Questions tagged [oauth-2.0]

1

votes
0

answer
44

Views

Login With linked workflow permissions issue

As stated here https://developer.linkedin.com/support/developer-program-transition that /v1/people/~ endpoint is available for self-serve use. But when I try to fetch basic profile info from https://api.linkedin.com/v2/people/~?format=json I get this response { 'serviceErrorCode': 100, 'message': 'N...
Nishan Singh
1

votes
1

answer
700

Views

facebook api not returning work,location and email fields

I have started using the FacebookAPi using the Scribe library.I generated the access key with the scopes 'read_stream,publish_stream,email,user_birthday,user_education_history,user_hometown,user_work_history,user_relationships,user_location,user_interests,user_hometown' and trying to make a people s...
user2184297
1

votes
1

answer
359

Views

fql multiquery returns uknown error code

My multiquery function worked prior to the use of oauth 2.0 as of DEC 13th. I send GET requests to https://api.facebook.com/method/fql.multiquery?access_token=.... Do I have to change the mechanism by which i fetch data? is the new oauth token have to be handled differently and passed differently?...
user462003
1

votes
0

answer
153

Views

How to invalidate an google oauth 2.0 access token when user changes account password

I have the below scenario with google oauth 2.0 phonegap application A user logged in to my phonegap app with google oauth 2.0 The user changes account password from website after login to the app The issue is the user still capable of requesting google apis with the existing access token. Please gu...
prodeveloper
1

votes
1

answer
393

Views

Issues sending a POST via Net::HTTP to a Battle.Net Community API End-Point (OAuth 2)

Versions: Ruby 2.2.4 Rails 4.2 Omniauth-oauth2 1.3.1 Omniauth-bnet 1.1.0 Issue: Trying to complete the authorization and token request process to Blizzard's Battle Net Community API. While I can get the authorization_code returned, when I attempt to construct a POST back to the token endpoint it k...
marginalchaos
1

votes
0

answer
104

Views

Web App Client using ImplicitAccessTokenProvider from Spring Security OAuth2

I am writing an OAuth 2.0 client application and I am trying to use ImplicitAccessTokenProvider. But the problem is that this class allows for access token request by sending POST request to /oauth/token Authorization Server's endpoint. For my Authorization Server to support this different Implicit...
Adolfo Eloy
1

votes
0

answer
9.6k

Views

Sending OAuth access token in Jquery Ajax request

Following documentation i put together this simple request. Every time i run this request i still get a 401 Authorization Required. I know the access token is fine because i use the same token using get to populate my models and it works fine it's only when i use post and place my token in the reque...
John williams
1

votes
0

answer
58

Views

Reference flow for OAuth2 password flow + 3rd party OpenID Connect

We have a working REST API which uses OAuth2 password grant (for access through our own Web UI) and client credentials grant (for scripted access), and may allow other grants in the future. Recently a request came up to support 3rd party Single Sign On through OpenId Connect (so we can support iden...
shevron
1

votes
1

answer
62

Views

Does OAuth 2.0 covers End-User acting of behalf of another End-User?

My needs: Let's consider 2 end-users of the same domain. User UA is the resource owner of resource RA. User UA wants to delegate access of resource RA to end-user UB. My main OAuth 2.0 interest comes from total token control (revocation at any time, etc.). OAuth 2.0 Framework allows a client to act...
Yves M.
1

votes
1

answer
89

Views

how to send object of org.apache.cxf.rs.security.oauth2.common.Client from one class to another class

I want to register a client application and then send the data to OAuth service but it is throwing such error, WARNING: Application {http://thirdApp/}ThirdPartyAppRegister has thrown exception, unwinding now org.apache.cxf.interceptor.Fault at org.apache.cxf.service.invoker.AbstractInvoker.createFau...
Ishu
1

votes
0

answer
610

Views

Decrypt jwt token Authorization bearer

Suppose that I response an encrypted access token to the user in web api response, which the user use it to access api in Authorization: Bearer header. Lets Assume that the user now has access token 'abc'. And JwtAuthorizationBearer now accepts token unencrypted token 'def'. But i would like it to a...
eulercode
1

votes
0

answer
230

Views

Can I revoke a Google OAuth2.0 access token WITHOUT invalidating its associated refresh token?

I have a setup that allows users to upload videos to my Youtube channel. The client requests an access token from my server, which uses a refresh token to generate said access token. The client then uses that access token to handle the video upload process. This token expires in 3600s by default, bu...
Zachary Elias
1

votes
1

answer
1.1k

Views

What causes intermittent Invalid Grant

I'm getting the following { 'error' : 'invalid_grant' } at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:103) at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:303) at com.google.api.client.googleapis.auth.oauth2.GoogleRef...
pinoyyid
1

votes
1

answer
346

Views

Enable token caching after validation through the OAuth.io javascript SDK

I'm creating a website (in AngularJS) which uses the Google Analytics API through OAuth.io's javascript SDK. Everything was quite simple to set up, however their documentation is really lacking; it's very short, with little code examples. Currently everytime I refresh my page I need to validate agai...
Jeffrey Roosendaal
1

votes
2

answer
3.7k

Views

WebAPI OAuth Logout - How to drop Token Cookie?

I have a WebAPI with OAuth login configured like this: app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = 'https://www.microsoft.com/', Notifications = new OpenIdConnectAuthenticationNotifications { Authent...
Alexander
1

votes
2

answer
1k

Views

redirect_uri using http instead of https

I'm using spring stack (Spring Boot 2.0.1.RELEASE) for creating a site that delegues user authentication/registration to Facebook via OAuth2. When I click the 'login with facebook' button I get redirected to Facebook, but Spring Security OAuth2 is creating the redirect_uri parameter using http inste...
Loreno Oliveira
1

votes
3

answer
736

Views

How can I add custom claims to be returned when requesting a token using OpenIddict?

I'm building ASP.NET Core 1.1 app (cross platform) and trying (using this sample) to add custom claims to the returned access_token when requesting /connect/token endpoint. What I need is to not only return the claims serialized in the access_token but to return them in the response like this: { '...
Dabbas
1

votes
1

answer
1.4k

Views

Thinktecture identity server client selection and implementation

I am trying to get my head out of the clouds with identity server. I would like to implement the identity server project to let authenticate An ASP.NET MVC 5 application An ASP.NET Web API A windows service implementation Int this blog post I have read some details about clients. The author simply s...
Lorenzo
1

votes
3

answer
4k

Views

Linkedin OAuth2 authorization code error

I´m trying to connect via Linkedin Auth2 from a java web application: Added my own app in linkedin. Generate the authorization URL: https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=XXX&scope=r_basicprofile%20r_fullprofile%20r_emailaddress&state=DCEEFWF454Us5dffef424&re...
mgi1985
1

votes
1

answer
1k

Views

Refresh access_token via refresh_token in Keycloak

I need to make the user keep login in the system if the user's access_token get expired and user want to keep login. How can I get newly updated access_token with the use of refresh_token on Keycloak? I am using vertx-auth for the auth implementation with Keycloak on vert.x. Is it possible to refres...
RaiBnod
1

votes
2

answer
710

Views

Is it possible to use Google Apps Marketplace with Oauth2 and OpenID

I have website which uses Oauth2 for communication with Google APIs. And it works fine. Now i need to make it 'Google Marketplace compliant' to be listed there. Googles docs says about Oauth or Federated Login, but it doesn't precised if Oauth2 works too. Does anyone has experience in such integrati...
Andrew
1

votes
1

answer
1.2k

Views

redirect uri with google using asp.net mvc

I'm trying to use oauth with Google in ASP.NET MVC 5. In Google's developer console I put for the redirect uri: www.mydomain.com/account/externallogincallback and thought that this will do. But it didn't. I put: www.mydomain.com/signin-google and it worked! I tried to search the string 'signin-googl...
dsb
1

votes
1

answer
3.3k

Views

Google OAuth2 (401) Invalid Credentials

So I have an application that I'm working on. I have a local copy in XAMPP and a live version on a server(of course). Everything is working fine with both, however, when I log out of one, I get this error: Fatal error: Uncaught exception 'Google_ServiceException' with message 'Error calling GET (40...
Tysweezy
1

votes
2

answer
199

Views

What is the definitive way to use Gmail with OAuth and Nodemailer?

Desired Behaviour Use Gmail, OAuth2 and Nodemailer to send an email from a server side node.js file. What I've Tried Relevant Documentation https://nodemailer.com/smtp/oauth2 https://nodemailer.com/usage/using-gmail https://developers.google.com/gmail/api/auth/web-server Relevant Questions send...
user1063287
1

votes
3

answer
553

Views

Spring Security OAuth2: How do I provide two seperate login links for two type of users?

I am creating a web app, which has two type of users, say A and B. Currently, the login flow is like this, There is single login link on index.html, which points to /login The user is redirected to google login page, where user logins and is redirected to index.html At this point, I have to verify w...
Registered User
1

votes
6

answer
6.5k

Views

Is there any OAuth2 module for Node.js that offer access token validation without an extra server call?

I'm working on a project in Node.js , we need safe authorization for clients, As far as Facebook and Twitter go, we have to validate the token with their API i Google it and found many examples but all are using third party API i-e Facebook, Twitter etc but the problem is we have to issue our own t...
FLF
1

votes
3

answer
962

Views

What's the replacement for jwt.key-uri in spring boot 2

We are using spring boot 1 oauth with following properties. security.oauth2.resource.jwt.key-uri Somehow it was missing from spring boot2, any replacement for that?
王子1986
1

votes
1

answer
4.7k

Views

Instagram OAuth Access Token expiration for app

I am creating an app that will be using a users access token to pull images from a hashtag feed and I want to be sure that the OAuth token will not expire. The user will be visiting the site regularly, but i don't want it to rely on instagrams maybe-could be someday attitude on when the tokens will...
user3610691
1

votes
1

answer
3.2k

Views

Identity Server 3 - invalid_scope

I'm implementing AuthorizationCode flow in Identity Server 3. When I log in I get an invalid_scope exception. Here's my client: new Client { Enabled = true, ClientName = 'Web Application', ClientId = 'webapplication', Flow = Flows.AuthorizationCode, ClientSecrets = new List { new Secret('webappsecre...
Jon
1

votes
1

answer
646

Views

The captcha solution was not correct. Please try again

I'm trying to use login form that contains Oauth2 feature to login the user with instagram. For this purpose I'm trying to create new Client id in instagram developer page but here are the problems I'm facing: The captcha solution was not correct. Please try again Submission error: please fill out a...
mehmood khan
1

votes
2

answer
436

Views

OAuth2 - unnecessary complexity with refresh token

I do not clearly understand, why there is a refresh/access token concept in oauth2 if the endpoint is the same (authorization) server as depicted many times in RFC6749. The first authorization step when the resource owner authorizes any third party component without sharing credentials, is the essen...
Aitch
1

votes
3

answer
3.7k

Views

how to post in user's Streams using google plus api in java

I want to share some information in google plus wall from my application.and I am trying for moment.insert, But getting 400 error . Can somebody help me @Override public JSONObject getGooglePlusAddUseractivities(Object token) { Token accessToken = (Token) token; OAuthService service = createOAuthSer...
dinesh
1

votes
2

answer
2.2k

Views

Google API - request for token from Oauth2 returns null token

For credentials, I have created an developer account on https://console.developers.google.com, I have created a project and then i have created credentials from API Manager. I use 'google/apiclient': '1.1.*' package. I think it is a problem with credentials. $OAUTH2_CLIENT_ID = 'XXXXX-rvm1l9b1nvht9j...
Raduta Vlad
1

votes
1

answer
1.4k

Views

OAuth 2.0 and Google Signin in .NET 5 (core)?

I can't find anything online that mimics Google sign-in for MVC 5 and below for implementation in MVC 6. Is it supported yet? I was using OWIN, but it appears that it is now obsolete in Core. Could anyone be so kind as to throw some links or info my way? I'm at a complete loss.
Daath
1

votes
1

answer
773

Views

Can I use Authorization Code grants for an SPA tightly coupled with an API (that I own)?

I am building an Angular (version 5) app that only talks to one backend, my API (flask application on a web server), which in turn talks to my database. The application is for data entry and visualization, where data is constantly loaded and saved to/from the backend. I have control over all three p...
user3243135
1

votes
3

answer
711

Views

Search fourquare place using JavaScript WITHOUT exposing the client secret

I was reading Foursquare API and trying to find how to use it for places search (as alternative to Google Places). However I was surprised that it requires the client secret key to be provided always!. I'm using it in the browser, and the only way to get a response is to provide both client secret a...
Omar Al-Ithawi
1

votes
2

answer
134

Views

Dropbox.API SDK not working from Azure server

I am using Dropbox's .Net SDK to upload a file to my Dropbox with a valid access token. The code works fine while executing from 'localhost'. But deploying the same on Azure server, code doesn't execute and no error/response returned by Dropbox and no file uploads. Dropbox confirmed that code's beha...
Gopinath
1

votes
1

answer
62

Views

Implementing Two-Legged Oauth2 in ZendFramework 2 with Apigility

I am trying to build a ZendFramework2 Rest API and want to implement two-legged OAuth2 authentication. I have been looking around and can not find any resources to help point me in the right direction with this. Has anyone done this before or know of a good source I am missing?
Jeremy
1

votes
1

answer
1.8k

Views

SoundCloud - How to login each user without redirecting to a page

I am creating an mobile app for soundcloud. its an hobby project to learn . after reading documents I understood that to get a token (to get a user authenticated) we need to redirect to another page and from there user will login and wil get back a token … In my app I don't want to redirect to co...
Null Pointer
1

votes
2

answer
2.3k

Views

Facebook's “signed_request” is empty when first starting app

I had to add Facebook Credits to my app, in order to do that I had to activate 'OAuth 2.0 for Canvas', which is supposed to send a signed_request to my app But I noticed that when I first start the app after not using it for a while (or in a different browser), signed_request is empty. If I reload...
Cristian