Questions tagged [oauth-2.0]

1

votes
1

answer
847

Views

Generate Access Token In Web Api action method using OWIN and IIS host

I'm trying to generate a token inside Web Api action method based on the code below: private JObject GeneratePaymentTokenResponse(string email, bool rememberMe) { //var tokenExpiration = rememberMe ? TimeSpan.FromDays(14) : TimeSpan.FromMinutes(30); var tokenExpiration = rememberMe ? TimeSpan.FromMi...
Taiseer Joudeh
1

votes
1

answer
0

Views

FitBit subscription API: where is the association made between user and app

I reviewed the following documentation: FitBit Subscription API Let's say I go through the fitbit setup and create a subscription for my app. Next, someone joins my website using the oauth 2.0 login for fitbit and agrees to provide access to activities and heart rate. When the person uses the fitb...
user1790300
1

votes
1

answer
282

Views

Getting Unauthorised Access Error (401) while accessing default drive using One Drive Business API

I want to integrate one drive for business into my windows forms application in Visual Studio 2008. I have followed the link 'https://dev.onedrive.com/auth/aad_oauth.htm' for registration in Azure and authentication into Office 365. I am able to get the 'https://{tenant}-my.sharepoint.com/_api/v2.0/...
user3270620
1

votes
1

answer
105

Views

Need Auth0 rememberLastLogin parameter info for plain link option

I am using Auth0 and I have integrated it with Plain link so Auth0 Lock UI is rendering from that link so for this I have to set rememberLastLogin to false. Anyone Having an idea how to pass this parameter with link. Thanks, Mit
Mit
1

votes
2

answer
1k

Views

How can I test the grant type authorization code for oauth2 on WSO2?

Found samples for Custom grant, password and credentials. Is there some sample (nodejs, curl, java or any other option) that you can test the authorization code with the playground2? Oauth with Grant Type Password: http://xacmlinfo.org/2015/03/09/openid-connect-support-with-resource-owner-password-...
Henrique Andrade
1

votes
1

answer
868

Views

Load Testing Azure Web App with OAuth2

I'm trying to wrap my brain around setting up load testing secure azure web applications. I want to push a load test to the cloud, which is pretty simple given we are using VS online. However, when running multiple users I get several errors. I think the errors revolve around a single account trying...
Mateo
1

votes
1

answer
177

Views

ROPC or Client Credential Grant for 1st party centralized-account app?

We are developing app-1 and app-2 REST API where accounts will be managed by a single account(company). Something similar when you need atlassian account for you jira and confluence application. Im quite confuse where to place the /login endpoint and where to create session. What I'm sure is that se...
1

votes
1

answer
137

Views

Google Cloud Endpoints : Picturesque App

I am currently learning Google App Engine. I want to develop a cloud app that provides synchronization using Google Cloud Endpoints. Frankly, I am impressed with Picturesque App (https://github.com/GoogleCloudPlatform/appengine-picturesque-python) that was demonstrated during Google I/O 2013. This a...
mckareem
1

votes
2

answer
0

Views

using Oauth to access app engine pull queue from non app engine server

I am trying to access my app engine applications pull queue from a separate python application. Here's what I know: I need to use oauth to authenticate I need to use Google's rest api I need to define a pull queue in my app engine project that has an acl list which specifies which account is granted...
Sam
1

votes
2

answer
2.3k

Views

Is using a SSO Assertion (JWT or SAML) For OAuth Assertion Flow Common?

I'm working on a set of systems that are exposing REST APIs that are authenticated using OAuth 2. Various of these systems have their own indpendant sets of user accounts, there is no common notion of a user identifier across all the systems. For interactive usage we already have a SAML Single Sign...
EdC
1

votes
1

answer
782

Views

Bigquery API php authorization

I'm trying to get access bigquery api using PHP library, but I always have this error: Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/bigquery/v2/projects/primeval-shadow-571/datasets/Test/tables: (401) Login Required' in ... I h...
Alex Bondarenko
1

votes
2

answer
1.4k

Views

Insert event with Google Calendar API in Chrome Extension keeps failing

I'm having trouble getting the format right for a chrome extension using the Google Calendar API. I have an OAuth2 access token (which is valid, I can test that with tokenInfo), but am having trouble. I'm using a proprietary framework to build the extension, which complicates things, but maybe you...
Tim M.
1

votes
1

answer
40

Views

Supporting multi login for same account using tokens

The normal token based authentication works as follows The client sends a username and a password to the server. The server will add that client as a first time user and generate a token for the client and pass that token back to the client as a response. The next time when the client wants to conne...
Sachin Malhotra
1

votes
1

answer
0

Views

Handling OAuth2 Implicit Redirect with Angular Routing using HashLocationStrategy

I'm enabling OAuth2 on an SPA as follows: The implicit grant type is the only grant type supported My Angular 5 app uses HashLocationStrategy for its routing I cannot change either of these constraints. When I log in to my app and get redirected, the redirect url from the authorize endpoint looks li...
Mark
1

votes
1

answer
693

Views

How can we use Amazon cognito as a identity provider for other applications like google or facebook

We can associate google, Twitter, or any Oauth2.0 authorisation with AWS cognito. But, can we use our cognito as Oauth2.0 or an identity provider for other websites?
Shobhit Gupta
1

votes
1

answer
54

Views

Is it possible to get refresh token from Google without running a server on my VPS?

I need refresh token so that I can send messages to registered Chrome browsers using GCM. However most of the tutorials I consulted require a server to be running at my side and I have to do everything manually, open the auth url, authenticate it and get redirected to my server to get refresh token....
avi
1

votes
1

answer
228

Views

Setting Dr. Edit error

I am following all the steps from the readme file of DR. Edit for Java. I have created a project in Eclipse, I copied java folder to my project and then, I add Drive and OAuth APIs. I can't compile because there is an error with dependence: import com.google.api.services.oauth2.model.Userinfo; This...
Diego Jovanovič
1

votes
2

answer
117

Views

Google Drive persistent authorisation

Is it possible to generate a persistent form of OAuth 2.0 authorization for accessing a Google Drive account? Based on documentation on OAuth 2.0 credentials that authorize access to user's data, it seems that the authorization is short lived and needs to be refreshed. Use-case: a standalone applic...
user3629400
1

votes
1

answer
102

Views

Unable to authorize using OAuth (Google API)

I'm trying to use Curl in order to authorize using Oauth, but I'm getting a 'Required parameter is missing: grant_type' response from Google. Can anyone tell me what's wrong with my code? $curl = curl_init(); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Host: www.googleapis.com', 'Content-Type: app...
user3730307
1

votes
1

answer
145

Views

How should the server for a single-page application handle expired oAuth tokens?

As background, I'm using the Google OAuth2 NodeJS client, but I think my question is more abstract / technology independent. My website is single-page application that communicates via AJAX to the server. When a user first visits my website, I perform an OAuth2 flow which redirects them to Google to...
plexer
1

votes
2

answer
874

Views

Specify OAuth token in GET URL

My REST service uses OAuth 2.0 authentication. I want to test some GET URLs using the browser (without using a client). Can I pass the bearer token in the URL ? URL : www.example.com/employee/employeeId
user379151
1

votes
1

answer
1.5k

Views

PHP Google Analytics API Authorization error

I want to fetch Google Analytics data for my website via Google Analytics API. First, I went to developers console, I enabled Analytics API, then under credentials section I created new ClientID (Service account). Now, this is my code include 'assets/src/templates/base.php'; require_once 'assets/src...
golobich
1

votes
1

answer
1.7k

Views

SpelEvaluationException interpreting “access” string in ResourceServerConfigurerAdapter

Any ideas on this? From Tomcat: Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1011E:(pos 8): Method call: Attempted to call method throwOnError(java.lang.Boolean) on null context object Returned to Client: java.lang.IllegalArgumentException: Failed to evaluate express...
JvmSd121
1

votes
1

answer
874

Views

LinkedIn - OAuth2 - retrieve list of all connections

How can I retrieve all connections of a profile? The user is logged in, I can successfully retrieve the profile with https://api.linkedin.com/v1/people/~?format=json but I don't know how to get all connections of a profile. solution 1 (does not work!): I've found out, that it could be retrieved with...
prom85
1

votes
1

answer
278

Views

passing username/password to ADAL for Android

I'm trying to set up a login with username and password for ADAL (Azure AD). I use the library that Microsoft published via Maven: implementation 'com.microsoft.aad:adal:1.11.0' But this one only seems to support logging in via a pop-up screen, coming from the SDK. I want to supply the username and...
Boy
1

votes
1

answer
395

Views

OAuth2 global method security

I'm trying to achieve global method security with OAuth2 using Spring. But I keep getting this exception: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultServletHandlerMapping' defined in class path resource [org/springframework/boot/autoconfigure/web/W...
Moshe Arad
1

votes
1

answer
249

Views

Is setAccessToken necessary after refreshToken? - Google API PHP

Here is my code: $client = new Google_Client(); $client->setApplicationName('dayPlanner'); $client->setClientId(env('googleClientID')); $client->setClientSecret(env('googleClientSecret')); $client->setAccessToken(session('token')); if($client->isAccessTokenExpired()) { $client->refreshToken($user->r...
Mike Thrussell
1

votes
1

answer
306

Views

passport-azure-ad, validation of tokens

This question is related to passport-azure-ad, does it parse & validate token? I've tried to master using the passport-azure-ad module. I successfully log in my user with OpenID Connect, pick up the access_token and use it directly my REST API's which are secured by app.get('myapi',passport.authenti...
SanderSV
1

votes
1

answer
396

Views

OAuth vs OpenID: confused about when to use one of these and why

So these days I was reading about OpenID and OAuth2. I've seen some questions (this and this), but from what I've read you can use OAuth and for authentication, not just for authorization. On the second question, I've read this: If you have an account (with some private resources) in a website, you...
Buda Gavril
1

votes
1

answer
136

Views

Calling Servlet for Facebook API to get Access Token

QUESTION EDITED: I am using Captain Casa framework. I have a button that will open a new tab and go to facebook login page. public void goTofbPage(javax.faces.event.ActionEvent event){ FBConnection fbConnection = new FBConnection(); setBrowserUrl(fbConnection.getFBAuthUrl()); m_browserTrigger.tr...
AyukNayr
1

votes
1

answer
173

Views

Azure AD “Grant permission” button stopped working

Since 18th of May 2018 the button to grant permissions button in Azure (used as admin to give permission to application roles for all users) stopped working. I am global administrator on the AD It worked before AAD error details: 'Failed to grant permissions for application [application name]' Erro...
MiKey
1

votes
1

answer
395

Views

Laravel 5.3 OAuth2 NotFoundHttpException

I installed the laravel/passport into Laravel 5.3. The authorization and requesting token is working fine but when I add middleware('auth:api'), I get this error: NotFoundHttpException in RouteCollection.php line 161 See here: Route::get('test', function(){ echo 'hello world'; })->middleware('auth:a...
Pedro Carmo
1

votes
1

answer
187

Views

Google OAuth JWT Verification locally

I am developing a website that has Login with google. once the user has signed in, I get a id token from the google js api and send to to the server to verify it. I can verify and do the process easily with Google token info endpoint, but that will result in a lot of HTTPS Requests, as it sends an H...
Bhanuka Yd
1

votes
1

answer
1.1k

Views

OAuth2 with Implicit client and csrf protection

I have an API I want to secure with OAuth2. I already did a dummy test with the password grant_type and everything works. I can request tokens, access secured endpoints with it, etc. The server acts as the authorization and resource server. Later on I read that I should be using the implicit grant_t...
user1294431
1

votes
2

answer
205

Views

Tyk Ouath2 flow client_credentials ERROR: Couldn't use policy or key rules to create token, failing

I'm using Tyk 2.2.0 as an api management oauth2, basic, I need to add the client_credentials oauth2 flow as an allowed_access_types. I made the following changes in order to generate an access token via this new oauth2 access type: Create a Tyk Api: { 'name': 'api_oauth_v2_oauth2', 'api_id': 'openAp...
Moussi
1

votes
1

answer
1.1k

Views

Oauth2 timeout with google API

I'm using Oauth2 for authentication on Google Calendar API based based on the introductory quick start guide I'm now running this on a web server and have set the callback port to 9999, which I have also entered in the GCP console. I get the link in the log file and I am able to authenticate on the...
Fraser
1

votes
1

answer
16

Views

Trying to find out the technical name of this step in oAuth world

I've done this several times with Google sign in. Basically, use the token to ping Google's auth servers from my server and findout if the token is valid and validate user info. The process is outlined here https://developers.google.com/identity/sign-in/web/backend-auth#verify-the-integrity-of-the-i...
kishu27
1

votes
1

answer
582

Views

How to get a Bearer access token for Service Accounts

I have generate credentials for a service account like this: f = file(settings.SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb') key = f.read() f.close() credentials = client.SignedJwtAssertionCredentials(settings.SERVICE_ACCOUNT_EMAIL, key, scope=settings.GROUPS_SCOPE, sub=settings.ADMIN_DOMAIN_EMAIL) print...
Drwhite
1

votes
2

answer
2.3k

Views

Getting Twitter auth token with Volley POST request

I'm trying to produce a proper request for Twitter Application-only authorization token using a Volley POST request, but I keep getting a Http 400 response (Bad Request). This is what I tried : URL private static final String TWITTER_API_AUTH_URL = 'https://api.twitter.com/oauth2/token'; Encoding t...
2Dee
1

votes
2

answer
821

Views

google ExchangeCodeForTokenAsync invalid_grant in webapi

i have implemented GoogleAuthorizationCodeFlow scenario from google api client dotnet and tutorial to get token from what my client sent to server as a code. but when i call flow.ExchangeCodeForTokenAsync , I get the following error : {'Error:\'invalid_grant\', Description:\'\', Uri:\'\''} I read...
alireza