Questions tagged [oauth-2.0]

1

votes
4

answer
595

Views

Should OpenID connect ID tokens be validated in the browser?

As I was working on a blog series about OpenID connect with Angular I was working with an Angular library for OpenID connect called angular-auth-oidc-client. This library is used for implementing OpenID connect implicit flow and does client validation of both the ID token and access token. My questi...
lyzz
1

votes
1

answer
437

Views

“error”:“invalid_grant”,“error_description”:“invalid authorization code” in salesforce

I have setup my 'Salesfore' connected App for 'OAuth' using which I am able to authenticate user. For subsequent request I am trying to get access token hence posting values to Salesforce as below. $.post('https://login.salesforce.com/services/oauth2/token', { 'grant_type': 'authorization_code', 'co...
Imad
1

votes
1

answer
41

Views

Trouble logging into my web application with google oauth2.

I am having trouble signing into my web application. I am using oauth2 for sign in. After signing in with my gmail account it just brings me back to a blank white page with a google sign in button on the top left corner. the url reads: localhost:8000/login In my google api console I tried editing t...
digi_life
1

votes
1

answer
399

Views

Swagger Spec for OpenID Connect

Since OpenID Connect uses HTTP, headers, query strings etc I would like to get a Swagger/OpenAPI specification as documentation. I have tried to find it but not successful. Do you know where to find it? / Joacim
4integration
1

votes
0

answer
72

Views

Hiding Client_id in Springfox Swagger UI - 2.8.0

I'm using SpringFox Swagger 2.8.0 with implicit flow. The code is working fine find but when I click Authorize button within the model popup it is showing the client_id like as shown below. Can anyone please tell me how to hide that client_id from UI My swagger configuration is as given below @Bean...
Alex Man
1

votes
0

answer
9

Views

Show page if OAuth implicit flow is valid

So I volunteer a bit for my local sports club by, among other things, maintaining their website. They asked me whether I could look into making a 'members only' part of the site, where you could only get by logging in. And now here's the thing. There's this service in the Netherlands called 'sportli...
Jasper
1

votes
0

answer
28

Views

Gmail API, only snippets from Twitter emails contain bunch of \u200c characters instead of the real snippets

This is how I am getting list of threads: page = resource.users().threads().list( userId='me', q='category: social', maxResults=50).execute() threads_list = page.get('threads', []) And when I print threads_list, I get something like this: [{'id': '16643b797b5cf72d', 'snippet': 'Some normal thread sn...
avram
1

votes
1

answer
189

Views

OAuthException: Invalid response from google

So I am running my Flask application from the google cloud shell. In this app the user needs to login with their google account. I installed all the required libraries using the cloud shell. When I run the app in the cloud shell, after choosing the google account I want to log into my app with, thi...
rini saha
1

votes
0

answer
17

Views

Integrating SnapKit with AWS Cognito - which standards does SK support?

I'm trying to integrate SnapKit Login in my iOS app, and I'm using AWS as my backend - so I want to use Cognito. Cognito User Pools can integrate third party login providers if they support OpenID Connect or SAML. I can't find any documentation if SnapKit Login supports one of these. Is it OpenID Co...
Yariv Adam
1

votes
0

answer
27

Views

No oauth client details found for https://{domain}.net/ and oauthClientId {id}

I trying get oauth access token for add on.I followed this guideline https://developer.atlassian.com/cloud/confluence/oauth-2-jwt-bearer-tokens-for-apps/. I am getting No oauth client details found for https://{domain}.net and oauthClientId {id} error. Can anyone help me on this? Request: url='https...
Aravind
1

votes
0

answer
93

Views

Scale Jhipster monolith while using keycloak

I want to use keycloak with my monolith application. Also, I want to scale. However, when generating a jhipster app, the registry option is not available for choosing OAuth2. Using registry: My primary goal is that hazelcast instances will find each other. Config server (optional) For JWT it just wo...
pmverma
1

votes
0

answer
48

Views

How to fix the redirct url issue in social linked in integration with springmvc

i am facing one issue in linkedIn social integration with spring mvc based web application updated their social library to 1.0a Oauth to 2.0 Oauth in linked in developer network i mentioned Redirect url to http://localhost:8080/Myproject/signin/linkedin here once i run the project linkedin login p...
Jhon
1

votes
0

answer
157

Views

OAuth client to Azure Active Directory receives AADSTS70002: Error validating credentials

I have registered a web application in Azure Active Directory. The goal of this app (platform) is to be an external claims provider for conditional access, invoked via a custom control. As a result, the application has the following Delegated 'Required permissions': Access the directory as the signe...
Shane Weeden
1

votes
1

answer
68

Views

Cordova OAuth NOT using google/twitter/facebook etc

I'm trying to write a Cordova/Ionic app that uses OAuth to log into a server. I had been previously using the guide here http://ngcordova.com/docs/plugins/oauth/ , but I now need to use OAuth to carry out the authentication process with a provider that isn't one listed on the page. I've been given a...
Bya413
1

votes
0

answer
317

Views

Spring Framework and encode/decode of public key

I am trying to create a new RsaVerifier to check a public key: JwtHelper.decodeAndVerify(token, verifier); I do believe it's a valid public key. I'm copying it correctly from my browser. It does begin with a return character though. It actually has them in several places: -----BEGIN PUBLIC KEY-----\...
Mike
1

votes
1

answer
400

Views

oauth2 POST - twitter

i created a script that will get the users friend list (GET request) and i was successful. Now i am attempting to make a script that will follow a particular user (POST request) and i've been unsuccessful. here is my oauth function (where the problem lies): def augment_POST(url,**kwargs) : secrets =...
Mint
1

votes
1

answer
862

Views

oauth 2.0 integration with peoplesoft

Our existing customer base is in peoplesoft and we are developing lot of mobile applications. Hence, we would like to use oauth 2.0 for authentication and authorization, but i cannot find any way to integrate the two.
Jimm
1

votes
2

answer
2k

Views

Authentication with the Google Docs List API, Python and OAuth 2

I'm trying to use the Google Docs API with Python+Django and OAuth 2. I've got the OAuth access token, etc. via google-api-python-client, with the code essentially copied from http://code.google.com/p/google-api-python-client/source/browse/samples/django_sample/plus/views.py Now, I assume I should b...
Jordon Wii
1

votes
1

answer
53

Views

Facebook oauth2 API refresh tokens

I am building an application that does not have a client interface. At the setup step: The user logs into the server throught a browser once using oauth, and the server makes sure that the client is identified. From this point on, no browsers are invlovled. It all happens in the background. It then...
eshalev
1

votes
1

answer
686

Views

Connecting to LinkedIn via ouath and R

Have successfully connected to Twitter using R and trying to leverage that code to connect to LinkedIn, but not quite able to make it work. I think the code is close, but somehow the last step is returning an error. Currently, I am able to get LinkedIn to return a token right after the handshake, bu...
hnreddy
1

votes
0

answer
146

Views

Preventing need to re-login with Angular6/Spring Boot 2 web app using oauth2

I'm writing a small web-app using Spring Boot 2 as the backend and Angular6/Ionic as the front end. The intention is to have users add the site to their home screen and for it to basically look/feel like a native app. This is working pretty well but I would like to use Google for login with Spring...
jrlambs
1

votes
1

answer
55

Views

Coinbase OAuth Failure Not Found

I'm trying to setup OAuth in my application for coinbase. I'm running into issues after authorizing in the callback Redirect. I've got a .Net-Core Application Setup like so: public const string COINBASE_AUTH_ID = 'coinbase'; public void ConfigureServices(IServiceCollection services) { services.AddM...
johnny 5
1

votes
1

answer
242

Views

Google oauth2 service api key not valid

I used Google_Oauth2 Service in github to login via google in my site But today we're a problem with the callback url address When identity is done In the return address we encounter the following error Message: Error calling GET https://www.googleapis.com/oauth2/v2/userinfo?key=%2A%2A%2A2A%2A: (4...
MJ7
1

votes
1

answer
100

Views

Swashbuckle Swagger UI OAuth2 GET token request unsupported_grant_type

Problems I am using Swashbuckle 5.6.0 for ASP.NET Web Api 2 with OAuth2 token authentication. When I try to authorize a Controller action decorated with [Authorize] using the red exclamation mark button in SwaggerUI I receive the error unsupported_grant_type Another problem seems to be that Swagger...
Dennis
1

votes
0

answer
41

Views

Jquery Post response not going to .done method (linkedin oauth)

I am trying to send a POST request using JQuery. The POST request is to get the access tokens for linkedin. I am getting the json response with 200 status code (checked in debugger tool). The problem I am facing is that after getting the response its not going to the done function, its going to the...
bob
1

votes
1

answer
1.3k

Views

OAuth2 redirection fails with CORS error

I have a RESTful service which I have secured using Spring Security and pac4j-oauth. An important detail is that Google is acting as the OAuth2 server-- we need the user's Gmail address to know if they are a legal user of our system, and eventually the service will also need access to their calendar...
Bampfer
1

votes
0

answer
39

Views

Unity 3D and authenticating using Microsoft.IdentityModel.Clients.ActiveDirectory (OAuth2.0)

I'm recently working in a little application using Unity 3D and C#, and I'd like to consume a service to retrieve data to present, this service is using OAuth2.0, which I always consume in an standard C# application by using Microsoft.IdentityModel.Clients.ActiveDirectory package, but it seems like...
saman0suke
1

votes
1

answer
783

Views

Gin Sessions Stores the status and the code in the URL , I want to change that to make my URL cleaner

I am making a backend using go, the backend should get the google calendar of the user who login in the site using google account. I am using gin to do the routing and sessions from this package github.com/gin-gonic/contrib/sessions this is my main method func main() { router := gin.Default() var st...
AmrAyman
1

votes
1

answer
662

Views

Redirect URIs must all belong to the same domain

According to the Azure Portal: Redirect URIs must all belong to the same domain But I can define the following: Why doesn't that break the rules of 'the same domain'?
spottedmahn
1

votes
1

answer
648

Views

rail+devise+devise-google-oauth redirect to google login when visit restricted url

I'm using Devise with omniauth-google-oauth2 gem. I only want to implement google sign_in. This is my user model: #app/models/user.rb class User < ActiveRecord::Base devise :omniauthable, :omniauth_providers => [:google_oauth2] attr_accessible :email def self.find_for_google_oauth2(access_token, sig...
user1066183
1

votes
1

answer
1.3k

Views

Accessing LinkedIn data via API using python (and authorisation in general)

I'm trying to access LinkedIn data via API (I don't have an app, I just want to access company data - or see what can be accessed). There are other questions here on this topic, but most are out of date (using packagaes which precede LinkedIn's current authorisation process). I followed the LinkedIn...
Jaber
1

votes
4

answer
1.7k

Views

Use of dropbox with core APIs, but avoiding login page

I want to use Dropbox for my file share application, using Core Dropbox APIs. I am using OAuth 2.0 APIs for authentication (Implicit Grant Method). The issue is, In order to obtain the access token, I need to be logged-in to dropbox account or it redirects me to Dropbox login page. I don't want my u...
akhilesh1988
1

votes
0

answer
102

Views

Spring fires AuthorizedEvent just before AuthorizationFailureEvent

I am trying spring boot for some project and encountered an security related issue (possibly my mistake). I want to log user requests and operations in following manner (authentication is not a concern yet): Log(User Request ) -> Log(User Authorization Status) -> if (authz is succeed) then { Log (...
öncül korkut
1

votes
1

answer
192

Views

Refreshing an Access Token for Client Credentials Flow

I was wondering what the best way is for me to refresh an access token that is obtained through the client credentials flow within OAuth 2.0. I've read over the spec, but I can't seem to be able to find an answer for my particular situation. For my specific case, I am using the Spotify Web API for...
coolDude
1

votes
2

answer
46

Views

Tokens statelessness and storage

I have been reading a lot about not saving the tokens in the user agent storage and I agree with the risks mentioned. But going through some of the Auth0 quickstart examples, I see the tokens being saved in the session and using session cookies to track them. Others mention saving the actual token...
Wisam Naji
1

votes
2

answer
77

Views

For the sake of security, what's the benefit of the id token provided by OIDC? What if id token is stolen?

I have read a lot about OIDC and OAuth2, I know the id token is mainly used for the client to know who the user is and whether the user is still online currently. Furthermore, Id token can prevent a class of impersonation attacks [You can find more details in this article]. But what if the id token...
Charlie
1

votes
1

answer
117

Views

OAuth Client Credential Flow - Calling client details as claims

I have an Identity Server 4.0 implementation at my workplace. On top of Implicit and Auth Code flow, we are planning to use Client Credential flow for API to API call authentication. There are few API that need to keep a log of who called it (the name of calling API). I have done a lot of digging bu...
Dharmesh
1

votes
1

answer
218

Views

Logging out from IdentityServer quietly?

I'm using OAuth2 from an IdentityServer 4 instance. Based on this example, I'm able to login and call an API hosted by the server. How would I perform a logout from OidcClient without showing a webview prompting the user to confirm the logout? At present, I'm using the following code to logout, but...
Ryan
1

votes
0

answer
371

Views

Asp.Net Web Api token authentication in Angular 5

is there any documentation how to implement Asp.Net Web Api(oauth2 ) token authentication in Angular 5 ? i can use it with postman and consume the bearer token key ... but i do not know how to use it with angular 5 and there is no documentation or examples to learn from .
achrafbenalaya
1

votes
2

answer
475

Views

How to obtain a Google oauth2 refresh token?

The following code uses the Google oauth2 mechanism to sign in a user. We need to process updates to the user's calendar while the user is offline, so we ultimately need the 'refresh token'. Does the result from grantOfflineAccess() return the refresh token (below, I can see that response.code hol...
John Livermore