Questions tagged [oauth-2.0]

1

votes
0

answer
86

Views

How to implement OAuth2 Code flow with automatic refresh token grant

We have just started out with ASP.NET Web API 2 and implemented OAuth2 client credential token grant, resource owner token grant (for internal apps) as well as code flow token Grant for third party Vendors. For code flow, when the refresh token is exchanged for a new access token and refresh token t...
user10086331
1

votes
1

answer
393

Views

OAuth Redirect URL

In OAuth 2 when you add your client you give it a redirect url. e.g. http://example.com But when you request authorization for a user, you also pass back a redirect url as part of the request. e.g. authorize?response_type=code&client_id=CLIENT_ID&return_url=http%3A%2F%2Fexample.com%2Fsecure%2F&state...
Cameron
1

votes
0

answer
23

Views

Custom configuration for /oauth/token end-point

I use spring-security-oauth2. I would like to custom configure the /oauth/token end-point. After registration a new client, I need to use login and password from this client and create a token for him and return this token. Can I custom configure this /oauth/token endpoint? Can I return a custom err...
lor lor
1

votes
1

answer
33

Views

Why do I have strange property name when using google oauth api?

I'm setting up a web app (javascript) that allows a user to log in with Google OAuth API. I need to retrieve Youtube Data and Google Account Data. I use these scopes: https://www.googleapis.com/auth/youtube.force-ssl openid I get the data but the properties names are strange, take a look : https://i...
Jean Siffert
1

votes
0

answer
16

Views

How to tell if a Google Login user has a default profile picture or a custom one

With Google requiring everyone to migrate from Google+ sign-in to their native 'Google Sign-in' a few changes haven't been properly documented. In the Google+ sign-in flow you can make a request to get their profile picture and whilst the URL will always be unique there is an 'isDefault' field to in...
M1ke
1

votes
2

answer
83

Views

OAuth 2.0 on REST API with Third party provider

I`m new to OAuth 2.0 and am trying to develop a application using a third party OAuth provider with Authorization Code grant flow as ny Authorization Server and Spring Security. This provider gives me two endpoints /authorize and /token and those two, after the user authorizes its access, will retur...
Matheus Silva
1

votes
0

answer
25

Views

Integrating Kong and Azure Active Directory

Have you tried integrate Kong with Azure Active Directory Authentication in kong? What about it? I've found this documentation ... but I am not sure if LDAP can to be applied with Azure Active Directory. LDAP Authentication LDAP Authentication Advanced At this moment I am looking for it, but I think...
bgarcial
1

votes
0

answer
46

Views

An error started the container after enabling @EnableOauth2Sso.Error creating bean with name 'jwtTokenServices' defined in class path resource

In the service enabling @EnableOauth2Sso, enable configuration security.oauth2.resource.jwt.key-uri report an error,and there will be no error in the service that enables @EnableResourceServer tim 20190201102130 org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean w...
sdake
1

votes
0

answer
219

Views

Retrofit returns not working access token

I'm creating an authorization app, where user registers and gets client_id, client_secret, access_token and refresh_token. I have one API where i need to do call. In that call I use my access_token. All works great. But the access_token expires after hour, so with refresh_token I'm updating my acces...
Hayk Mkrtchyan
1

votes
1

answer
446

Views

Oauth2 flow for native app with back-end web app calling Graph API

I have the following set up: A web app (Jetty/Java) A native client (iOS) (calling my webapp) The Microsoft Graph API (called from my webapp) The idea is that the user should sign in with OpenID/Oauth2 using his/her Office 365 credentials. The webapp will then call the Microsoft Graph API on behalf...
Henrik
1

votes
1

answer
91

Views

How can we use Facebook,Twitter and other social authentication in Django Rest Framework

I am new to DRF token authentication and would like to implement Social Authentication such as facebook,twitter in my app. I have been reading how-to-implement-oauth2-using-django-rest-framework but confused with a part: What should i provide the username and password attributes if I'm using Facebo...
Jops
1

votes
1

answer
255

Views

How to start OAuth2.0 server in localhost using Yii2?

I am newbie on OAuth2.0 and YII2. I am trying to setup OAuth using Filsh Library. Everything setup correctly according to the documentation. But while trying to hit the url it throws me 404 page not found. Please help me where i am wrong and how to start the server. Project File Structure Step 1: Co...
Ncit Cosmos
1

votes
1

answer
455

Views

Invalid client error getting when trying to get new access token using refresh token in spring oauth2

when I am hit url to get access token as well as refresh token it works fine. url:- http://localhost:8080/thela-web/oauth/token?grant_type=password&client_id=thelaa[email protected] Response is perfect { 'access_token': '6ae54dc4-3dbf-48e6-9b7a-d58ececd...
P.K.Hindustani
1

votes
0

answer
97

Views

Passport.js authenticate to Gmail API leads to GooglePlusAPIError

I use Passport.js to authenticate with Google. I define the following scope: passport.authenticate('google', { scope: [ 'https://www.googleapis.com/auth/gmail.modify', ], }) So, I just would like to access the Gmail API. Now, Google responds with: GooglePlusAPIError: Insufficient Permission I get it...
nielsG
1

votes
0

answer
591

Views

Swagger codegen java client with OAuth flow

I have used the swagger codegen to generate a client for java with --library resttemplate. Then I configured the OAuth2RestTemplate with ClientCredentialsResourceDetails, prividing the accessTokenUri, clientSecret, clientId and everything worked like a charm (meaning, I injected the OAuth2RestTempl...
ReggieK123
1

votes
1

answer
132

Views

Issue in OAuth Authentication for Bigcommerce

I am trying to get authentication done via OAuth for Bigcommerce. It looks easy but not happening at my end. I got postman Bigcommerce APIs in collection. But there is no API for Customer Login API and when, I am trying to do it via OAUth it is not happening though it works fine with Basic Authentic...
Ruhii
1

votes
2

answer
184

Views

Google OAuth 2.0 implementation - registration

In the Google developer console, when you create new app credentials for use in OAuth 2.0, and you specify a web app, it requests that you register callback URI and JavaScript origins. I don't have a precise understanding of the need to register these. For the callback URI, presumably this prevents...
allstar
1

votes
0

answer
46

Views

Sharing access tokens across instances

If I am using client credential grant flow(https://auth0.com/docs/api-auth/tutorials/client-credentials), and I want to renew token on expiry, what is the correct way to use this across multiple instances? Will multiple instances use different tokens, or a token will be shared and stored in some se...
Sarang
1

votes
1

answer
42

Views

Error Handling For ResposeWriter / Write

I am using osin, Go Lang oAuth Server to try and build a oAuth sever. So I have used, or i am trying to use the complete example given, to give me a good place to start playing with the code to see what I can do. However, I have a lot of errors with the file. Now most seem to be about error checki...
Coder99
1

votes
1

answer
448

Views

Unsupported grant type when getting OAuth token for Reddit API

I'm trying to get an OAuth token for the Reddit API following the Application Only OAuth instructions. My reddit app is an installed app, so for my grant_type I'm using https://oauth.reddit.com/grants/installed_client. Currently I'm running a very short JS script to query the API and get a token:...
brooks.johnson
1

votes
0

answer
44

Views

No redirect when using IdentityServer3 and angular

I am currently developing an authorization system prototype using ASP.NET Web API 2 and angular. For the authorization and authentication I'm using IdentityServer3. The architecture looks like this: Frontend: Angular (6) Client: ASP.NET Web API 2 Authorization Server: ASP.NET Web API 2 Resource Serv...
KevNet
1

votes
0

answer
46

Views

Retrofit not retrieving AccessToken

I have been following this tutorial as I have been advised that Retrofit is the best API to use for oAuth and network calls: Retrofit oAuth2 tutorial It seems to have been working well and I had retrieved my authorization code without any problems. However, when It came to using the code they suppl...
Aaron
1

votes
1

answer
229

Views

C# OWIN OAuth2 Server: Access token always returns invalid_grant

I am building an OAuth2 Authorization Server as per this example here: https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server I have an authorization code and am attempting to exchange it for an access token. No matter what, I get a 400 response 'i...
1

votes
1

answer
128

Views

Acumatica report authoring and single sign-on

Our users authenticate to Acumatica using OAuth2-based SSO with Google as the identity provider. They do not have passwords to access the system (we generate very long, strong passwords which are discarded as soon as SSO is set up). I don't want to go into all the reasons why SSO is important to us....
Matthew Mellon
1

votes
0

answer
17

Views

OAuth state param for CSRF - a potential spot for DDOS?

The first step for OAUTH applications is to request the identity of the Auth provider (such as GitHub, Facebook etc). For this request, it is expected to create an unguessable random string. It is used to protect against cross-site request forgery attacks (see github documentation). This string is l...
igr
1

votes
0

answer
60

Views

OmniAuth::Strategies::OAuth2::CallbackError user_cancelled_login | The user cancelled LinkedIn login

So I am developing a Rails application with LinkedIn authentication. The application works fine in all the cases except the case when user cancels the login. I have already visited all the solutions on this site could possibly help, but no luck. I have designed a very basic login structure and I cou...
KINNARI SHARMA
1

votes
0

answer
8

Views

How to access Wordpress authentication token

We are trying to link our website to Wordpresses API using OAuth 2.0. Hoping that a client can authenticate and post to WordPress from our site. We need to receive an access token to do this. We have successfully connected with Wordpress to receive our access code. We've followed the Wordpress api,...
Joe Benebenek
1

votes
0

answer
208

Views

Bitrix don't send access token oauth2

I tried to connect with bitrix using software Postman API. The goal was to test some REST comments, but I have problem with authorization. Using Postman I filled up: auth url, access token url, Client ID and Client secret of my bitrix, after that login page is visible and I entered login and passwo...
Menomen
1

votes
0

answer
155

Views

Which scopes and APIs to use with Microsoft Live OAuth?

I've been trying to include Microsoft OAuth authentication in my web app using the following documentations : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code And: https://msdn.microsoft.com/en-us/library/hh243647.aspx My question is this : sho...
Michael
1

votes
0

answer
16

Views

Is there a working Devise/Omniauth/Oauth2 interface with Wordpress?

I'm trying to use Wordpress to authenticate my Rails application users with the following Omniauth plugin: https://github.com/jwickard/omniauth-wordpress-oauth2-plugin I've followed the instructions carefully, and duplicated his example, but it doesn't work. Which is really surprising, because there...
David Krider
1

votes
0

answer
9

Views

how to auto sign out user after using “sign in with slack” with oauth2

after using oauth2 flow for slack ('Sign in with Slack') and making appropriate API calls, we need to make sure users are properly signed out of Slack as well, else, on a shared computer, subsequent users would gain access to their info. we're using oauth2 with slack and all is well but we don't kno...
Frederic Rudman
1

votes
0

answer
44

Views

How to get the access token from the redirect_uri?

I am creating a web based application and want to get data from Basecamp using their API through OAuth2. I have successfully redirected my page to this link my redirect_uri, but I couldnt get any access token from the page. How to get the access token using the flask application that I have created...
Irwin
1

votes
0

answer
67

Views

Getting Azure oauth2 token from Javascript not working always

I am trying to get aouth2 access token using java script by calling a mvc action method to access the web api methods. Here I am checking every 30 seconds whether the token is expired or not if it expires if trying to get the new token.The problem here is this is working if I remove below line of co...
Bharath Gajjala
1

votes
0

answer
10

Views

React Native auth0 'access_denied' 'unauthorized' error

I am trying to add auth0 authentication to my React Native app. I am following this quickstart guide: https://auth0.com/docs/quickstart/native/react-native I am connecting to a 'Regular Web App' application set up by a client, and am running the following code: auth0 .webAuth .authorize({scope: 'ope...
gkeenley
1

votes
1

answer
121

Views

Reddit gives 403 when upvoting via API

I've registered as the Web app as required by the Reddit API for the Oauth access with identity, edit, flair, history, modconfig, modflair, modlog, modposts, modwiki, mysubreddits, privatemessages, read, report, save, submit, subscribe, vote, wikiedit, wikiread scopes. I'd authorized my app and have...
Sridhar
1

votes
1

answer
213

Views

oauth token request errors with “missing required parameter 'client_id'”,

I'm trying to get a token from squares oauth. I can successfuly get the code but when i try to get the token i receive the error 'missing required parameter 'client_id''. I can successfully get a token from postman but not sure why oauth2.Exchange is not passing all info to the oauth server when I t...
Yasin Shuman
1

votes
0

answer
48

Views

Authentication on verifying email with keycloak

I'm working on email verification in keycloak. When user create account on register, an email is sent to verify his email. But when he clicks on the link, it's directly redirect to 'my account page'. This is pretty strange for me. I saw that keycloak recognize the client with the cookie AUTH_SESSION...
Kilian
1

votes
0

answer
31

Views

Oauth2 and Microservices

Throughout this afternoon, I tried to implement a micro service architecture without success. The great problem is the security. I read the Oauth2 doesn't work with Spring cloud unless your implementation uses the api getaway like a Oauth2 client. I have tried this solution, the api gateway do login...
rumberomelo
1

votes
1

answer
590

Views

OpenID Connect: Implicit or Auth Code flow for SPAs?

There are multiple auth flows in OIDC; Implicit and Auth Code flow are the 2 primary ones accessible to SPAs. Recent emails in the in the ietf mailing list indicating that Auth code flow should be preferred over implicit flow due to security issues of having access tokens show up in browser history...
Eric B.
1

votes
0

answer
26

Views

OAuth v.s my custom token based implementation

I am writing backend for a mobile app where the login info (user), details of the app and everything used in the mobile app will be on the server side. That's how I have written the app flow: The created users are saved on the server side via registration API The newly created users send credentials...
Danyal Sandeelo