Questions tagged [oauth-2.0]

1

votes
2

answer
1.4k

Views

Rails 4 - Google One Time Code Flow with omniauth-google-oauth2, keep getting “Invalid code”

I have a Rails app in which I want users to be able to sign in / up with Google. I'm using the following gem: #gemfile gem 'omniauth-google-oauth2' I've almost got it to work (I actually received the access token once, not sure why) - but before getting the access_token I constantly get the followin...
Anders
1

votes
2

answer
3.5k

Views

(400) Bad Request using Google API PHP Client with the Admin SDK

I'm trying to use the Google API PHP Client with the Google Directory API. I went into the Google Developers Console and created a project called google-sync. I then enabled the Admin SDK in the APIs list page. I then selected 'Create new Client ID' from the Credentials page, and selected Service Ac...
Nathan Jones
1

votes
1

answer
307

Views

OAuth 2.0 Authorization Server and Access Tokens

I'm currently studying OAuth 2.0 and OpenID Connect and I have a doubt regarding the Authorization Server and Access Tokens. The spec defines the Authorization Server as: The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization....
user1620696
1

votes
1

answer
76

Views

How do OpenId Connect's id token feed into a subsequent OAuth2 flow for authorizing access on another resource?

Assume aim is to authorize access to Resource Server (RS) resource.com/resource via access token but using OpenId Connect for authentication instead of relying on custom authentication integrations of Authorization Server available in OAuth2. I am not clear how they interoperate, how does the id tok...
NicuMarasoiu
1

votes
1

answer
556

Views

Restler+OAuth2 - Identifying the user correctly

I'm working with Restler and the OAuth2 module written by Brent Shaffer. What I want to do is determine the user from the token they send, inside my app classes, not just the OAuth2Server classes. There are two methods that I can see of doing this. Hopefully this explains what I am trying to do. Met...
Dan Power
1

votes
1

answer
107

Views

Is it possible to get custom attributes on AWS Cognito sign up form?

I am building an Alexa Skill that will implement Account Linking. When a user uses my skill, they would have to use the Alexa App to sign-in. The Authentication UI is set up and managed by Amazon Cognito so that I don’t have to host my own sign-in and sign-up UI for my Alexa application. My User P...
thedreamsaver
1

votes
1

answer
75

Views

How to authenticate users with Slack Direct Install URLs if they aren’t logged in to my application?

Slack provides the ability to make a Direct Install to install your application. When you save your Direct Install URL, Slack will attempt to send a simple HTTP GET request to your declared URL. If it doesn't detect a HTTP 302 redirect pointing back to a fully qualified slack.com/oauth/authorize URL...
Daniel Compton
1

votes
1

answer
1.1k

Views

“X-Frame-Options to SAMEORIGIN” with Oauth2 authorization in Box.com API

Until today I was able to make request from authorization code inside an iFrame in my webApp. But from today I get the follow error: Refused to display 'https://app.box.com/api/oauth2/authorize?response_type=code&client_id=vdjlo1qw0234qbik69npfbvftl5m3d5' in a frame because it set 'X-Frame-Options'...
RikyTres
1

votes
1

answer
2.3k

Views

Cannot make GetRefreshToken.php work with Adwords API

I'm a noob to Adwords API and please let me know if I 'm not describing my issue clearly. I searched on the internet, people do have similar issue as I do yet none of them gave a solution that worked for me. I pretty much have the same problem as the OP of this thread does. The only difference is I...
aarryy
1

votes
1

answer
486

Views

hello.js library for Twitter, Google+ produces logout error

I have problem with logout with twitter and Google+ with hello.js library with auth authentication. I have written logout code it is not working for twitter and Google+ but working with Facebook perfectly. Code here: hello('google').logout({force:true},function(){ alert('Signed out'); });
user3493817
1

votes
2

answer
1.3k

Views

Get Instagram login ID through API auth login

I'm trying to make a check for a specific user logging into Instagram and approving an app I've created. Is this possible? Example flow : User comes to my app User clicks login/authenticate via Instagram User logs in (or check is made if user is logged in via Instagram) User is redirected to my app'...
lionysis
1

votes
1

answer
83

Views

How to integrate Oauth2 in Drupal for user login?

I am planning to integrate Azure Authentication in my Drupal 7 site. I got the Token endpoint URL, Client ID, Client secret from Azure Support team for my site URL. When i tried to connect getting below error 'Access token requested for user XXXXX: FAILURE' Thanks in advance Girija
Girija S
1

votes
1

answer
314

Views

Error: Zend Framework does not recognize google api auth class objects

namespace Application\Controller; use Zend\Mvc\Controller\AbstractActionController; use Zend\View\Model\ViewModel; class IndexController extends AbstractActionController { public function indexAction() { return new ViewModel(); } public function foo() { session_start(); include_once '/Application...
Grasp_IT
1

votes
1

answer
1.8k

Views

Django OAuth2 invalid grant_type

I am using Django OAuth Toolkit and I successfully create sign_up call - which in return gives me this response: { 'username': 'boban16', 'client_id': 'sxFB8WOd5qupdyp5c4pjJHXAQQFPVCW7FKA3SUmy', 'client_secret': '3nUreBDpx9cCSEeVyOhpXZ76Om0keOxFwK2rRQJNK5wvYuA1tUF37sH0Of473wCgeJ3tCmflN9kPnP9VkgepWxr...
bla0009
1

votes
1

answer
58

Views

Is a Refresh Token necessary when building a RingCentral cronjob?

Since using the refresh token gives you a new pair of tokens, what is the advantage of doing a refresh versus just obtaining a new Auth token? For example: 65 minutes after obtaining a token, I have to refresh it (and obtain a new token), or just obtain a new one Why not just get a new access token...
Grokify
1

votes
2

answer
494

Views

Where does a OAuth 2.0 Redirect URL come from?

I am currently trying to use the LinkedIn REST API. I am using C# and I have been having trouble with OAuth. I have looked at various posts such as this: OAuth with Verification in .NET, which really explained most of the confusing topics, but I am stuck on something that is apparently too obvious t...
James Allingham
1

votes
1

answer
374

Views

Google OAuth2 Redirect URL Issues

I cannot figure out how to pass a redirect url to accomplish OAuth2 authorization. Google REST API indicates that redirect_url parameters can be passed but this .Net API does not seem to have a feature to pass redirect url Dim Coll As New List(Of String) Coll.Add(CalendarService.Scope.Calendar) Col...
Allen King
1

votes
2

answer
1.2k

Views

How to get authorization code for VKontakte in Java?

public static void main(String[] args) { try { OAuthClientRequest request = OAuthClientRequest .tokenLocation('http://api.vkontakte.ru/oauth/authorize') .setClientId('45XXXXXX') .setUsername('[email protected]') .setPassword('XXXXXXX') .setClientSecret('XXXXXXXXXXXX') .setGrantType(GrantType.AUTH...
user3759605
1

votes
0

answer
21

Views

teleport community auth with private github

We are trying to configure teleport community from gravitational with github connector for authentication. Instead of github.com we want to use our own private installation of github to authenticate against. I have been unable to find a way how to configure this. Documentation mentions not much in r...
Greg Hill
1

votes
1

answer
47

Views

Central auth server with multiple clients using resource owner password credentials oauth flow

I've got the following set up: Central auth server written with spring boot that is currently working (I can curl and receive an access token, jdbc token store, etc) Multiple applications owned by the same developer, sharing the same customer base on different domains. IE: John Doe for app1 is the s...
user10776719
1

votes
1

answer
33

Views

Authlib token not saved in database

I'm trying to provide an authentication via username and password, which works after hours of hitting my head against a wall. But there is still one thing I can't figure out. I don't get an token inside my database when I issue a token with return authorization.create_token_response() but the token...
Biskit1943
1

votes
1

answer
76

Views

How do I authenticate with Google's REST services using a GoogleSignInAccount?

I'm writing an Android application that needs access to Google's Calendar API. I'd like to avoid using the Google API Client Library in favor of a simple Retrofit REST implementation. However, I can't seem to get the right authorization credentials in order to complete Calendar API REST calls. In my...
Carter Hudson
1

votes
1

answer
34

Views

On which side the access_token needs to be updated

Since an access_token has a short life period, for the users' convenience a refresh_token is used. Let's imagine we have client side mobile iOs/android app. After the first login when the user provides his username and credentials then the subsequent request is sent to the server side which respond...
Andrey Ivanov
1

votes
1

answer
55

Views

OAuth 2 OIDC Grant type for 1st-party native mobile applications

Which grant type do 1st-party native applications on phone use? Since they own the native apps and the API, they never show an Authorization screen or in-app browser tabs when user wants to sign-in. For example Facebook, Google, Instagram, LinkedIn etc, what Grant type are they using to obtain both...
muhammad usman
1

votes
0

answer
19

Views

circular dependency error for dataSource after adding spring DATA JPA

I am working in spring boot security with Oauth2. Oauth2 to makes use of jdbcAuthentication in AuthorizationServerConfigurerImpl. But in my webSecurityCofigurer implementing class i want to use Spring data JPA to implement userDetailsService. After enabling @EnableJpaRepositories it is throwing circ...
1

votes
0

answer
120

Views

spring boot 2 test ignores ResourceServerConfigurerAdapter

I have a oauth2 resource server with the following rules: http.authorizeRequests() .antMatchers('/api/client/all').hasRole('ADMIN') .antMatchers('/api/client/create', '/api/client/update', '/api/client/delete/*').hasAnyRole('USER', 'ADMIN') .antMatchers('/api/client/*').hasAnyRole('USER', 'ADMIN') ;...
Martijn Hiemstra
1

votes
0

answer
23

Views

OAuth request is not working for Languages url when I use access token

When I do an outh request from my App to laguages url from a repository from Github using the url provided by the API using an access token I get the following response { 'message':'Resource not accessible by integration', 'documentation_url':'https://developer.github.com/v3/repos/#list-languages'...
Alain Planas
1

votes
0

answer
43

Views

infinite OAuth Redirect Loop with node.js

I'm trying to OAuth users of my single-page webapp but I'm ending with infinite redirects there. I registered application in express to behave like when url is hit, then redirect user to OAuth server: expressApp.use('/', (req, res) => { var redirectUri = 'http://myApp.com'; var clientId = 'someClien...
Petr Bečka
1

votes
1

answer
1.5k

Views

PHP Google Api Code Exchange Results In “invalid_grant”

I realize there's about 20 of these posts, but I've looked through all of them and no answer has helped thus far (although has helped me rule things out). I'm writing a bunch of Youtube related api functions in PHP, and I have no issues grabbing data once I have an access code (and also no issues re...
Any Day
1

votes
2

answer
413

Views

Authorization request to Feedly API throws a bad request with Guzzle?

The objective is to exchange the authorization code for the access and refresh token. Error: GuzzleHttp\Exception\ClientException #400 Client error response [url] http://sandbox.feedly.com/v3/auth/token?code=[auth_code]&client_id=sandbox&client_secret=[secret]&redirect_uri=https%253A%252F%252F[site...
Aditya C
1

votes
0

answer
323

Views

InsufficientAuthenticationException at Spring Boot OAuth2 Authorization Code Flow

I have created Authorization Server and Resource Server with Spring Boot OAuth2 and it works fine with password grant type. I want to test Authorization Code Flow from Postman. I send such a request to get an access code: http://localhost:1111/oauth/authorize?response_type=code&client_id=test_client...
kamaci
1

votes
0

answer
32

Views

AADSTS70012: Non-retryable error has occurred

https://login.microsoftonline.com/common/oauth2/v2.0/token I am trying to hit this url to obtain the access_token, when I obtain the auth code from users consent from browser I am getting the access_token and refresh_token as well, but I when I try to obtain a new access_token using the refresh_toke...
Sidhant Rajora
1

votes
1

answer
205

Views

Security aspects of using OpenID with SSL and financial transactions

I am designing a web/mobile app that aggregates and customizably presents hobby/lifestyle-related data from 3rd party web services (Stage 1). If the site gains popularity, I plan to offer related sporting gear for sale (Stage 2). I am relatively new to OpenID/OAuth and plan to use it for Stage 1 in...
amphibient
1

votes
1

answer
216

Views

In Swashbuckle oauth 2 password flow, username and password are not passed in headers

I am using swashbuckle.core in my project. Below is the SwaggerConfig.cs: using System.Web.Http; using Swashbuckle.Application; using WebActivator; using System.Collections.Generic; using System; using Swashbuckle.Swagger; using System.Web.Http.Description; using System.Linq; using System.Web.Http.F...
user2309997
1

votes
0

answer
166

Views

oAuth2 SSO without Cookie

We're having a native iOS and Android app that has a custom login form to authenticate a user directly via an authentication endpoint of an oAuth2 enabled indentity provider (the app sends the user credentials via HTTP request to the identity provider and gets a JWT as response). The app does not ha...
Moritz
1

votes
0

answer
28

Views

Unable to find stats with Yahoo Fantasy Sports API

https://developer.yahoo.com/fantasysports/guide/game-resource.html So on the API guide, under stat_categories, there are a set of ids, https://fantasysports.yahooapis.com/fantasy/v2/game/nba/stat_categories But when I'm looking at the json data from all the API request I make, there's no {'stats':...
jensen yap
1

votes
1

answer
241

Views

How can i get token from identity server 4 from angular js?

I can get get access token from postman oauth 2. Same way i was tried to generate token in angular js with redirect url, client id ... etc. But i not able to do and also i don't know how? I was created identity server 4 API sample with auth server. Now i want to get token from my angular app. But i...
1

votes
1

answer
678

Views

Google Analytics API: How to solve OAuth2 Missing Scope Parameter Error?

I'm trying to get this example to work: https://developers.google.com/analytics/devguides/config/mgmt/v3/quickstart/web-php#enable The error I'm getting is 'Error: invalid_request, Missing required parameter:scope' In order to install the google api resources, I used composer with this command: php...
LatentDenis
1

votes
1

answer
43

Views

using oauth for API without 3rd party

I know that OAuth 2 is very useful in situations where you want to delegate authorization to a third party (i.e someapp.com wants to access your facebook photos), but does it make any sense to use OAuth in scenarios where you just have a RESTful API without third parties, and you want to protect you...
Mister_L
1

votes
0

answer
38

Views

Understanding Oauth2 with spotify

I followed this tutorial word for word to make a connector between data studio and spotify, but when I go to publish via manifest, I get the following error: 'Client ID is required. :45 validate_:42 :298 get3PAuthorizationUrls:79' I've gone through the entire documentation on both sides and it seems...
satoshiMotoMoto