem
1

votes
1

answer
87

Views

oauth2 and csrf attck

I'm currently working on oauth2 implementation and i wonder about CSRF attack. I so very good explanation : in this scheme https://image.slidesharecdn.com/owasp-nulloauth2-160803124628/95/oauth-20-security-considerations-11-638.jpg?cb=1470228518 or this video https://www.youtube.com/watch?v=_xrhWLqX...
Mathieu
1

votes
0

answer
293

Views

Google API PHP Login retreving Auth Error

I am trying to implement a log in via Google on my application to access some information and controle some features of the user Youtube channel but it is returning error all the time, saying that the user is not authenticated. That's my code. And I am getting this error: 2: Google_Service_Exception...
Ricardo Pereira
1

votes
1

answer
40

Views

Microsoft Graph Issue with Authorisation Code

I am trying to allow access to Microsoft accounts using the instructions here https://docs.microsoft.com/en-us/graph/auth-v2-user. I have the first two steps working, the issue is occurring when I try to use the Authorisation Code that is returned after the user has granted permission to the applic...
ChrisW
1

votes
1

answer
29

Views

What is a required Oauth2 or SSO for our usecase

Our business use case is that we have four to five services deployed as java spring web applications. These services have user/customers derived from either registration process or some existing running applications exposed as rest services. We intend to make a single portal which provides users to...
Aaruhi