Questions tagged [oauth-2.0]

1

votes
1

answer
333

Views

How to sign authenticated user out in Oauth 2.0 token based?

I am using oauth 2.0 with Identity framework in a web api application. In my web api I implemented authentication using Token-based authentication and refresh token. I need to sign the user out when his password changes(Here the security stamp will be changed). I have this code: app.UseCookieAuthent...
Waddah Rasheed
1

votes
1

answer
854

Views

Creating a google adwords API application using OAuth

I am trying to create a ruby script that will use contents from google AdWords API. However, I am having trouble setting up the OAuth methods. The api docs mention that we need to set up the adwords service in the api console but the AdWords is not mentioned there. What api should I be using for thi...
Sumit Bisht
1

votes
1

answer
1.1k

Views

Get the username from a linkedin REST API call

I'm using linkedin's Oauth2 stuff to authenticate and incorporate users info on a site I'm working on. I'd like to be able to use the REST API and using the querystring /people/~:(id,site-standard-profile-request) etc[assuming the person with an answer knows the API], to be able to get the user's li...
superJustin
1

votes
1

answer
1.2k

Views

Implement Google login in Android Client/Server app

The app I am working on consist two parts: Native android app Web service I want to implement a login procedure between the app and the webservice that is based on the user's Google account. Reading Google's developers site I understand how to make the user authorize an API project on his mobile de...
Idan
1

votes
2

answer
2.5k

Views

API authentication using Google OAuth 2.0

I would like to develop a REST API that will be accessed from an android application, but I need to authorize the users of the client-side application. A simple solution to this would be to ask the user to register to my service and then use that username/password to make successful calls to the RES...
Yannis Sermetziadis
1

votes
1

answer
2.4k

Views

Why is OAuth2 with Gmail Nodejs Nodemailer producing “Username and Password not accepted” error

OAuth2 is producing 'Username and Password not accepted' error when try to send email with Gmail+ Nodejs+Nodemailer Code - Nodejs - Nodemailer and xoauth2 var nodemailer = require('nodemailer'); var generator = require('xoauth2').createXOAuth2Generator({ user: '', // Your gmail address. clientId: ''...
eddyparkinson
1

votes
2

answer
1.2k

Views

Using OAuth 2.0 for Devices - Google API - Google Drive

I took a look in some docs at developers.google and some questions here in stackoverflow and I really would like to found an objective answer about use the Google OAuth Server to authenticate an application and grant access to download docs into a Google Drive account with NO BROWSER interaction. As...
user1698561
1

votes
0

answer
5

Views

How to get redirected to redirect_uri plus a code parameter in the GET parameters?

I am creating a web based application and want to get data from Basecamp using their API through OAuth2. The problem I faced now is having this error - :error: Provided redirect_uri is not approved. How to get the redirect_uri working or make the route to accept incoming requests from Basecamp? b...
Irwin
1

votes
1

answer
152

Views

How to identify provider for oauth2 redirect_uri callback?

Im trying to undertand how to properly identify which provider a returning authorization request was initiated by. I see three approaches: Use provider specific redirect_uri callback URIs. /oauth2//callback etc. Encode provider id/name in state parameter somehow Store a pending provider id/name in t...
Mattias Wadman
1

votes
1

answer
7.8k

Views

Spring OAuth2 - Can't get client token

I'm not 100% sure I'm performing the correct request but I can't seem to get a token for a client. I've based my solution off of this tutorial 5 minutes with spring oauth 2.0. I'm performing this request from postman: /oauth/token?grant_type=client_credentials&client_id=mysupplycompany&client_secre...
nmb1106
1

votes
1

answer
1.6k

Views

Redirect to an external site with custom headers - AngularJS/OAuth

Is it makes sense to do a redirection to an external site (OAuth sever) with custom headers in order to authenticate the user? For example, after providing your credentials to http//this_is_my_site/login you click login, and redirects you to the external address http://OAuth_Server/oauth/autorize to...
Coyolero
1

votes
1

answer
1.2k

Views

Yahoo Oauth2/OpenIDconnect

I implemented an OpenIdconnect social login on top of Oauth2 for few IDPs, but I fail to get Yahoo to behave the way it should. My problem: each time I send an authentication request, Yahoo promps end-user for consent. While this is normal at 1st login, when permission is granted it should not ask o...
Fulup
1

votes
1

answer
2.3k

Views

Validate OAuth 2 Access Token for Login

Following this Browser Based OAuth when the request comes back to my site, https://oauth2client.com/cb#token=ACCESS_TOKEN, how do I validate that the access token is real to let them into the application? Does the web application server do a request to the oauth2server to prove the user hasn't just...
mgrowan
1

votes
1

answer
395

Views

Azure Mobile services, C# backend get actually user access token for provider

Im writing an ios app, I have a c# mobile services back end. Its essential to my app to be able to get the actual token for interacting with facebook graph api, google etc... I need to be able to post the users social media channels if they choose to. I need the c# back end because im making use of...
user3364602
1

votes
1

answer
1.5k

Views

.Net Google OAuth token WebRequest Bad Request Protocol Error

I'm doing fine with this OAuth2 stuff until I try to get the token. I think I'm doing something to do with the encoding. Here is my code: string url = 'https://accounts.google.com/o/oauth2/token'; StringBuilder postDataBuider = new StringBuilder(); postDataBuider.AppendLine('code=' + code); postData...
Dudeman3000
1

votes
2

answer
1.9k

Views

400 Bad Request in Google Oauth2 for access token

I am setting up Google Oauth 2 in my django app. I am able to get the code but when I try and exchange it for an access token I get a Bad Request error. This is my code: code = request.GET['code'] state = request.GET['state'] access_token_url = 'https://www.googleapis.com/oauth2/v3/token' payload =...
Archit Verma
1

votes
1

answer
1.6k

Views

Any samples showing the use of OAuth2 service (server to server) accounts

All the samples I'v seen only support 'user' accounts where a user has to be present. Looks like latest version of OAuth2 supports service accounts for server to server authentication where humans not present but I am struggling to find any libraries that support it or examples of in use. https://de...
Ryan
1

votes
1

answer
795

Views

OAuth Bearer token implementation using C#

I am very new to OAuth. my requirement is to host a Rest based service url which can only be accessed by providing a bearer token. Also, I do not want the user to go though any Login page, just pass on the Bearer token and start using the resource Url. How can I generate a bearer token which I can d...
user1961100
1

votes
1

answer
137

Views

OAuth Spec: why do some implementations return an access_token + access_token_secret and others just an access token?

Case in point: The Facebook https://graph.facebook.com/oauth/access_token endpoint, in handing off a code for an access token, returns the access_token and expires. Instagram seems to do the same. On the other hand, the Twitter https://api.twitter.com/oauth/access_token returns both an access_token...
Zane Claes
1

votes
2

answer
147

Views

Google OAuth to remember chosen account

I've implemented Google OAuth 2.0 login on a site that I'm working on. It works fine, except in situations when the user is logged with two or more different accounts on the same browser. It's asking him to choose which one he want's to use. But it's asking the user every time to choose the account....
Andrej
1

votes
2

answer
1k

Views

Accessing the Google Api to get a file list with valid access and Refresh tokens

I am using an Oauth class for an app to get access to the Google drive API, I have both refresh and access tokens and now all I need to get the ball rolling is to set the parameters for the request. My issue is that I cannot seem to find the parameters needed to get the appropriate response, I have...
Steve P
1

votes
1

answer
139

Views

String format exception when using Google OAuth sign in

I have an ASP.NET MVC 5 website and I want to add external sign in via Google, Twitter, Facebook and some other providers. I'm following this tutorial: http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on Right now, I'm trying to get...
isklenar
1

votes
1

answer
0

Views

Status comments and likes using OAuth

I am just messing around with Facebook connect on my local machine. I created a very basic app using PHP where a user can type a comment, and it will be posted to the users Timeline/Wall, as well as the webpage. I was wondering is there a tool where all comments/likes/feeds can be viewed on my webpa...
Peter Stuart
1

votes
1

answer
79

Views

Box.com Service Account access

All box.com's api's read to require OAuth 2.0 using only Authorization Token grant types. I have a back end system that needs to upload a file to a box.com system. However, I do not understand how a back end system is suppose to integrate, when the authorization flow requires user 'approval' to get...
1

votes
1

answer
1.1k

Views

Spring Security 4 + OAuth2 = Bad Credentials

I'm using Spring Security + Oauth2 for multiple propose. The cenario is: There is a public context, a private context and a REST context (the two lasts are authenticated). For the private context (/private/), the users that are not authenticated, should be redirected to /login and before authenticat...
Danilo
1

votes
1

answer
163

Views

Is it OK to share unencrypted ID tokens?

Say I have two servers, A and B. The user agent would only connect to A (and to the OpenID Provider, in order to authenticate and authorize A). Is it OK for A, who trusts B and talks to B only via HTTPS, to pass on to B the (unencrypted) ID token it received from the OpenID Provider's Token Endpoint...
Eugene Beresovsky
1

votes
1

answer
366

Views

Azure AD Oauth2 gives error after authorization request

I'm trying to do Oauth2 login with Azure AD. I've tried these two URLs https://login.microsoftonline.com/common/oauth2/authorize?state=SOME_STATE&redirect_uri=REDIRECT&response_type=code&client_id=CLIENT_ID https://login.microsoftonline.com/common/oauth2/authorize?state=SOME_STATE&redirect_uri=REDI...
gaefan
1

votes
1

answer
337

Views

OAuth2 Grant Type Password is Revoking other access_token

I've been trying to learn some server side frameworks these days. I am not an expert of oauth2, but I had use an api with a team. They gave me an access using Resource owner credentials grant, with a grant_type as password, client_id and client_secret. I can log in on multiple browsers at the same t...
Haunter
1

votes
2

answer
284

Views

OAuth2.0 - authentication using GitHub with front-end and back-end running on different servers. CORS error

I'm trying to create an application that has front-end and back-end assets separated. For the sake of example, let's say that front-end side will eventually be hosted on gh-pages, while back-end is gonna be deployed on Heroku. I want to use OAuth2.0 protocol for authenticating my clients with GitHub...
Maciej M.
1

votes
1

answer
378

Views

Authenticating users via OAuth 2.0 from a trusted SPA?

I have a custom OAuth 2.0 authentication server deployed alongside my secured API. I also have a single page application delivered as static content by an nginx deployment. I'm now confronted with the issue of how to authenticate users of this SPA without an active backend through which to proxy a p...
DaveStance
1

votes
1

answer
544

Views

How does oauth work in ionic2?

Haven't found any decent information on how to implement oauth in ionic2. Im still fairly new to ionic2 so any resources, libraries or code samples would be highly appreciated! EDIT: Added app example created in ionic2. Currently the best way to learn it.
Nick Kenens
1

votes
1

answer
422

Views

NodeJS never call my bearer strategy

I try to secure my api end-points by Oauth2 and nodeJS. I follow all example provided in Github page of Oauth2orize and customize db to retrieve data in MySQL server. Tokens are stored in DB, associated with an uid's user profile. Finaly, when I call my URL /api/userinfo, my bearer stategy was not c...
Loïc Chabert
1

votes
1

answer
829

Views

Nodemailer XOauth2 [Error: unauthorized_client] when trying to get new access token

I am sending emails through Gmail succefully using nodemailer with xoauth2, but when the time comes to get new access token i receive [Error: unauthorized_client]. My code: var express = require('express'); var nodemailer = require('nodemailer'); var xoauth2 = require('xoauth2'); app = express();...
preskosemov
1

votes
1

answer
1.9k

Views

Using ZF2 Oauth2

I'm trying to get https://github.com/zfcampus/zf-oauth2 working with my Application (mainly because I have installed apigility and zf-oauth2 comes with it). I'm reading the very last section and it says to protect, I just simply use the following code (for instance, at the top of a controller): if (...
juworld
1

votes
1

answer
1.2k

Views

Problems building Apache Oltu 0.31

I'd like to run the client demo for Apache Oltu. Following the demo's instructions (download and 'mvn jetty:run') doesn't work due to missing dependencies, so I'm trying to build the whole project with 'mvn install' and running into other missing dependency issues. Here's the tail of the Maven outpu...
sherb
1

votes
1

answer
515

Views

Error: origin_mismatch

When I try to access to my project in google map engine form my server its make 'Error: origin_mismatch' I made the origin of JavaScript http://myserver.com and the request details appear in the error is the same origin. What is the problem? Reqest Details immediate=false response_type=token scope...
Ramy hakam
1

votes
1

answer
324

Views

Choosing the correct authentication protocol

Could you help me determine which authentication protocol I should use for the following use case? I am new to this area of development and am a little bamboozled with all the technical information out there - so a 'for dummies' answer would be greatly appreciated. I have an online learning website...
Oliver McPhee
1

votes
1

answer
345

Views

Oauth2 grant for server-to-server communication

I'm working in a microservice architecture, which has its own oauth2 provider in order to allow services interaction. I need to develop a service that is granted to access users' resources in order to perform internal tasks on user accounts. Since the service needing to access user resource is an i...
CodeShining
1

votes
2

answer
980

Views

How to add content to an Spring oauth2 access token?

If I understand the oauth2 spec correctly I should be able to add custom content like an user_id to the oauth2 access token. The server can then decode the access-token and add an User Domain Object to the SecurityContextHolder. (Of course I could add the user_id to every REST API method but this w...
jack
1

votes
1

answer
171

Views

Refresh token in Oauth2.0

I am making an OAuth 2.0 request and it is returning me JSON with refresh_token and access_token, why are there are 2 in OAuth2.0? Which one is short lived? What is the purpose of both? I read this question on SO but that didn'e helped me much, Any help in this regard will be appreciated Thanks
user3646405