Questions tagged [oauth-2.0]

1

votes
2

answer
460

Views

CakePHP with Twitter timeline, using twitteroauth, getting curl_init() error?

ok, before I start I am building this in a virtual box running with Ubuntu which does have CURL installed and working! So reading a number of blog posts and help sites, I used the following code to build pull in my timeline from twitter, require_once('twitteroauth.php'); $twitteruser = 'MY-TWITTER-N...
Glenn Curtis
1

votes
1

answer
92

Views

How to identify existing users after authenticating via Slack OAuth?

I have an web application with existing users and user ids (i.e. not Slack user ids). I'd like to allow my users to install my new Slack app. How do I know which of my users connects to Slack using OAuth and installs my app? I know you can request email but what if the Slack email is different f...
Ryan
1

votes
1

answer
57

Views

Developer-authenticated end users with Google Cloud Platform

For authenticating end users to things like IoT services, many cloud services have a custom option: The client authenticates with the dev's own server (however the dev implements that), which in turn gets a token from the cloud service and sends that to the client for authentication with the cloud s...
sudo
1

votes
1

answer
403

Views

Grant GAE-app access to a Google API with google-api-python-client

I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require...
Tottish
1

votes
2

answer
173

Views

Is there any Spring Social client module for ORCID?

Is there any Spring Social client module for ORCID (Open Researcher and Contributor ID)? There are already client modules for service providers such as Spring Social Facebook, Spring Social Twitter, Spring Social LinkedIn, etc. ORCID provides a persistent digital identifier that distinguishes one re...
Yuci
1

votes
2

answer
1.9k

Views

Why are Refresh Tokens considered insecure for an SPA?

I was reading the documentation on the Auth0 site regarding Refresh Tokens and SPA, and they state that SPA's should not use Refresh Tokens as they cannot be securely stored in a browser, and instead use Silent Authentication instead to retrieve new Access Tokens. A Single Page Application (normally...
Eric B.
1

votes
2

answer
3.5k

Views

password for oauth token endpoint

I am trying to add OAuth to a rest service that I am developing with Spring framework. I am using annotation based configuration and spring-boot to get it running. I have the following class in my project: @Configuration @EnableWebSecurity @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public clas...
idursun
1

votes
1

answer
5.1k

Views

Spring security OAuth stackoverflowException

I would like to use Spring security with OAuth and JWT tokens. My current configurations are: @Configuration @EnableResourceServer public class OAuth2ServerConfig { @Configuration @EnableWebSecurity protected static class ResourceServer extends WebSecurityConfigurerAdapter { @Override public void co...
maxsap
1

votes
1

answer
979

Views

Creating a group with Admin SDK Directory API in Google Apps Script doesn't work “On form submit”

I've read through all of the relevant pages in the Admin ADK Directory API documentation and several questions on stackoverflow, and I'm still stuck. I am the super admin of my Google Apps domain, and I want users in my domain to be able to create their own Google Groups. I made a Google Form where...
mike
1

votes
1

answer
658

Views

MS Graph API authentication token does not return scope

I'm pretty confused as to how to use the MS Graph API. I'm trying to log a server side daemon (webapp) into Azure, and then access OneDrive within an Office 365 instance. (1) I created an app Azure portal with Web app /API type. Then i gave it access inside the Azure portal to all the permissions I...
zaYZNXhT ZLCpve6R
1

votes
2

answer
933

Views

Does Karate DSL Framework have the capability to pass a POST Request as a url encoded format?

Certain APIs in my project can only be accessed via OAuth 2.0 using an encoded format. I am able to manually submit a POST using POSTMAN as it has the x-www-form-urlencoded feature to send the request (image attached). As a workaround, I created a java function to convert my json body to an encoded...
Abeinator Emancipator
1

votes
1

answer
310

Views

how to create a oauth client id for gcp programmatically

I can create OAuth2.0 Client IDs and Client Secret with Authorized redirect URIs using the GUI in GCP.. The Console URL is given below for reference https://console.cloud.google.com/apis/credentials How do we do this in cloud shell or with the GCloud SDK
1

votes
1

answer
544

Views

How does server return JWT token to the client?

This is my first encounter with a JWT token and I'd like to know how is this token returned to the client after it's first created. Should it come in the the Authorization : Bearer header ? Usually, it's the client that passes the token in Authorization : Bearer header on each request. I'd like to...
user1411018
1

votes
1

answer
94

Views

Game Services OAuth2.0 error when testing release SHA-1 authorisation

I am been trying to set up my game for google play game services. So far I have managed to get a debug SHA-1 authorization to work and sign into the services in my game. Although, I cannot manage to get the release SHA-1 authorization to work. When I tap the sign in button in my app I get the usual...
RhysBailey21
1

votes
1

answer
71

Views

Oauth2 with OpenId connect

I am asking you today because I am at a dead end. I have missed piece in the logic of Oauth2 and OpenID connect in apigee. I understand that an application request Openid connect to have the profile of the loggedin user and that OAuth2 offers a way for an application to access a protected resource v...
Adouani Riadh
1

votes
1

answer
496

Views

Keep getting errors when trying to reproduce spring security OAuth2Login sample

i want to learn some Spring Security. But I have troubles to secure my webpage via Auth2/OpenId Connect. I try to reproduce the example from the Spring Security Reference OAuth2 Client. But i already stuck at the beginning by running the project. I use maven instead of gradle as build tool. If i run...
Tantalos
1

votes
1

answer
1.1k

Views

Where to validate nonce in OAuth 2.0 Implict Flow?

I have the following architecture. Where: Client - is a single page JavaScript application. Authorisation server - is Azure AD. Resource server - is an Azure App Service using Azure AD authentication. All communications are secured using HTTPS. I am using Implicit Flow to access a JWT access token f...
James Wood
1

votes
1

answer
213

Views

The token response was successfully returned: unsupported_grant_type

I'm migrating from .NET Core 1.1 to 2.0, and now I have to update my Authentication too. I'm using OAuth and OpenIddict to .NET Core 2.0 When I'm sending the request to my connect/token I'm getting this: OpenIddict.Server.OpenIddictServerHandler[0] The token response was successfully returned: {...
Pedro Franco
1

votes
1

answer
61

Views

Verification of ID tokens on client side

I'm working on implementing OAuth 2.0 to a stack of apps I have to reduce the required login credentials. However I am struggeling in understanding the OpenID Connect on top of OAuth 2.0 and how I am supposed to verify the JWT token given. Should the public key be supplied inside the actual token so...
Gjert G
1

votes
1

answer
1.4k

Views

Azure AD JWT token: how to see through which client secret it was granted

I have an Azure AD application and have generated two client secrets. I can get a JWT access token using each secret (via client_credentials grant) but can I also see from the JWT token via which client secret it was requested? If I inspect the JWT tokens I get back, some payload fields are always t...
Ronald Wildenberg
1

votes
1

answer
99

Views

NodeJS twitter-ads lib cannot find my account (Account <myaccountnumber> was not found)

So when I use twurl ... twurl -H 'https://ads-api.twitter.com' '/2/accounts/' I get the correct response back with all the information about said ads account. This, i assume, means i'm good to go on all account authorization/whitelisting on twitter's side of things. yes? That my ads account and my a...
Kirby
1

votes
1

answer
471

Views

How to revoke user access token granted by Twitter to an app via Twitter REST API

I have a Node JS app that uses Twitter API (using OAuth 1.0a) to authenticate users and posts tweets on behalf of the users using the provided user access token. I also want to provide a way for a user of my app to 'disconnect' from Twitter by revoking the access token provided earlier, such that th...
Gaurav Jain
1

votes
1

answer
559

Views

AppEngine: No module named pyasn1.compat.binary

I keep getting the following error when hitting my AppEngine server: ERROR 2017-09-20 07:16:06,978 wsgi.py:263] Traceback (most recent call last): File '/usr/lib/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py', line 240, in Handle handler = _config_handle.add_wsgi_mi...
JohnnyCoder
1

votes
1

answer
731

Views

Using Laravel Passport with mobile application

I am making a mobile application with a laravel API, and I saw that since Laravel 5.3(?) they added something called 'Passport' which handles OAuth2/verification for an application, so I thought I would give that a try. I followed several different explanations for how to get it working after I comp...
1

votes
1

answer
327

Views

How can I automate getting an access token from Slack?

I want to make an alert system on Apigee that will automatically send alerts to Slack, without the need for human interference. However, the only OAuth flow for Slack I found on their api site seems to require a user to manually input their credentials: https://api.slack.com/docs/oauth How can I aut...
Friso
1

votes
1

answer
2.2k

Views

How to use Google Oauth2 access_token?

I'm building a SSO setup for a web app. I can login known users and create new unknown users via https://www.googleapis.com/oauth2/v1/userinfo. I get back a response like this: { 'access_token':'1/fFAGcxxxxxxxxxxxxxxxxxxx', 'expires_in':3920, 'token_type':'Bearer', 'refresh_token':'1/xEoDL4iW3cxlI7...
gdonald
1

votes
1

answer
3.1k

Views

How can DotNetOpenAuth help me build an OAuth 2.0 Service Provider?

I'm starting this project where I need to provide authorization for websites. Since I'm starting from scratch, why not use the latest: OAuth 2.0 protocal. Unfortunately, I know nothing about security nor have I implemented OpenID/OAuth. Since I'm used to working in the .NET environment, it's natural...
Hertanto Lie
1

votes
1

answer
299

Views

Error 403 after @EnableOAuth2Sso in Spring security

I've got my own mapping setCred/ and when it gets called via a http POST request it returns a 403 Error. But when I remove the @EnableOAuth2Sso it all works fine. I don't have any idea what part I'm missing here. @EnableOAuth2Sso @Controller public class TestAPI { @RequestMapping(value = '/setCred',...
Oleg
1

votes
1

answer
96

Views

Social authentication - better to do on FE or BE side?

If we want to do social authentication (for example Facebook or Google), then which side is best to integrate it. Backend side or front end side? For back-end we have NodeJS, in which we can use PassportJS to do it and for front end side we have Angular2.0 for which there are plugins to do it as wel...
Harry Joy
1

votes
2

answer
524

Views

Role hierarchy and OAuth2 Security using Spring Boot

I know there is a lot of threads about Role hierarchy however I could not find any example combined with OAuth2. So, most of threads point that I need to implement RoleHierarchy bean: Beans.java @EnableJpaRepositories(basePackages = 'com.template.service.repository') @EnableAspectJAutoProxy @Compo...
ilovkatie
1

votes
1

answer
1.9k

Views

Microsoft Graph API: Insufficient privileges to complete the operation

Problem When generating an access token for Microsoft Graph API via ADAL, Graph API does not accept the token. { 'odata.error': { 'code': 'Authorization_RequestDenied', 'message': { 'lang': 'en', 'value': 'Insufficient privileges to complete the operation.' } } } What the application does The applic...
Jan Kruse
1

votes
1

answer
1k

Views

Get Token by loging in with External Providers using OpenIddict

I have an API with ASP.NET Core which will be consumed by native mobile apps(currently UWP, Android) and I'm trying to implement a way that clients can sign up and log in with both username/password and external providers such as Google and Facebook. now I'm using openIddict and my ExternalProviderC...
Hesam Kashefi
1

votes
1

answer
156

Views

Why doesn't Amazon Cognito return an audience field in its access tokens?

When Amazon Cognito issues access tokens it doesn't include an aud field. In the documentation for Cognito tokens, the aud field is listed for id tokens (always set to the same value as client_id), but not for access tokens. The relevant section of the JWT specification says: If the principal proces...
GlennS
1

votes
1

answer
944

Views

requests library with googleapiclient

Following is the code to access a google storage bucket using the httplib2 library import json from httplib2 import Http from oauth2client.client import SignedJwtAssertionCredentials from googleapiclient.discovery import build from pprint import pprint client_email = 'my.iam.gserviceaccount.com' jso...
Samyak Jain
1

votes
2

answer
100

Views

Authorize attribute always returns 401

I am using client credential/app identity flow (OAuth 2.0) where the API is able to authenticate the web app by its app id. There are 2 things that I need to make sure the authentication is successful: The access token passed from web app to access the API should be a valid bearer token (eg: not exp...
WW pana
1

votes
1

answer
55

Views

Redirect URI with Client Credential Flow

I am looking into using MSAL and client credential flow, however, there is one thing I don't fully understand. In the example provided by Microsoft: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/blob/master/daemon-console/Program.cs The following code is used to get an acces...
agnsaft
1

votes
1

answer
39

Views

.net core project logout using ADFS

I'm struggling with the logout method for ADFS authentication mechanism This code doesn't really work await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return RedirectToAction('login');
Oleksandr Skrypnyk
1

votes
1

answer
100

Views

How to handle an External OAuth2 auth with Spring Boot + Angular

I have a Spring Boot application as a backend and an Angular 6 front end. They work great separately, and I used this guide as a starting point. I am now getting to the point where I want to use external OAuth to authenticate my users to get access to some of their WoW Character data. I have a decen...
skylerl
1

votes
1

answer
298

Views

CSRF protection in IdentityServer4

Does IdentityServer4 have CSRF protection out of the box or do we need to configure anything to enable/strengten it? I have seen 'state' value passed around between /connect/authorize and /signin-oidc but I'm not sure if it's enough. We are using hybrid flow with no consent page(internal application...
dstr
1

votes
2

answer
1.9k

Views

How to store credentials for Google Drive SDK locally

I am developing a Java based desktop application which needs to download some files from the user's Google Drive account. I have studied the Google Drive SDK documentation and so far I have come up with the following code: public class Main { public static void main(String[] args) { String clientId...
Dušan Rychnovský