Questions tagged [oauth-2.0]

0

votes
1

answer
446

Views

JWT token in Oauth2 Spring

I have implemented JWT Token in Oauth2 Framework.I have few queries that came to my mind after the implementation which is listed as give below: 1 . Before JWT implementation, whenever user access an API in the resource server with the corresponding access token as bearer, the resource server checks...
Alex Man
0

votes
0

answer
4

Views

Spring Boot REST Service with OAuth2 and custom authentication provider

I am building a REST service based on the spring greeting example. This works fine and I am really happy with the time spring saves me. Today I am trying to get the OAuth2 security with access token and refresh tokens working. This works fine when I use the examples where I store my usernames and pa...
Peter
0

votes
0

answer
3

Views

Managing Application Access with OpenID Connect and OAuth

Looking through the OpenID Connect and OAuth specs, it seems that OpenID connect is all about identity and OAuth is about delegated access (though it seems to be specifically API access). If OAuth is meant for API access, what is the recommended approach for managing client access? OpenID Connect ca...
Tyler Ross
0

votes
0

answer
3

Views

How should I store access token from a 3rd part api

Hi i am using meteorjs and a 3rd party api to create users on 3rd party's database. I am getting access tokens with oauth2 and tokens have 2 hour expiry. After getting the access token with an async function I use it with couple of different methods. However instead of calling an async function ev...
picacode
0

votes
0

answer
2

Views

Azure AD Authentication using OpenIdConnect not creating auth cookie

We have an MVC.Net (c#) application. We have integrated it with the Azure Active directory using the OpenIdConnect. The authentication through active directory is working fine in all the environment. We have this application tested and deployed in Developer system Staging server Production server Pr...
v p
0

votes
0

answer
4

Views

Access Token isn't refresh automatically

I'm using the OAuth2 Client Credentials Protocol in Mule HTTP Request Config (Mule runtime 3.8.5) and it's my first time setting this up but it doesn't seem to be able to refresh the access token automatically when it is expired (each token lasts for 90 mins) and instead it will return payload with...
Chevon Teo
0

votes
0

answer
13

Views

AADSTS90002: Tenant 'xx' not found. This may happen if there are no active subscriptions for the tenant

I followed this tutorial to generate an access token from client app for target app. According to the comment for this tutorial, for the resources, I changed to App ID URL. But I am still not able to successfully generate bearer token for the target app. It shows this error message: AdalException:...
WW pana
0

votes
0

answer
3

Views

Understanding Oauth2, Passport and Persistent Session

In my nodejs webapp, I have successfully integrated oauth2(google strategy) with passport. With passport + oauth, I understand, i will get a persistent session. Thus, even if user closes his browser window, he will still be logged in. However, I see that for this session has to be saved in a store a...
sine99
0

votes
0

answer
0

Views

Does ADAL.js support the new Authorization code grant with PKCE extensions?

Per the new security guidelines at https://oauth.net/2/grant-types/implicit/, the implicit flow is not recommended. Since ADAL.js uses the implicit flow, will it be affected and is it recommended to use ADAl.js implicit flow for new applications?
vmn
0

votes
0

answer
3

Views

SOAPUI: unable to resolve class TokenType while Automating Token Retrieval

I am trying to perform automatic OAuth retrieval given at link https://support.smartbear.com/readyapi/docs/projects/requests/auth/types/oauth2/automate/sample.html using the following Groovy code: // Import the required classes import com.eviware.soapui.impl.rest.actions.oauth.OltuOAuth2ClientFacad...
HARSH JAIN
0

votes
0

answer
18

Views

Why is this CORS policy not working ASP.NET Core

I've been trying to set up Discord Oauth2 token authentication on an ASP.NET Core 2.2 / Angular 7 project and it has been quite a bumpy ride. I'm using this I really can't seem to find any examples that give more than a fraction of the explanation required to set this all up. The error I'm currently...
A.S.
0

votes
0

answer
4

Views

Protect API can be accessed by Ajex without Login to Active Directory

I followed this example (https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad) and selected 'OAuth 2.0' under 'Setting > User authorization' for the Echo API. Then, I created an html file with and trigger an ajax call to the Echo API 'https://{myapi}.az...
Benny Chan
0

votes
0

answer
2

Views

Azure Load Test with Microsoft Authentication

I am trying to perform a load/performance test on my webapp. Since my app requires Azure Active Directory authentication, when I run the Url based load test in Visual Studio, the page redirects to the Microsoft login page (Since user authentication is required). And I get a 302 Found response. I hav...
rk0023
0

votes
0

answer
2

Views

Invalid resource error after following the azure AD angularJS to dotnet web api guide (description:AADSTS500011)

I have been following after this guide step by step: https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi The only thing that I didn't do (not sure if its related) is the following line: 'Also in the ToGoAPI project, open the file Controllers/ToGoListController.cs....
Contentop
0

votes
0

answer
2

Views

Using AWS Cognito Userpools to build an OpenID Connect for third parties

I've been trying to figure out a way to build an OIDC application using AWS Cognito Userpools. The use case is that our users, who would otherwise login through a front-end application and make calls to our backend would now like to allow third-parties to make calls to our backend on their behalf. T...
Chetan Bhasin
0

votes
0

answer
3

Views

How to consume a web api with oauth2 authorization using ASP.net MVC?

I've been looking for ways of how to consume a web api with an oauth2 authorization using ASP.Net MVC. Any suggestions? I have already tried sending a request to the web api and recieve a response. But I'm having a hard time when it involves Oauth2 authorization because i don't know how to send head...
ikey
0

votes
1

answer
696

Views

Azure AD B2C authorization code flow

I build xamarin mobile app that has asp.net core web api as backend and I want to protected it using oauth2.0 authorization code flow. Using this doc - https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oauth-code#1-get-an-authorization-code I'm trying to get...
Crossman
0

votes
0

answer
44

Views

Spring OAuth2 Resouce Server implementation for Google

I want to create Spring OAuth2 Resource Server for my client application which supports Google login. Basically, my app users already made an authentication through the client app to the Google and they have google token. My client app will send the token to my Resource Server. As I read here https...
AntonIva
0

votes
1

answer
2.6k

Views

How to respond to an OAuth 2.0 Authorization Endpoint request that fails due to invalid response_type?

From RFC 6749 section 4.2.2.1: If the resource owner denies the access request or if the request fails for reasons other than a missing or invalid redirection URI, the authorization server informs the client by adding the following parameters to the fragment component of the redirection URI From RFC...
gregates
0

votes
2

answer
102

Views

Java based WS user authorization

I am creating one simple conference application (Java based) and using RESTFull Web Service to expose functionality. I want to implement some authorization. Work Flow should be like: 1) Application received a xml request which is having username / password. 2) In response, Application should give s...
VJS
0

votes
1

answer
227

Views

Choosing an OpenID Connect Provider

I need to implement SSO in my JAVA Web App with OpenID Connect. I already have experience in SSO with SAML 2.0 with WSO2 as Identity Provider. I am clear on the client part, and planning to implement the same with Spring Security. My question is, does it make sense to build my own Identity provider...
Agam
0

votes
1

answer
114

Views

Does Google have FB_Exchange_Token like functionality for their client side access tokens

The Facebook OAuth 2.0 implementation allows you to convert a client side short lived access token into a long lived token using the FB_Exchange_Token grant_type i.e. https://graph.facebook.com/oauth/access_token?client_id={YOUR_CLIENT_ID}&client_secret={YOUR_CLIENT_SECRET}&grant_type=fb_exchange_to...
Josh Larson
0

votes
1

answer
3.5k

Views

How to get a long life access token, server-side (PHP)? [duplicate]

Possible Duplicate: How to extend access token validity since offline_access deprecation I try to get a long life access token (60 day expiration time) for my application. But all my tests give me only a short token. What i do : First a do a classic 'authentication' to get a short-life access token...
MLKiiwy
0

votes
1

answer
320

Views

How to get access token through authorization token

I am working on a web app development which needs to have authentication through external authorization system. I am able to redirect a user to the external authentication server for authentication, once user authenticated and does allow at that time my spring security unable to verify user whether...
0

votes
2

answer
1.4k

Views

implementing authentication using oauth 2.0 and wicket

I try to bring up secure communication with our customer using oauth 2.0. first of all I have to confess that I am totally new to oauth. Used technologies are as follow: wicket, spring, I took the following steps. Add dependency in pom.xml org.springframework.security.oauth spring-security-oauth 1.0...
noName
0

votes
1

answer
415

Views

OAuth - How is it secure?

I am writing some code to get Twitter and Instagram feed. Before I can write any code, I keep wanting to get a good understanding of oAuth because I have this nagging feeling that it is not all that secure and that most times, for instance when accessing public tweets, it is an unnecessary hassel. I...
septerr
0

votes
2

answer
793

Views

Identity provider ASP.NET Facebook Authentication not working

I'm using Microsoft's Identity framework to use external logins. All the others worked except for Facebook. When I'm using Facebook it let's me login but doesn't ask for permission and instantly returns me to the login page, without being authorized. The callback url is http://localhost:14613/signi...
Mark Slingerland
0

votes
0

answer
185

Views

Google OAuth Code does not include refresh token

I want to make google api calls to send mail via gmail. To do that, I first make the following request to oauth server: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=SOMECLIENTID&access_type=offline&redirect_uri=http://localhost:63878/Default.aspx&scope=https://www.google...
Asif Shiraz
0

votes
1

answer
181

Views

Do OAuth access tokens contain roles like JWT tokens

I have been going through several samples/tutorials on using OAuth 2.0, OWIN, and JWT (JSON Web Token) tokens to authenticate and authorize access to an ASP.NET Web API v2. One of the things I like about JWT tokens in that the roles that the user belongs to are contained right in the token itself. B...
webworm
0

votes
1

answer
251

Views

Fitbit access token Implicit Grant Flow

I'm developing a web application (in Java with spark java framework) that allows the user to retrieve information from his actitivities stored in fitbit. To do this I'm using the Implicit Grant Flow to obtain the access token, but I don't know how to retrieve this from the redirect url (it's somethi...
Federico Stella
0

votes
1

answer
260

Views

OAuth 2.0 Password Expiry when Obtaining an Access Token

I am writing an API that uses the OAuth 2.0 password flow to authenticate users. When a request for an access token is denied, there does not seem to be any way for a client to tell whether the password was incorrect, or expired. From the spec, an error code of invalid_grant should be returned in bo...
Coder1095
0

votes
1

answer
95

Views

How to challenge Windows Azure Active Directory authentication?

We have a SPA with angularjs 1.6 and asp.net web API. We use Microsoft Account Authentication in OWIN middleware. In Startup.Auth.cs MicrosoftAccountAuthenticationOptions microsoftAccountAuthenticationOptions = new MicrosoftAccountAuthenticationOptions() { Caption = 'Connection with your Microsoft a...
Troopers
0

votes
0

answer
11

Views

AppAuth performActionWithFreshTokens Failure after Access Token expires

I'm able to successfully call an Oauth2 endpoint, get an access token and a refresh token, and make API calls - until the access token expires using the AppAuth for Android Library. After the access token expires all API calls fail, even when using the 'performActionWithFreshTokens' method provided...
John
0

votes
0

answer
3

Views

Rest API Scope Mapping with OAuth

Let me explain my doubt with an example: Following Rest API's are created for an enterprise. 1. /customer 2. /billpay 3. /employee Now one of the requirement is to implement the scopets. For eg : Only an employee could should be able to access the /employee api. We see that that there is a scope in...
TechiePro
0

votes
0

answer
13

Views

access token google auth

When you access a Google API you have to authenticate, then you get the necessary tokens. The access_token has an expiration time, but when I send requests with a null access_token (to receive an answer as if the token had expired I receive a status 200 response. Is this a bug?
Josue Developer
0

votes
1

answer
129

Views

Google Apps Marketplace declare scopes multiple times?

I'm trying to build a Google Apps Marketplace App using the new APIs only available through OAuth2. We already have an app using the old APIs, but I'm having trouble figuring out how to have the same flow with OAuth2. In our old app, the domain administrator would install the app and give it permis...
Aaron Dufour
0

votes
2

answer
36

Views

Is oauth access_token independent of technology i.e. java and .net?

The question basically arises from the below requirement. Requirement:- Oauth token generated in Java for a service and its client is written in written in .Net. Exactly the samething happens vice versa for another set of services. Question:- Oauth Key generation is different in Java and .Net and th...
Neeraj Gautam
0

votes
1

answer
35

Views

oauth 2.0 to microsoft auth server

Need help with formatting a token request. I've googled around and looked at numerous docs. Fiddler response is yelling about 'grant_type' but it's included. POST http://localhost:4400/ripple/xhr_proxy?tinyhippos_apikey=ABC&tinyhippos_rurl=https%3A//login.microsoftonline.com/[removed]/oauth2/token...
Aaron
0

votes
0

answer
2

Views

How to solve the problem that all static files are required to authenticate

After SSO authentication, when loading static files(js,css,html), each static file will go through the OIDC process, resulting in static file loading failure. Chrome network info error info Is that my configuration? My application uses Kong + OIDC plugin + Django
Dav.S
0

votes
0

answer
2

Views

oAuth2 redirect with http protocol instead of https protocal

According to my deployment architecture oAuth2 server run with http protocol. Client request to F5 switch using https protocol, and F5 switch will forward this call to oAuth2 with http protocol. That is ok and I get login page from oAuth2 server. But problem is when perform login oAuth2 redirect wit...
Jasim Uddin