Questions tagged [oauth-2.0]

1

votes
1

answer
1.5k

Views

google oauth2 get token javascript post request

I saw some questions and answers about this but couldn't understand what to do. I get this error: XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allo...
Javi
1

votes
1

answer
367

Views

UX Perspective: Should my Single Sign On server be on the same domain?

I'm already developing a SSO server, providing access to my main app and also giving the ability to third party applications get user information through an oAuth2 implementation. All these things (login, user management, sign up, access tokens) were developed in a totally separated project called '...
Vinicius Tavares
1

votes
1

answer
216

Views

Using Spring oAuth2 impl, is it possible to “downgrade” the scopes of an access token during a refresh-token grant?

I have two clients, one Public Client used by regular end-users logging in via our web page or native apps and one Confidential Client for our admin system. Both issues two JWT's, one Access Token and one Refresh Token. The Public Client is not allowed to issue admin rights. The Access Token is shor...
Andreas Lundgren
1

votes
2

answer
227

Views

How to access parameters in a redirect URI in Flask?

I'm working in Flask on creating a JMML ('Join my mailing list') widget that submits data to an email marketing platform, and the platform follows an OAuth2 flow. The basic flow is: I create access URL using a the base API URL, an API key, and a redirect URI The program accesses this URL, and the us...
Matt Lefevre
1

votes
1

answer
523

Views

Doctrine 2 and OAuth2.0 Server PHP Client Credentials are invalid

I am trying to implement OAuth2 with Doctrine as an entity manager. I followed this tutorial exactly: http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/ Here is my code that is called when a user makes a request to the API: // obtaining the entity manager $entityManager = EntityMan...
Trevor Hutto
1

votes
2

answer
608

Views

OWIN OAuth 2.0 Authorization Server - Paths namespace

I am using the OWIN OAuth 2.0 Authorization Server sample as a temple for creating my own OAuth service provider using our companies Active Directory. The 'Download the sample code' does not work and I cannot find the Paths object in the following code snippet // Enable the Application Sign In Cooki...
1

votes
1

answer
6.1k

Views

Spring OAuth2 Resource and Authorization servers

In Spring OAuth2 it it possible to separate Authorization server and Resource server into separate applications. Like stated in : https://github.com/spring-projects/spring-security-oauth/wiki/oAuth2 Seemingly both web applications require these: instance of AuthorizationServerTokenServices instance...
user921176
1

votes
1

answer
507

Views

Google Analytics OAuth2 refresh tokens limit

I built a platform in PHP that enables users to create their own websites. To connect the site owners to Google services (specifically Google Analytics), I created a Google application for my site users to connect to their account. This is done through Google's API V3/OAuth2. The flow is: User logs...
user3764996
1

votes
1

answer
152

Views

How to Create and Integrate Google Apps Marketplace in ASP.NET website?

I have a website and i want to create an app on Google Apps Marketplace. and want to integrate this app to my website. the google user logged in with google account just click the app and redirected to my website with all authentication pre processed with google's latest authentication api. Please h...
1

votes
2

answer
1.2k

Views

Bigcommerce Authentication code

How to get Authentication code ? I am using https://login.bigcommerce.com/oauth2 url and passing client_id={0}&redirect_uri={1}&response_type=code{2}{3} in get method, but it gives me error 'The page you were looking for doesn't exist.' I know after getting Authentication code I can generate toke...
user3388887
1

votes
2

answer
401

Views

How to grant acces permantly with OAuth2

I have tried to use OAuth2 to build a group settings service with the following: def groupSettingsService(request): CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json') FLOW = client.flow_from_clientsecrets(CLIENT_SECRETS, scope=['https://www.googleapis.com/auth/apps.group...
Drwhite
1

votes
1

answer
58

Views

any best practices for storing and accessing oAuth access_token?

Considering the user has helped me to generate an access token and other stuff(refresh token/instance-url) in my application.Every time I do a job for the user I have to use this token and communicate with his application. What are the best practices to store these access token with userId informati...
a YUY
1

votes
2

answer
201

Views

Sign UP oAuth Tokens Quickblox and oAuth

I'm working the login system with http://quickblox.com/, I've this code to authenticate using social,(twitter this case). var params = { 'provider': 'twitter', 'keys[token]': '...', 'keys[secret]': '...'}; QB.login(params, function(err, user){ if (user) { // success } else { // error } }); and t...
1

votes
1

answer
500

Views

OAuth2 Token Validation and confidential clients

I have a question about OAuth2 and validating the client that a token has been assigned to. The spec says that for confidential clients a client must authenticate when requesting tokens etc, for example with a basic auth header. This means we can verify that a client has been registered and an acces...
Jamie Pollard
1

votes
1

answer
560

Views

How is native client only Facebook Login secure if you never send your client secret to get an access token?

When you integrate Facebook Login into your app, there are essentially 2 (OK, there are more than 2, but for this question I'm just concerned with these 2) ways to get an access token: Have FB return a code to your app, which you then exchange for an access token ON YOUR SERVER by adding your client...
adevine
1

votes
1

answer
1.2k

Views

oAuth2 login on the api for web app in ruby on rails using doorkeeper with the help of devise

I am new to api development in Ruby On Rails. In the rails app I have devise for authenticating and I also want to use doorkeeper for OAuth2 login on the apis. I don't know how can I implement Api and how to use doorkeeper for that. Can anyone please explain it with the steps that I need to follow t...
Saritha Ks
1

votes
1

answer
2.1k

Views

Django OAuth 2 client setup - client isn't recognizing tokens

I attempting to use the Django OAuth Toolkit in a project I'm working on. I've set up two servers - one as the OAuth provider and another as a client service that is accessed only by authenticated users. The OAuth provider seems to be working just fine. I'm able to create a link on the client se...
Joel B
1

votes
3

answer
1.1k

Views

Invalid refresh token while trying to refresh an access token on Office365 APIs

I'm currently trying to develop a web application which syncs calendars from Office365, and so far I managed to fetch a couple of tokens from Azure's OAuth system. But, even though the Refresh token seems to have at least a validity period of 14days, it seems that whenever I try to refresh my Access...
Talus
1

votes
1

answer
87

Views

Is it possible to modify WSO2 token response?

we using WSO2 to generate token now I like to add custom parameters to that response payload Current response : {'access_token':'6a841cf7-fad1-3f1d-8e9a-d0f692beedd3','scope':'am_application_scope default','token_type':'Bearer','expires_in':2203} I like to modify : {'access_token':'6a841cf7-fad1-3f...
jayesh
1

votes
1

answer
1.2k

Views

Can we get access token from authorization code in passport js

I have a client which sends me the Authorization code obtained from an oauth2 authorization end-point. I can create a request from my nodejs back-end code to get the tokens from the token end-point using this authorization code. However, I think that passport js should already have a logic for this,...
Saurabh Gour
1

votes
1

answer
181

Views

Request to get user info from Spotify Web API results in 401 error

I want to use the Spotify API to retrieve a user's info. I've already figured out to get an access token. First I get the authorization code from Spotify and I send that to and endpoint that generates an access token, this looks as so... const access = async (req, h) => { // URL to retrieve an acces...
Bolboa
1

votes
1

answer
27

Views

Why do I only sometimes get an OAuth 2 consent dialog?

I just wanted to check my understanding here. When I log into some applications e.g. Dropbox with my Google account, I get a consent dialog: I can then revoke access in my Google account as I would expect. However, when I sign into other apps e.g. SoundCloud, I don't get a consent dialog at all, it...
James Bateson
1

votes
1

answer
88

Views

Slack OAuth Setup Step 1 - Testing w/ Postman - Error: Invalid client_id parameter

I'm in the process of setting up oauth following the process laid out by Slack for my Slack app (I've used a token previously for the same app). Unfortunately I'm hitting a snag with step 1. I'm using Postman to test out the GET request to https://slack.com/oauth/authorize by passing along 3 paramet...
Mix Master Mike
1

votes
1

answer
160

Views

Secure the Auth Code in Oauth2 with native apps (Android)

That question is hardly related to AppLinks assetlinks.json appears not to be used for validation I am implementing Oauth2 apps on Android. I would like to do SSO (single sign-on) and I have a concern about AppLink to secure the Autorization Code. The native app, through the browser, initiate an Aut...
MalikDe
1

votes
1

answer
1.8k

Views

Silent authentification with oauth2 (prompt=none)

Hi I have SPA(Single page application) where I use oauth2 implicit grant for authorization. As Identity server I have Wso2 identity server 5.4.1. I am able to authorize the app and everything works as desired - also I configured to skip the consent. Here goes the problem: I am trying to silently re...
dtechlearn
1

votes
3

answer
38

Views

Authentication solution for a Java based Product

We are developing a Java based product. We need to make the authentication part to fit for major authentication services, like LDAP, OpenID, Oauth2, SAML. The idea is, when we deploying the product for a company who is having LDAP, our product should be able to cater it. If the company has OAuth2, t...
J4Priyan
1

votes
1

answer
279

Views

PHP Azure Active Directory API Access using Client Credentials (X.509 certificate)

I'm developing a PHP script to login to Microsoft's 365 API and scanning a user's emails for matches with entries within a CRM, so we can link the emails in Outlook with the People in the CRM. I've got the normal client_secret login method to work via Azure, so I have setup a webapp entry in the Azu...
Steve Childs
1

votes
1

answer
0

Views

issue while calling zendesk real time chat api

can anyone help me I am trying to call below request curl https://rtm.zopim.com/stream/{resource} \ -H 'Authorization: Bearer {API access token}' initially, I tried with basic auth (adding id : password in the request) response was unauthorized, then I generate access token with postman like in belo...
Yusuf Khan
1

votes
1

answer
213

Views

Unable to update Microsoft.Owin.Security.Google from version 2.0.0 to 4.0.0

I am trying to implement external authentication in my Web-api project by following this link https://www.youtube.com/watch?v=WsRyvWvo4EI&t=609s app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() { ClientId = '', ClientSecret='' }); The code above could not find GoogleOAuth2Authent...
Ahsan Sohail
1

votes
1

answer
117

Views

Is it a good idea, to use Google Oauth 2.0 for login and permission administration?

I'm currently working on a project, where the developer before me implemented the login into an intern tool via google Oauth 2.0 He does that, by just grabbing the user domain, after authenticating with google and checks if it is 'ourCompany.com'. If yes, he renders the page, if not, he redirects th...
Fkscorpion
1

votes
1

answer
1.7k

Views

Spring boot use Cloud gateway with Oauth2

My problem is Cloudgateway security with Oauth2. However, Oauth2's config @EnableOAuth2Sso will cause the following error: Description: Parameter 0 of method modifyRequestBodyGatewayFilterFactory in org.springframework.cloud.gateway.config.GatewayAutoConfiguration required a bean of type 'org.spring...
Silver Light
1

votes
1

answer
451

Views

Autherization service is not responsding with access_token while using zuul gateway

I created multiple microservices with springboot 1.4. Last week I decided to implement oauth2 authorization service. My plan is something like, Every request should be handled by zuul gateway which is registered by Eureka. So the new Authorization service will be called by eureka to get access_token...
Vishnu KR
1

votes
2

answer
1.4k

Views

Graph API authenticate as a user programmatically

I'm trying to get a specific user OAuth2 bearer token using HTTP POST request, and nothing seems to work. login_url = 'https://login.microsoftonline.com/' authorize_endpoint = '{0}{1}{2}'.format(login_url,config.tenant_id,'/oauth2/authorize') bodyvals = {'client_id': config.client_id, 'client_secre...
4c74356b41
1

votes
1

answer
262

Views

Laravel 5.3 passport ask http authentication

In my client i'm using following route to get auth token. Route::get('/redirect', function () { $query = http_build_query([ 'client_id' => '1', 'redirect_uri' => 'http://localhost:8001/callback', 'response_type' => 'code', 'scope' => '' ]); return redirect('http://localhost:8000/oauth/authorize?'.$q...
1

votes
1

answer
1.1k

Views

API key for Mailchimp API authentication Methods

We are exploring the MailChimp API v3.0. There are two types of authentication methods: Basic and OAuth 2. We are able to authenticate using both ways, but there is confusion with the Authorization Header part: Basic Authentication (both authorization headers below work): Authorization: Basic base64...
sonia
1

votes
1

answer
1.4k

Views

How to make a request with PHPLeague oAuth2 client?

I'm integrating with a affiliate platform for a client which provides an oAuth2 API, don't usually do massive amounts of work with oAuth2. I've decided for my client, I'll use the PHP Leagues oAuth2 package: https://github.com/thephpleague/oauth2-client Anyway, I've got an accessToken no problem! us...
André Figueira
1

votes
1

answer
1.1k

Views

Spring security oauth2 : grant_type=password Authentication

I am using Spring Oauth 2 to secure a web application and to implement a three Legged security system and when it comes to using a grant_type=password I've noticed that the URL used to get a token for a user is: Method : POST + Basic-Authentication header for the client http://host:port/api/oauth/...
Rafik BELDI
1

votes
1

answer
326

Views

Configuring OAuth 2 in Java Spring Boot

I'm trying to create a server with OAuth 2 but I have a problem. I configured OAuth, the user can authorize and get a token but the REST methods are always accesible, for example a user can use method POST when they didn't authorize. How to configure OAuth so the REST methods run only when a user di...
Someone
1

votes
1

answer
1.1k

Views

The example code for Facebook Web Login returns an error?

I just copy and paste the codes from newest Facebook official documents (Document) (JsFiddle): Facebook Login JavaScript Example // This is called with the results from from FB.getLoginStatus(). function statusChangeCallback(response) { console.log('statusChangeCallback'); console.log(response); //...
Hanfei Sun
1

votes
1

answer
172

Views

Is it possible to use WebMock with Rack Test?

Using WebMock to stub an Oauth 2 Provider. The issue is that I want to use Rack Test. Rack Test only runs against an instance of the app, and does not know about external HTTP hosts like the Oauth 2 Provider. WebMock.stub_request(:get, 'https://test.oauth-provider.com/oauth/authorize') won't work be...
B Seven