Questions tagged [oauth-2.0]

0

votes
0

answer
4

Views

How to fix 'Social Network Login Failure' error of django-allauth deployed on Elastic Beanstalk

I'm using django-allauth plugin to provide Facebook login in my application. The login works perfectly on my machine (localhost:8000) but it gives me this error when I try to login in the online version, deployed on Elastic Beanstalk (AWS): Social Network Login Failure An error occurred while attemp...
Notorious Etam
0

votes
0

answer
2

Views

How to request authentication from a user for a YouTube Analytics API script?

I have a python script that pulls stats from my YouTube channel. I used this sample code here. I have downloaded the Client secret, authorised YouTube API and I am able to see some data in the response. Now I'm trying to pull data for another YouTube channel (from a separate google user, for example...
giac_man
0

votes
0

answer
3

Views

Is there Daily Limit for OAuth2 Login with google products

I used to get data from the Youtube Data API with API Keys. After seeing theyre almost fully exceeded I switched to let the user login to use their own limits. But I still have the same problem. Is there a way to work around that problem? Error occured while requesting statistics: Daily Limit Exceed...
Shorty
0

votes
0

answer
10

Views

I am getting OAuth2 server connection error few times in Laravel framework

I am using Laravel framework for my application. Every day few times it is throwing the OAuth2 authentication error and it says 'The user credentials were incorrect' but after sometime automatically it is connecting. Anybody can help me on this why it is happening. local.ERROR: League\OAuth2\Server\...
bhaskar p
0

votes
2

answer
30

Views

What OAuth pattern/flow is this called?

I'm attempting to use OAuth 2 in order to create an protected API. Except, I want all of my users on the site to require an access token in order for them to access the API. The reason being is my API will be exposed to the public, but I don't want the public to access this API. My application makes...
James Jeffery
0

votes
1

answer
70

Views

PHP oauth2 how to use refresh_token

I´m a bit puzzled how to use auth_ and refresh_token correctly in php. I have registered a new client app with the oauth-provider. After that my app sends the client-id and secret to the oauth2-authorization-endpoint which returns following: Array ( [result] => Array ( [access_token] => qjdcshsmgwc...
t Book
0

votes
3

answer
787

Views

Spring Boot Oauth2, “Access-Control-Allow-Origin” Error (Server returns 401)

i have a rest server with oauth2 implemented. POSTMAN works good but our angular2 client wont work because of the following reason on console: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http:/...
Ibrahim Erol
0

votes
1

answer
899

Views

Get a new token with the refresh token symfony oauth2

I work on symfony project with FriendsOfSymfony/FOSRestBundle, FriendsOfSymfony/FOSUserBundle and FriendsOfSymfony/FOSOAuthServerBundle. In the security part, i can't get my new access token with using the refresh token. I can only get my access token.I have followed some tutorials and i got this er...
Mohammad Trabelsi
0

votes
1

answer
28

Views

oauth2 refresh token with long expiration

I have a oauth2 api where my token expires in 1 day but I wish the user be able to keep logged and in this case the client request a refresh token to expires in 1 year from now. The problem is when I got the refresh token to expires in 1 day instead of 1 year. Here are some code snippets to help you...
Diego Dias
0

votes
0

answer
117

Views

Which flow should I choose for OAuth authorization with JavaScript

OAuth 2.0 authorization server has authorization grant flows for applications. For a token request there are 3 options: Authorization Code Flow Implicit Flow Resource Owner Credentials Flow Which should I use in an Angular JavaScript application? Authorization Code and Implicit flow require Client S...
barteloma
0

votes
3

answer
321

Views

How access token is validated for accessing protected resources in token based mechanism?

I want to do token based mechanism where I would be having either SPA or mobile apps supporting multiple clients. Use case of my web service engine and my application: My web application: Client will do registration of their application either SPA or mobile apps.They will get client id on registrati...
0

votes
1

answer
691

Views

Spotify API no token provided

How does Spotify API authorization work? I've read Spotify and Guzzle docs, put one and one together: $client = new GuzzleHttp\Client(); $res = $client->get('https://api.spotify.com/v1/me', [ 'Authorization' => ['Bearer ' . $session_owner->spotify_token], ]); echo $res->getStatusCode(); // 200 ech...
Edmund Sulzanok
0

votes
0

answer
54

Views

How do I use an id_token issued by Google as a JWT Bearer Grant

I want to use the id_token issued by Google OAuth2/OIDC provider as a JWT Bearer grant[1] at some other Identity Provider(say X) to obtain an access_token. Everything is fine except for 'aud' claim of the id_token. According to the JWT bearer spec[1], the 'aud' claim should contain some identifier o...
farasath
0

votes
1

answer
18

Views

Can not get token (OAUTH2, Spring, Kotlin)

I try to get token but it not works. Request work in postman, but when I try reproduce this in angular I getting: My request in postman: My request in angular: getToken() { const headers = new HttpHeaders(); headers.set('Authorization', 'Basic ZGV2Z2xhbi1jbGllbnQ6ZGV2Z2xhbi1zZWNyZXQ='); headers.set(...
mremil6
0

votes
0

answer
796

Views

Angular2 Client and REST Spring Boot Server using OAuth2

Let's assume: Angular2 Web Application => WebClient Spring Boot REST server => WebServer WebClient and WebServer are separate with different addresses. What I would like to do is access data from WebServer rest endpoints. I need authentication to return user sensitive data. Use case: User register...
0

votes
0

answer
88

Views

How to use Adal-Angular4 to set an audience when requesting token from AzureAd

I am trying to authenticate an Angular 6 client with a .net API, Authenticated against Azure Ad, where I am validating the Audience in .net. app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = 'tenant', TokenValidationParamete...
Alex
0

votes
1

answer
27

Views

Can I authenticate with OAuth Authorization server by passing username and password in Authorization header?

In case of OAuth 2.0 authorization code and implicit flow cases, on hitting the Authorization Url user is redirected to OAuth providers login page. To avoid showing up the OAuth providers page in my application, can i make user to enter username and password in text fields and pass them as Authoriza...
Pradeep
0

votes
1

answer
211

Views

Spring Security Oauth2 Group

My current set of permissions in Spring supports users with a permission level in a group, so the following is true: A User (implementing UserDetails) has a Permission (joining User + Group, giving GrantedAuthority) in a Group. For HTTP authentication, a user can perform actions in their group and s...
gedanziger
0

votes
0

answer
216

Views

Spring Oauth2 configure authorization endpoints

I have Spring web app with REST WS built using spring-security-oauth2:2.3.3 and spring-boot-starter-security:2.0.2. But I am not able to set which endpoints are protected. ResourceServerConfig @EnableResourceServer @Configuration public class ResourceServerConfig extends WebSecurityConfigurerAdapter...
Dlike
0

votes
1

answer
72

Views

MethodNotAllowedException Laravel Password Grant API

I have recently developed a password grant API to be used by my client application. It is successfully generating access tokens for users after the client has been authorized. The problem I'm facing now is how to pass the access token back from client application to Laravel with each request? (as do...
Ujjwal Verma
0

votes
1

answer
67

Views

Simple cocoapods install bug with OAuth2

This seems like a super simple pod install, yet I'm getting this strange error. Just don't see what's wrong here. Podfile # platform :ios, '9.0' target 'iLook-990' do use_frameworks! pod 'OAuthSwift', '~> 1.0.0' end Error message: [!] Unable to satisfy the following requirements: OAuthSwift (~> 1.0....
Edward Potter
0

votes
1

answer
83

Views

What are alternatives to Universal Logout in OAuth?

OAuth does not support the concept of a 'Universal Logout'. Logging out of one application does not log you out of another, as that would not be the desired behavior. For example, if a Facebook user were to log out of Facebook, it should not log them out of Spotify (if they were using Facebook OAuth...
Joseph Jaber
0

votes
0

answer
463

Views

Spring Oauth2 not working for me - Status Not Answered

I am trying out Oauth2 with Spring security. I am trying to call the /getresource service in my resource class by following the below GET http://localhost:8080/oauth/authorize? response_type=code &client_id=my-first-client &redirect_url=http://localhost:8080/getcode &scope=read Get the code and call...
GAK
0

votes
1

answer
536

Views

OAuth and OWIN Authentication - Confusion

I have been asked to create a 'Authentication/Authorization' Middle man or broker as an http,MVC web application, so that this can be used to multiple applications on our organization for authentication/Authorization purposes. Means, users will signup, Login on this broker application and once confi...
user1597990
0

votes
0

answer
17

Views

oauth2 access to profile information facebook

So I'm a developing a simple Single page application and i wanted to implement authentication using Facebook provider, i have done it without major issue, but right now, after that i have fetched the user profile from Facebook and created an account in my database, can i just return a jwt token that...
karim
0

votes
2

answer
379

Views

Google+ Domains API Not Configured

When I try to post an activity to Google+ I get the error: { 'error': { 'code': 403, 'message': 'Access Not Configured. The API (Google+ Domains API) is not enabled for your project. Please use the Google Developers Console to update your configuration.', 'errors': [ { 'domain': 'usageLimits', 'm...
0

votes
1

answer
158

Views

Azure AD: will our OAuth2 access/refresh tokens be invalidated by an expiring client secret/key?

OAuth2 client secrets/keys in Azure AD are issued for 1 and 2 years. This means that approximately in a year our secrets/keys will expire. We're very worried that that will break the 'refresh token' step and our service will stop working for hundreds of our active users who have authorized Yoxel to...
Alexey
0

votes
2

answer
619

Views

How to print UserInfo with google Oauth2.0 in Php

How can I print UserInfo with the latest version of google Oauth 2.0 if https://www.googleapis.com/auth/userinfo.profile scope is deprecated 'google-api-php-client/src/contrib/Google_Oauth2Service.php' Folder doesn't exist anymore I want to print username, email ... How can I do this ?
Ghaffe
0

votes
1

answer
539

Views

Unable to access additional data with token in Web api 2 authentication

I am using Web Api 2 and implemented custom token based authentication. It is working fine but I want to get few extra properties values in response. Even though I have added new claims and also added new properties to get their values in response but I am still get only three values in response whi...
Khurram Raftaz
0

votes
2

answer
102

Views

What is the use of openid id_token

I am implementing openid connect for google and microsoft. Openid provides the id_token which also content the user info. I am still confused. How to use id_token. In oauth2 we are storing the access_token in our db. so we use access_token to get user profile. If I am getting the profile mean user i...
lucy
0

votes
0

answer
38

Views

oAuth 2.0 with Appcelerator Titanium

I'm having a hell of a time trying to get an oAuth 2.0 sample app made with Appcelerator Titanium. I know this question has been asked before with a vague answer given: oAuth 2.0 with Titanium I've found this: https://github.com/appcelerator-modules/ti.oauth but have no idea how to use it as I can't...
Kodie Grantham
0

votes
1

answer
197

Views

How can I use Qt Network Authorization for Azure AD OAuth2

I'm trying to adapt the Qt Network Authorization OAuth2 example for Reddit to work with Azure AD. I went to https://portal.azure.com/ -> Azure Active Directory -> App registrations then clicked 'New application registration' and entered: Name: QtNetworkAuthProject Application type: Name Redirect URI...
parsley72
0

votes
0

answer
38

Views

Grails Oauth2 and Spring Security Core - Wrong principal

I'm implementing google login to my Grails 3.1.9 application with the help of Spring Security Oauth2 plugin. I'm stuck at problem with creating principal for authenticated user. After user logs in via google, there is associated token to SecurityContextHolder.context with principal as shown below:...
Filip Boroš
0

votes
1

answer
263

Views

Using oAuth with Asp.net and Zapier

I am wondering if anyone has setup an Asp.net App to use oAuth 2 and Zapier. Does anyone have an example to setup asp.net web api 2 app to authenticate from the OWIN providers so that Zapier can authenticate users? I am not looking for an example to login into a 3rd party app like FB, Google, ect to...
Jonathan
0

votes
1

answer
91

Views

FacebookAuthorizationCodeUsedException when fetching a page access token

I have existing code that uses a constant value for clientID to fetch a FacebookPage access token. That static value comes from when I deploy to GAE. But since I have many appIDs, I would like this to be dynamic instead. This is the line that completes the authorization and spits out a code: String...
Davek804
0

votes
1

answer
623

Views

OAuth 2.0 Code Grant flow

There is a sample implementation of the OAuth 2.0 Authorization server and sample workflow for each grant type. The IETF has an OAuth 2.0 specification for the Code Grant Flow. When you take a look at the steps 'D' & 'E' in the chart of the IETF Code Grant Flow, they don't seemt to be implemented in...
Legends
0

votes
1

answer
113

Views

@FrameworkEndpoint to oAuth 2.0 revokeToken

I have a @FrameworkEndpoint based controller in order to implement DELETE of token as follows @FrameworkEndpoint public class RevokeTokenEndpoint { @Resource(name = 'tokenServices') ConsumerTokenServices tokenServices; @RequestMapping(method = RequestMethod.DELETE, value = '/oauth/token') @ResponseB...
0

votes
0

answer
4

Views

Spring Boot OAuth2 - Empty scope (either the client or the user is not allowed the requested scopes)

I'm building a client application that consumes an OAuth2 protected resource. I've followed the tutorial below: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual There's been no issues with obtaining an access token using a facebook or github client application, but using a...
Khei
0

votes
0

answer
8

Views

Looking for end to end example implementing aws api gateway using terraform

I am trying to implement AWS API gateway to let 3rd party APIs communicate with our services. I am able to understand the concepts theoretically but practical implementation is confusing. How to configure and handle multiple API endpoints in terraform. Creating Iam roles for multiple services How to...
Ali
0

votes
0

answer
3

Views

Using Google-issued tokens as web app tokens

I've tried to find an answer to this but unfortunately the OAuth tag is very cluttered! I've got a web application comprised of a number of services running on the server. The auth_service is an OAuth2 authorization server and issues tokens for service-to-service communication (via client creds gran...
HJCee