Questions tagged [oauth-2.0]

1

votes
1

answer
390

Views

How do refresh tokens work in an OAuth flow?

I'm working with the Reddit API, which uses OAuth to authenticate users for the API. The APIs for their OAuth mention that essentially you present the user with a webpage, and after they grant approval they're redirected back to your application which is given a code. You can then take this code and...
Doug Smith
1

votes
1

answer
123

Views

erlang google oauth2 protocol for google calling apis

Hello I am writing oauth 2 library to access google api's and my code is as follows jwt_create() -> {ok,PemBin} = file:read_file('your-key-file.pem'), PemEntry = public_key:pem_decode(PemBin), [A,B] = PemEntry, io:format('A:: ~p ~n',[A]), PrivateKey = public_key:pem_entry_decode(PemEntry), JwtHeader...
Krishna
1

votes
2

answer
0

Views

How to protect the refresh token from hacker

I googled a lot on how to protect the refresh_token from a hacker because it will be stored somewhere in browser's local-storage/cookie, so a hacker can easily steal those tokens and I couldn't able to find a proper answer so I came here. I understand that access_token will expire in less-time and w...
1

votes
2

answer
470

Views

Google prediction API v1.6 - How can I make server to server call?

I'm experimenting with the google prediction API V1.6. I've followed the getting started section, and created a model using the explorer API. Now, my model is ready and the prediction results I get from the explorer are satisfying. Now when I'm trying to move forward (using nodeJS), I'm lost ... I'...
Roni Gadot
1

votes
1

answer
1.1k

Views

Fatal error: Class 'Response' not found

I'm working with Abraham's twitteroauth to implement Twitter OAuth in my application. While running my application, this is the error I'm encountering: Fatal error: Class 'Response' not found in /opt/lampp/htdocs/tmhOAuth-master/twitteroauth.php on line 108 Now, this is what my twitteroauth.php file...
Manas Chaturvedi
1

votes
1

answer
171

Views

Can't get Facebook Email

I'm following this tutorial here and I have the following code with the python library Rauth and Flask: def callback(self): if 'code' not in request.args: return None, None, None oauth_session = self.service.get_auth_session( data={'code': request.args['code'], 'grant_type': 'authorization_code', 'r...
Pav Sidhu
1

votes
1

answer
407

Views

Wordpress API: Get posts from private wordpress.com site

I am building a mobile app, and I want to use the wordpress.com api to get posts from my wordpress.com site. Normally, you can follow the instructions here: https://developer.wordpress.com/docs/api/getting-started/. However, in this case, the wordpress.com site I am trying to access is set to 'priva...
user9074126
1

votes
1

answer
1.9k

Views

Why is the scope parameter required in spring-security-oauth oauth 2.0 implemenetation

I'm implementing an OAuth 2.0 provider for my company's REST API using spring security oauth. For some reason when using the Token endpoint spring security oauth mandates the client to send their desired scope as a request parameter (this happens in the ClientCredentialsChecker.validateScope method)...
Ittai
1

votes
1

answer
433

Views

Do we need client-side flow or server-side flow or both to implement the login with facebook feature?

Currently on my website, users login with their login id and password, they are also required to enter their email when they register. Both login_id and email column on the users table have unique index. users table also stores other data associated with the user such as gender,last_name,first_name...
bobo
1

votes
3

answer
370

Views

Python httpd will listen on used ports without throwing a socket error in windows but not OS X?

This is really a follow-up to my post about a Python oauth2 BaseHTTPServer conflicting with SABNzbd+. Basically, I have the following little script (which is used to create a local server listening for Google API oauth2 credentials): import socket import BaseHTTPServer from oauth2client.tools import...
urbushey
1

votes
1

answer
1.6k

Views

Which OAUTH2 flow for mobile access and SSO

I have been studying the OAuth2 spec and lots of supporting material , but can't decide on what the best approach/flow is to use for my use case. I have a wep applicaton that my users can access via a SSO mechaism. its a basic enough mechanism, but it involves the user authorising themselves on thei...
user933709
1

votes
1

answer
802

Views

Google Prediction API Service Authentication in .NET

I'm trying to build a .NET service application that would access Google's Prediction API. This application is a service (no user interaction) so I'd like to know how it would be possible to authenticate to Google API automatically (without having it open a browser in which to log in and then press '...
1

votes
1

answer
155

Views

Handling the OAuth2 Client Credentials flow

I'm having trouble wrapping my head around implementing the client-credentials flow on the client side. Say the client requests a secure endpoint in an API without being authorized. The API will respond with 401 and that's that? As i understand it the client-credential flow should not require any us...
JonasFromell
1

votes
1

answer
374

Views

Facebook Auth Dialog display page

Is it not possible to display the Auth Dialog as page any longer? It used to work, but now I can't seem to get it to work. Thank you in advance.
curly_brackets
1

votes
1

answer
1.2k

Views

Node.js OAuth2: Get Google+ activities

From today I'm not able to retrieve my Google+ activities by placing a GET request to this url: https://www.googleapis.com/plus/v1/people/me/activities/public?key={API_KEY} I'm getting a 401 error. So I tried to sign the request using the node.js oauth2 library, including a pre-generated user token,...
mondul
1

votes
2

answer
979

Views

Using Facebook graph in Chrome Extensions

I'm trying to use Facebook graph in Chrome extensions, but I'm having trouble in using access token to have permissions. My extension folder has a background.html file with the this code: function displayUser(user) { var userName = document.getElementById('userName'); var greetingText = document.cre...
Calado
1

votes
1

answer
1.4k

Views

OAuth2 Authentication for “Google Service” returns “invalid_request”

I am attempting to form a json request to authenticate using oath2 specification for Google's 'Service Account' authentication. I am using google's documentation here. It is using JWT. It seems that there is not much information on how to do this using C#. This is the RAW json request that I am usin...
aceinthehole
1

votes
1

answer
1.2k

Views

Facebook Authentication throws Errors for a few Users

I am working with a team to build a Facebook game. For one of the people on the team, it will throw errors and not get his id or data. It works for everyone else that has tested, ~20 people. The error that is thrown: Warning: file_get_contents(https://graph.facebook.com/oauth/access_token? client_id...
Stuart Saunders
1

votes
2

answer
235

Views

How to authenticate a Firebase user to an IFTTT service?

I'm trying to build an IFTTT service and connect it to my Firebase backend. I need to authenticate user as indicated in the IFTTT docs: https://platform.ifttt.com/docs/api_reference#service-authentication IFTTT’s protocol supports OAuth2 authentication, including support for refresh tokens if so d...
now
1

votes
1

answer
43

Views

Token authentication and SSL

I'm relatively new to this area of securing API. Most of my career was in developing internal products for the use of the organization, or joining a product that has already implemented security (which usually does not change) When reading about JWT and Identity server, I understood the role of sign...
user355289
1

votes
0

answer
28

Views

Possible to have one OAuth 2.0 client for multiple Android apps on Firebase Auth?

I have a Firebase project shared by over 30 Android apps. Every app has its own OAuth 2.0 client used for Google Login. Now I hit the 30 apps per one project limit: https://firebase.google.com/support/faq/#app-per-project The firebase support is unable to increase this limit. Now my question is: Is...
Damnum
1

votes
1

answer
35

Views

Google Oauth2 failing on Google Domain

Salutations all! I purchased a Google Domain to make my app slightly more professional than just a bare Herokuapp. I'm running into issues with Oauth2 on that particular branch of the site. I'm running rails on the back and a bit of react on the front. I'm not sure what all you'll need, but I'll st...
Thomas Wilson
1

votes
0

answer
54

Views

“client_id” is missing when authenticate with LinkedIn

I'm trying to use oauth2 with LinkedIn, but when callback from LinkedIn, spring boot oauth2 trying to authenticate and failed with 'client_id is missing'. This is the tutorial that I use to make oauth2 https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/ and I want to edit it...
Yazeed Hammad
1

votes
1

answer
391

Views

How to get data from NXOAuth2Request response

I'm writing my first iOS app. It includes API calls through OAuth2Client. The problem is when calling the AdvAPI getUser function. A GET request is made through NXOAuth2Request which deals with the response data in responseHandler and variable result is set to an NSDictionary. The result however is...
Dandan
1

votes
1

answer
33

Views

WSO2is as service provider for Mattermost CE

I'm trying to use WSO2is as a service provider for Mattermost CE. My idea is to use the Mattermost GitHub social login feature with WSO2is instead of GitHub. To do that, I have configured Wso2is with Oauth service provider, which works fine. I'm able to authenticate myself and Mattermost accept the...
KeeperSD
1

votes
1

answer
71

Views

Sign-in with Linkedin Spring Boot Rest api

I can not sign-in with Linkedin. I see 401 error code. Please help me. My code: HttpResponse httpResponse = Request.Get('https://api.linkedin.com/v1/people/~?format=json') .setHeader('Host', 'api.linkedin.com')// .setHeader('Connection', 'Keep-Alive')// .setHeader('x-li-src', 'msdk')// .setHeader('A...
Rashid Shiralizade
1

votes
1

answer
28

Views

How to get authenticate with the squareup using backend golang?

In sqaureup application Aplication_name in oauth option there is a redirect url Which will redirect a given url with the QueryString code. While I'm hitting https://connect.squareup.com/oauth2/authorize?client_id=YOUR_CLIENT_ID this url in the browser then it will redirect me to a given url in oauth...
catter
1

votes
2

answer
142

Views

Quickbooks PHP SDK OAuth2, How to get and store access / refresh tokens

I have a Magento 2.3 store that I'm trying to sync some data to Quickbooks Online. I've created a QBO App but this is my first time using oauth and I'm a bit confused on how to store and use the access / refresh tokens. According to Quickbooks doc I need to store the latest refresh token: Each acc...
AJ47
1

votes
1

answer
70

Views

Best Flow for SPA [closed]

Should I go with the current supported libraries that only provide Implicit Flow, or write my own code from scratch to handle the Code Flow? After Doing quite a bit of research on the topic I see various different opinions on what type of flow to use when working with OAuth2.0 (OIDC).. Though recomm...
JoellyR
1

votes
1

answer
99

Views

Issuing Access Tokens with Passport in limited lifetime

Backend : Laravel api. Frontend: Angular. After setting up the Passport package on Laravel i use the regular way to authenticate user then issue token this way : $newToken = $user->createToken('myapp')->accessToken; this works fine but the problem is the token life time is 1 year as it considered Pe...
ghazyy
1

votes
1

answer
36

Views

Mastodon: How can you authenticate an app without a user token?

My understanding of oauth2 (in the context of Mastodon) is that the user registers their app with a Mastodon instance and receives client secrets which are then used to craft an authentication uri, which the user visits and retrieves an auth code, which is used with the secrets to request the final...
Luke Pighetti
1

votes
0

answer
35

Views

What is the ideal expiration time for oauth2 implicit flow

I understand that the access-tokens are issued with a short expiration time in OAuth2 implicit flow, so that the application is forced to continually refresh them (using iframes or other means), giving the service a chance to revoke an application’s access if needed. But what is the ideal expirat...
Vinay
1

votes
1

answer
1.2k

Views

Android: To use OAuth2 for auth in Google Accounts without Google APIs

In order to use Google APIs before is neccesary to authenticate in a Google account obtaining a auth token with OAuth2. Well, I would know if it is possible do the opposite: to use OAuth2 in Android for I authenticate in a Google account without use Google APIs. I only need to auth in the Google acc...
Santiago
1

votes
1

answer
1.5k

Views

How to use Resource Owner Password Credentials with Google OAuth?

Folks, I am looking for a functional example of using com.google.api.client.auth.oauth2.draft10.AccessTokenRequest.ResourceOwnerPasswordCredentialsGrant, to authenticate a user without using the web-based UI. Tried the sample provided in the class (replaced https://server.example.com/authorize with...
SergeyB
1

votes
2

answer
2.2k

Views

Session change in between Request and Process user authorization

I am trying to implement a simple login page that redirects a user to an OAuth2.0 login server, and then back to a callback URL after they have successfully logged in. However I keep on getting exception with error message: Unexpected OAuth authorization response received with callback and client st...
Ke Sun
1

votes
2

answer
0

Views

What is the way to detect if user installed my facebook application for the first time?

Im looking for a way to check after user autorized to my facebook application, if he is a new user - just installed the app, or he was in the past and he did sign in... any ideas?
Mika Cohen
1

votes
1

answer
346

Views

Can I use Firebase Realtime database/Firestore as a OAuth2.0 Server?

I am developing an native Android application using Firebase (No other custom server, only Firebase) And it should use other services. (like Facebook API, Twitter API, etc...) The service providers are providing the REST Api through OAuth 2.0. I am very newbie of the OAuth 2.0, I have no knowledge,...
yoonhok
1

votes
1

answer
114

Views

How can provide username and password for consuming rest controller with oAuth security in Angular 4?

I made rest controller method that returns list of person in spring boot, and provided oAuth service to secure my rest methods and this is service in angular 2 for consuming this rest service. import { Observable } from 'rxjs'; import {Http,Response} from '@angular/http'; import 'rxjs/add/operator/m...
1

votes
2

answer
1.4k

Views

Oauth2/Openid Connect. How to revoke unknown access/refresh tokens

In Oauth or Openid Connect, let's say an attacker takes an access or refresh token and the browser or app's caches are cleaned. Can a user revoke an access or refresh token issued by an Identity Provider if their string is not explicitly known?
GTDev