Questions tagged [oauth-2.0]

7

votes
3

answer
2k

Views

Are there (still) no decent Pyramid OAuth2 Provider libraries? [closed]

I'm trying to implement OAuth2 on my server and am using Pyramid. I've come across several libraries written in Python, but many are either out of date (supports OAuth1), including the very misleadingly-named python-oauth2. I'm new to OAuth (and Python/Pyramid), so the documentation would be nice or...
7

votes
2

answer
3.7k

Views

Android subscription and Google API

I'm trying to use the new Android subscription system from Google Play into my application (I already had in-app billing working fine). I have successfully done the subscription billing, but I now want to retrieve informations about this subscription by using the google apis as indicated in the andr...
user1427041
7

votes
2

answer
21.2k

Views

Tutorial for using requests_oauth2

I am trying to use the requests-oauth library for Python to make a request to Pocket. Unfortunately the description to use this library is not very comprehensive and I am also new to use oauth2. Generally I understand the process behind it but still can not convert this to get the request to work....
7

votes
3

answer
15.1k

Views

Google OAuth 2 authorization - swapping code for token

I'm trying to implement Google OAuth 2 to get access to Google APIs. I follow this guide, using server-side scenario. I have no problem with getting the code, server redirects to localhost (which is the only server allowed in redirect URIs for now). To achieve this, I go to https://accounts.google....
Dr McKay
7

votes
0

answer
383

Views

getting “have offline access” permission request when calling GoogleAuthUtil.getToken

I'am trying to make user authorization with my REST service from android device. After first confirmation everything works correctly, but if i want to get new token with GoogleAuthUtil.getToken after clearing the old token with GoogleAuthUtil.clearToken I get com.google.android.gms.auth.UserRecovera...
Sigitas
7

votes
2

answer
15k

Views

How to configure Spring Security OAuth 2.0 client store to database

I found a tutorial about Spring REST Service OAuth on https://github.com/royclarkson/spring-rest-service-oauth But I wonder how to configure client stored to database, so I can manage easily. In the tutorial client configuration store inMemory at class OAuth2ServerConfiguration.java @Override public...
prptn
7

votes
1

answer
308

Views

Redirect_URI error when using GoogleAuth.grantOfflineAccess to authenticate on server

I'm trying to use the authorization flow outlined at https://developers.google.com/identity/sign-in/web/server-side-flow. I've created the credentials as indicated... with no Authorized redirect URIs specified as the doc indicates: 'The Authorized redirect URI field does not require a value. Redirec...
MaB
7

votes
2

answer
1.7k

Views

What is the correct redirect URL for chrome.identity.launchWebAuthFlow?

I'd like to use the chrome.identity API in a chrome packaged app to allow the user to authenticate with github. From the app side, I'm happy with: chrome.identity.launchWebAuthFlow( {'url':'https://github.com/login/oauth/authorize?client_id=clientidgoeshere','interactive':true}, functionToTakeRedir...
Rob Syme
7

votes
2

answer
6.1k

Views

Using twitter to get bearer token

I'm using the following code to return the bearer token but i keep getting 'The remote server returned an error: (500) internal server error' on line 'WebResponse response = request.GetResponse();' WebRequest request = WebRequest.Create('https://api.twitter.com/oauth2/token'); string consumerKey = '...
Adam
7

votes
2

answer
10.6k

Views

How to store access token? (Oauth 2, Auth code flow)

From what i understand the purpose of the Authorization Code flow is to exchange the auth code for access token. This exchange happens between the server which serves the page and authorization server so that the actual access token is not exposed to the client user. How should the page server store...
BodzioSamolot
7

votes
1

answer
2.8k

Views

How to Refresh the token that i got from google oauth 2.0 in iOS

I am making an iOS application that uses the user's google account to get data from his youtube account and show them .... first step is done using the gtm2 to authenticate the user and get an acces-token and a refresh-token the problem is that the access-token expires after 60 minutes and i have t...
Rifinio
7

votes
2

answer
3.2k

Views

What's the meaning of SubjectConfirmation in OAuth2 SAML authorization grant?

The OAuth2 SAML bearer spec describes how an application can present an assertion to a token endpoint as an authorization grant. For example, Salesforce's API allows this approach to enable apps to autonomously request access tokens for a user account (as long as the user has already given permissi...
Bosh
7

votes
1

answer
1.4k

Views

Android Oauth Exception with SMTP Transport connect,with android version 2.3

I am getting following error when I try to run my android project after adding new AUTH XOAUTH2 command.I am using android device with os version 2.3 but same code is working fine on android 4.0 public SMTPTransport connectToSmtp(String host, int port, String userEmail,String oauthToken, boolean deb...
Swapnil
7

votes
2

answer
4.7k

Views

Is there an iCloud web api?

I'd like to be able to access a user's iCal and create events from my server, is this possible, preferably with some kind of OAuth2 setup like with Google Calendar? If so where can i find documentation on the API?
Mohamed Hafez
7

votes
2

answer
10k

Views

Clear the session/cache/cookie in the JavaFX WebView

I had a Swing dialog, which uses JavaFX WebView to display oAuth 2.0 URL from Google server. public class SimpleSwingBrowser extends JDialog { private final JFXPanel jfxPanel = new JFXPanel(); private WebEngine engine; private final JPanel panel = new JPanel(new BorderLayout()); public SimpleSwingBr...
7

votes
1

answer
13k

Views

POST request “Full authentication is required to access this resource”

Does anybody encountered the error 'Full authentication is required to access this resource' trying to authenticate by using POST request oauth/token? Curl command: curl localhost:85/oauth/token -d grant_type=password -d client_id=web_app -d username=reader -d password=reader Response: {'timestamp':...
0x539
7

votes
4

answer
4.1k

Views

Google OAuth2 command-line example

Google has an example of an OAuth2 client here I am completelly new to OAuth2 and I would like to get this example working before I move to integrate OAuth2 with my application. What I have done is the following: Register a test application Get Client ID and Client Secret Configure those values into...
dangonfast
7

votes
2

answer
3.7k

Views

Using Google experimental implementation of OAuth 2.0 to access existing API endpoints

According to this documentation, process of receiving OAuth access token is straightforward. I would like to see a list of all available API endpoints that is ready to accept OAuth 2.0 access token. But for my current needs i would like to somehow receive username and email of a user using OAuth 2.0...
7

votes
1

answer
616

Views

Call WCF Resfull methods with using OAUTH 2.0

I am looking for any article or forum thread, where I could find information how to make oauth 2.0 authentication. Especially I have MVC 3 application and WCF Restfull API. And I have to call API methods from web app with using oauth 2.0 protocol authentication. But I could not find any information...
Yara
7

votes
2

answer
3.1k

Views

Centralized API provider - oAuth or not?

I am a bit lost with the overflow of information and I need some guidance on the best way I can support providing APIs access only to trusted clients. Current environment: We currently have a centralized server that handles user authentication/authorization via Apache Shiro. We have in-house APIs t...
SiN
7

votes
8

answer
16.5k

Views

Decrypt OAuth 2.0 access token

Is it possible to decrypt Facebook's new OAuth 2.0 access_token ? I need to somehow get user_id and app_id from the access_token. PS: I need to get the user_id and app_id ONLY from the access_token as Facebook Linter used to do.
glarkou
7

votes
4

answer
13.4k

Views

Can't login to Instagram using Client-Side (Implicit) Authentication

I'm trying to build a client-side application that allows people to login with their Instagram accounts. Problem is, I'm not sure if that's still possible. I've coded a sample JavaScript after reading 'Client-Side (Implicit) Authentication' section of their related docs. I'm getting the following er...
Batuhan Icoz
7

votes
4

answer
6.6k

Views

How to modify token endpoint response body with Owin OAuth2 in Asp.Net Web API 2

I want to modify the response body from the token endpoint response. I've tried to intercept the /Token request with a MessageHandler but it doesn't work. I'm able to add some additional informations to the response by overriding the OAuthAuthorizationServerProvider.TokenEndpointmethod, but I'm not...
Samoji
7

votes
5

answer
249

Views

Unable to access resources with access_token : spring boot Oauth2

I am trying to implement Oauth2 in my existing application.Initially I have added spring security and then tried to add oauth2, After adding configuration I am able to generate access_token but by using access_token i am not able to access resources. Here is my code: SecurityConfiguration.java @Conf...
vjnan369
7

votes
2

answer
3.5k

Views

Google cloud print get access token

I want to call /search method of Google cloud print from my webServer. I am using OAuth web server guide obtaining a refresh_token/access_token to use with scopes: https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile Then I am calling search Api but I am ob...
Matroska
7

votes
2

answer
3k

Views

How important is it to keep OAuth's access token secret?

Once I receive my access token for a site (say facebook) using OAuth, how important is it to keep this secret? Could anything malicious happen if someone got a hold of one? I was wondering if it would be a bad idea to save the token in a cookie or session.
Brad Barrows
7

votes
1

answer
10.6k

Views

This app isn't verified This app hasn't been verified by Google yet. Only proceed if you know and trust the developer

Hi I have developed an web application using google app engine, for google shared domain contact, Its working fine when I am running it in the localhost but when I deploy that application into google app engine it showing warning screen before user conforming for consent(as shown in the image). I am...
Prakash
7

votes
2

answer
3.6k

Views

Best way to allow users access to your app using their Google credentials

If you have an Android application that requires user registration and you would like to allow your users to login via Google, how would you handle this ? I would like to keep Google+ sign-in out of the discussion here. We're also not using the user credentials to access Google APIs and I'm not int...
ddewaele
7

votes
1

answer
1.7k

Views

Building a multi-tenant app for SharePoint Online O365

I am attempting to build a multi-tenant application for Office 365 which focuses on SharePoint Online and authenticates through Azure using OAuth2. The problem is specific to SharePoint access via the Azure login, but is only found when using this API to authenticate using OAuth2. Many of the mechan...
Cameron Stillion
7

votes
2

answer
1.6k

Views

Getting an OAuthProblemException: invalid_request for Google when using OLTU

I'm using the Oltu library from Apache and I'm trying to authenticate via Google using OAuth2. Here's the relevant code: OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request); OAuthClientRequest clientReq = OAuthClientRequest .tokenProvider(OAuthProviderType.GOOGLE) .setClient...
John S
6

votes
1

answer
9.7k

Views

AngularJS and authentication to an Oauth2 Provider?

We have an API, Oauth2 Provider. From AngularJS client Side app, how can I implement the flow of authentication to this api to get the access token for future requests? What I am searching for is a Implicit Grant flow for this. I'll provide a { client-id: 'abcdefghijklmnopqrstuvqxyz0123456789', r...
Sagar Ranglani
6

votes
3

answer
545

Views

Spring disable @EnableResourceServer

I have resource server, when it's starts - it's sending request to Authentication server ('http://localhost:xxxx/auth/oauth/token_key'), and it's okay when all up and running. But when I testing my services I do not need this at all. How can I disable resource server or maybe I should mock somethin...
Evgenii
6

votes
1

answer
2.7k

Views

Google API Python - KeyError: _module

I am trying to use the quickstart.py ( https://developers.google.com/gmail/api/quickstart/python ) as per Google's Gmail API using oauth2. I am getting the below error. Traceback (most recent call last): File 'quickstart.py', line 68, in main() File 'quickstart.py', line 54, in main credentials = g...
Ameer
6

votes
1

answer
4.8k

Views

How To Sign Out Using When Using Google+ Sign-In

Google documents there gapi.auth.signOut() method here: https://developers.google.com/+/web/signin/#sign-out The catch is that it says you can only call that method after the signinCallback has fired. So far as I can tell, the only way to fire the signinCallback is to put a sign-in button on the pag...
dave mankoff
6

votes
1

answer
2.9k

Views

DotNetOpenAuth OAuth 2.0 Authorization Server with Password grant

We want to set up our own OAuth 2.0 authorization server based on the following roles: Resource Server - An API built with ASP.NET Web API Client - A web application built with ASP.NET MVC Resource Owner - The end user We plan to use the password grant type (Resource Owner Password Credentials Grant...
Ben Foster
6

votes
2

answer
1.6k

Views

Use Facebook app access_token to get age-restricted Page data through Graph API?

I have a Facebook application that users can add to their Facebook business Page(s) as a Page Tab app. It doesn't require any extended permissions for the user. I'm wondering if it's possible to use my app access_token and make calls against the Facebook Graph API to retrieve information about age-r...
holic87
6

votes
2

answer
11.7k

Views

Google OAuth2: Required parameter is missing: grant_type

I have tried just about everything, read every StackOverflow post on this issue but I still can't get it to work. Interestingly enough, I am able to get 200 OK response when sending a POST request via DHC REST API Client (Google Chrome app). var url = 'https://accounts.google.com/o/oauth2/token';...
Sahat Yalkabov
6

votes
2

answer
7k

Views

OAuth Refresh Token Best Practice

I am implementing OAuth for a project, and I want to know the best way to handle refresh tokens. The API I call will return a JSON object with access_token, expires_in, and refresh_token. So I was wondering, is it better to: Calculate the time when the access_token will expire, store that in the dat...
Angel Gao
6

votes
2

answer
593

Views

Relation to users when these are stored in an external Identity provider service

I'm trying to create an API and a website client for it. Lately I've been reading a lot about OAuth2 as a security mechanism and companies that offers authentication as a service such as auth0.com or even Azure active Directory and I can see the advantages in using them Because I'm used to always ha...
General Electric
6

votes
1

answer
2k

Views

Need to create oAuth2 token manually without password

I have implemented oAuth2 with spring security and it is working fine for me. But Now I want to create user token from back-end manually without password. Because I have only username of user. Can any one help me.
Charnjeet Singh