Questions tagged [oauth-2.0]

0

votes
0

answer
3

Views

Is there a way to configure ClientDetailsServiceConfigurer accessTokenValiditySeconds after service startup?

I want to be able to configure the time to live of the access token from client side, not only at server startup with Oauth2. For now, I am able only to set the expiration time at server startup, see my code below. @Configuration @EnableAuthorizationServer @EnableGlobalMethodSecurity(securedEnabled...
anfilip
0

votes
0

answer
4

Views

How to use Account Manager using OAuth 2.0 in Android using JAVA

My requirement is token based authentication like google Gmail and other products single sign-on. I have 2 or more applications and i want use single login id and password to use for all the application, I have done App-A part to login with third party library and retrieve/save access token in App-A...
Mandeep Yadav
0

votes
0

answer
7

Views

Authentication for different modules/api using oauth2

I have following architecture One central manager with login page and restfull api - written in php/laravel set up on (sub)domain manager.example.com and using oauth2 Modules 1,2,3 written in angular as three separate projects in angular-cli. This modules are on sumbomains: module1.example.com, modu...
0

votes
0

answer
4

Views

Keycloak: how to authenticate user using Google

I am creating iOS application and I want users to have an ability to login using username/password, Google and Facebook. I successfully implemented authentication using OAuth2 helpers for the username and password flow. But I faced with a problem when I started to implement Google/Facebook authentic...
Meiblorn
0

votes
0

answer
7

Views

OAuth login with facebook?

My App is example.com and want to use facebook(FB) login for authentication/authorization. Per my finding on google, FB uses OAuth2 here. I have one question here on the flow First will register on FB with my webapplication and returning url as example.com. It will generate appId(public key) and app...
user3198603
0

votes
0

answer
5

Views

I want to integrate oauth code grant flow for and spa and back end is hosted on azure functions

I am working an an SPA in angular and azure functions as back end. and using Azure active directory for single sign on. I have implemented Implicit Flow it works fine. but the issue is I do not want to expose the access_token in the browser. I want to implement code grant flow with PKCE validation....
user1387192
0

votes
0

answer
4

Views

Auth0, React, Configuring callback url for deployment

I followed the tutorial given here : https://auth0.com/blog/role-based-access-control-rbac-and-react-apps/ and it works all fine on localhost. After deployment on a VPS (with Apache2), the callback url doesn't work anymore I get a 404 not found page from the server when I land on http://domainename/...
machinus
0

votes
0

answer
93

Views

Is JWT secure for passing confidential data [duplicate]

This question already has an answer here: If you can decode JWT how are they secure? 5 answers I am just reading about JWT to encrypt some personal data of the user so that it can be passed to other APIs securely. var payload = new Dictionary() { {'email', '[email protected]'}, {'phone', '9878987899'}...
Venky
0

votes
1

answer
274

Views

everyauth always triggers authorization

I am using everyauth in my expressjs app to do oauth authentication & authorization with 37signals site. However, this is a general oauth question. When the user accesses my app the first time, he authenticates and authorizes my app from 37signals site. He is then redirected to my app, where I save...
user1566788
0

votes
0

answer
3

Views

How do I use oauth2 with Flutter?

I'm trying to authenticate my users through the blackboard API: https://developer.blackboard.com/portal/displayApi However, I can't find a good tutorial on using oauth2 with Flutter. (I'm very new to ouath2). Is this possible? If so how or where is a good tutorial? Thanks in advance!
Prince Hodonou
0

votes
0

answer
1.2k

Views

Spring Security OAUTH2: configure(AuthorizationServerSecurityConfigurer) not executed

I have a Spring application deployed in a Tomcat container. Unfortunately we have a weird combination of XML and Java based spring security configuration, which complicates the problem... I am trying to enable the OAUTH2 authorization server in the application, using @EnableAuthorizationServer and e...
Andreea Bogdan
0

votes
0

answer
43

Views

Jhipster + Okta enabling OIDC and Server2Server

I am creating a JHipster project, and for authentication and authorization, I am using OKTA :) I used this tutorial to have Okta OpenID Connect on JHipster: https://developer.okta.com/blog/2017/10/20/oidc-with-jhipster and it's working like a charm. I need to add OAuth client_credentials grant type...
0

votes
1

answer
159

Views

How can I get Google Cloud Endpoints to work for authenticated calls with Firebase Auth (non-Google Account)?

I've got an API set up with Google Cloud Endpoints Frameworks. One of the endpoints requires auth which can apparently be done with Firebase Auth on Android. But the example given here is for Google accounts through Firebase. I'm just using email and password. So I'm using the HttpRequestInitializer...
Uwais A
0

votes
1

answer
103

Views

oAuth token for multiple services

I have a Dropbox account which was created by logging in via the Google account. So, my Dropbox account is linked to the Google account. I have an android application and my users can create their accounts either via Google/Facebook. The question is,if it is possible for the user to login to our app...
SRINI794
0

votes
0

answer
5

Views

What authentication protocol to use for an in-house application

I'm building an Identity and Access Management (IAM). The current IAM uses the OAuth 2.0. The IAM has two type of in-house clients, the web application (Single Page Application) and the desktop application. Both applications have a login page. Based on OAuth 2.0, all of those clients should be redi...
Vincent acent
0

votes
0

answer
207

Views

cvc-elt.1: Cannot find the declaration of element 'oauth-config'. [2]

I have started implementing Joauth authentication. Ofcourse, right now i am doing copy paste to learn how it works. currently i am facing issue 'cvc-elt.1: Cannot find the declaration of element 'oauth-config'. [2]' I have taken reference URL and that URL is beneath. JOAuth, a java-based OAuth 1 (f...
pradeep cs
0

votes
1

answer
3.2k

Views

Google Oauth “Service Account”, how to refresh token?

I am using Oauth to access Google Cloud Storage via their JSON API. All is fine, I authenticate and get an access token which has an expiration of 3600. What is the correct way to refresh this? It is my understanding that in other types of oAuth flows (i.e. Web Server), the initial authorization req...
Duke Dougal
0

votes
1

answer
104

Views

googleapis oauth2 token API not returning refresh_token

I am trying to generate an access_token and refresh_token to access the google spreadsheets APIs. I have used the API https://www.googleapis.com/oauth2/v3/token?code=&grant_type=authorization_code&redirect_uri=&client_id=&client_secret=&approval_prompt=force This API gives only 'access_token', 'type...
ShwetaJ
0

votes
1

answer
130

Views

Spring Security against Azure OIDC OAuth2 Flow

The real question, I could have asked, why am I only getting an id_token in my response to the authorization endpoint? And, probably best created in an azure stackoverflow space. For context, the original question was more about customization strategy. Which, further research determined was not ne...
evh69
0

votes
1

answer
150

Views

Spring Security OAuth2: Client as javascript application

I am using client_credentials grant type in my spring boot application. In client_credentials grant_type the client makes a request to the token endpoint. If the access token request is valid and authorized, the authorization server issues an access token. localhost:8181/OUTPOST/oauth/token?grant_t...
truekiller
0

votes
1

answer
513

Views

How to get a direct download URL from Google Picker JavaScript API?

I'm trying to get a direct download URL for a file using Google's Picker API so that I can choose a file and pass this URL to server side code to download and store a copy of the item on the server. I'm able to authorize through the picker API and get info of a picked file including the file name a...
Antfish
0

votes
1

answer
20

Views

oAuth 2.0 and exposed APIs

We have a web portail using some exposed API from a service desk application to create and list tickets. oAuth 2.0 is used to authenticate the requests through Google server. Below is the roles of the differents components : Google oAuth 2.0 : Authentication server Service Desk application : Resourc...
GyLeS
0

votes
1

answer
1.8k

Views

Get access token Google Play Android Developer API

I have use the code from this topic : Unable to get the subscription information from Google Play Android Developer API I can get the refresh token from the uri https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&re...
Kingstone59
0

votes
0

answer
60

Views

OAuth client webapp with UAA server - error=“access_denied”, error_description=“Error requesting access token.”

I am running the OAuth Client from this https://github.com/cfid/uaa-samples/tree/master/basic-java-client When I try to access the the app, it redirects me to the UAA login page. after I enter credentials, I get the following error: error='access_denied', error_description='Error requesting access t...
user1892775
0

votes
0

answer
339

Views

SSO with keyclock Spring boot and JWT

Background: Recently I was playing around with Oauth2 and Single Sign-on features. I have successfully implemented a POC with Spring-Boot, Keycloak. I can be found here: https://github.com/rivu007/sso-springboot-keyclock This a REST service and I am using keycloak as OAuth2 server to secured protect...
Rivu
0

votes
1

answer
142

Views

Missing parameters when requesting OAUTH token survey monkey v3

I'm trying to obtain my 'long lived access token' using CURL/PHP but I'm receiving the error 'Missing parameters for client_id, client_secret, code, grant_type, redirect_uri'. The URL I'm calling is where you can clearly see the parameters I'm trying to pass in! https://api.surveymonkey.net/oauth/to...
Jamie Lowe
0

votes
1

answer
21

Views

How to allow resource owners to pre-authorise selected clients using OAuth2

Let's say you have a web service with many OAuth2/OpenID Connect clients that supports regular 3 legged OAuth. Users of this service (resource owners) would also like to be able to select clients to grant OAuth permissions to from within the service itself.. For example, by checking a series of che...
tom
0

votes
1

answer
158

Views

Difference between the “Resource Owner Password Flow” and the “Implicit grant”

The implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript. The resource owner password credentials (i.e., username and password) can be used directly as an authorization grant to obtain an access token. (ht...
Parik
0

votes
3

answer
373

Views

OAuth 2.0 Flows for Microservice Architectures

I'm trying to understand how to best apply the OAuth 2.0 grant types to a microservice architecture I am working on. Here's the situatation... I have a Single-Page Application/Mobile App acting as a client running in a web browser (browser acting as the user agent) or mobile phone. I use the Implici...
Jonathan
0

votes
1

answer
118

Views

Why Authorization Code is necessary in Oauth2?

Authorization Code Grant is one of the four authorization grant types in OAuth2. In Implicit Grant, authorization token is directly sent back in response, but in Authorization Code Grant, code is sent back in response, which will then be used for retrieving token from authorization server. My questi...
Lifu Huang
0

votes
0

answer
12

Views

Connect system user to 3rd party auth provider using HWIOAuth bundle without FOSUB

Here's my routing.yml: hwi_oauth_redirect: resource: '@HWIOAuthBundle/Resources/config/routing/redirect.xml' prefix: /connect hwi_oauth_connect: resource: '@HWIOAuthBundle/Resources/config/routing/connect.xml' prefix: /connect hwi_oauth_login: resource: '@HWIOAuthBundle/Resources/config/routing/...
Eduard Sukharev
0

votes
0

answer
105

Views

oAuth 2.0: How to Specify Scope in “Username and Password” Flow

I need to get Pinterest oAuth 2.0 access token on the server side by username and password. I use the following URL for that: https://api.pinterest.com/v1/oauth/token?grant_type=password&client_id=XXX&client_secret=XXX&username=XXX&password=XXX It gives me the access token, but it doesn't seem to au...
Alexey Kosov
0

votes
1

answer
733

Views

alternate to pass details as url query string in oAuth 2.0?

to get refresh token i am calling service like this http://www.myapp.com/SampleApp/oauth/token?grant_type=password&client_id=my-trusted-client&username=admin&password=123456 now service will return refresh token and temporary access token but the problem is 'passing username and especially password...
Prince
0

votes
0

answer
3

Views

Can be this OAuth2 Native app flow be considered secure?

I have an OpenID Connect provider built with IdentityServer4 and ASP.NET Identity, running on let's say: login.example.com. I have a SPA application running on let's say spa.example.com, that already uses my OpenID Connect provider to authenticate users through login.example.com and authorize them...
r1verside
0

votes
0

answer
3

Views

How can I silently authenticate a user on a separate website when they're already logged-in on the central OAuth2 / OIDC site?

I have developed my own OAuth2 / OIDC web-application using IdentityServer4 which works fine. This is at https://myauthservice.com I then have a separate website which is a registered client of my IdentityServer4 service which is located at https://mywebsite.com. Both websites are made using ASP.NET...
Dai
0

votes
0

answer
3

Views

How to login with Google in Microsoft Word Add-In

In the link below it is suggested to use Google Auth Lib, but the github link provided does not refer to any javascript library: Authorize external services in your Office Add-in As far as I know I cannot use the Code FLow as it needs a redirect URL. How should I get Access Token from Google in Micr...
ALH
0

votes
0

answer
34

Views

How to implement OAuth single single Sign In/Sign Out In with Chrome Custom Tabs

I am attempting to implement OAuth single sign on in my current Android application. I am using Chrome Custom Tabes implementation 'com.android.support:customtabs:28.0.0' Sign in works fine, Chrome Custom tabs store the users cookies and the all sign in flows work as expected. New Sign In: Chrome co...
Hector
0

votes
0

answer
3

Views

Get the code parameter from the callback uri programmatically

I'm implementing the OAuth2 authentication with Java. Could, someone, please, tell me how can I retrieve the code from the callback url in Java? I execute the first request with 302 responseCode. Then I take the location from the header (the URL it will redirect me to the callback url with code I n...
Raffaele Guasco
0

votes
0

answer
4

Views

What is Oauth2 Token Authentication in Rest Framework

I want to authenticate which user is accessing my Api i got a tutorial but it is not that much informative to understand and implement. Do you have any good tutorial regarding Oauth2 token Authentication. https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_03.html
Huzaif Sayyed
0

votes
0

answer
3

Views

Getting Bearer token in OAuth2.0 using Rest Assured

For my API testing, I have been getting the Authentication Token with the help of Postman. API uses OAuth2.0 for authentication. While using Postman, I am entering the details like Token Name, Grant Type, Access Token Url, Client ID, Client Secret, Scope, Client Authentication. Once clicked on the R...
Nuts