Questions tagged [oauth-2.0]

6

votes
3

answer
7k

Views

Get Userinfo from Oauth2 Google Contacts API

Error which i am getting: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized { 'code' : 401, 'errors' : [ { 'domain' : 'global', 'location' : 'Authorization', 'locationType' : 'header', 'message' : 'Invalid Credentials', 'reason' : 'authError' } ], 'message' : 'Inval...
Love Sharma
6

votes
2

answer
1.6k

Views

Appengine Cloud Endpoints with new Google+ sign-in

How does the new google+ sign-in apis fit into making authenticated calls to Cloud Endpoints. To use OAuth with endpoints the app must request permission for the 'https://www.googleapis.com/auth/userinfo.email' scope at a minimum. Will using the Google+ sign-in button grant this scope? Or am I go...
Patrick
6

votes
2

answer
3.7k

Views

Google Analytics 3.0 auth flow

EDIT: Originally this question asked how I could authenticate with the Google Analytics API using only my API key. As vlatko pointed out, this isn't possible. Now I'm just focused on getting OAuth2 to work. I will be trying vlatko's suggestions when I get a chance and will update the question. In th...
Paul Bellora
5

votes
1

answer
3.8k

Views

How do I implement oAuth 2.0 in Google App Engine with RESTEasy?

I am developing a Google App Engine REST service and I want to use oAuth 2.0 for authentication. I added the following code to my service methods to check for a valid user and it works in that it throws an exception when I am not authenticated. try { final OAuthService oauth = OAuthServiceFactory.g...
5

votes
1

answer
1k

Views

Best practice in storing and using a OAuth2 Token in Android?

I have an android app which talks witha Node.js backend, via REST api. We use OAuth token received from Google for authorization, and we have agreed on the flow in which I use the token in HTTP request everytime I make a request. So, which is the best practice to store the token ? - a) Store the t...
RmK
5

votes
1

answer
284

Views

How can I send a message to a device using C2DM from a server that has been authenticated with OAuth2?

I'm developing the server part of a system that has to send messages to a device. This was working fine with the GoogleLogin method, but I want to migrate it to OAuth 2.0 since the other authentication method has been deprecated. In the Google API console I created a project and then I created a key...
gcesarmza
5

votes
1

answer
625

Views

How do I authenticate a trusted app using OAUTH 2

I am developing an OAUTH 2 REST API for a website I am working on. We have an official native mobile app which uses this API and is planning to make the API open to third party developers. Our native mobile app will be having more permissions than the 3rd party apps. I am doing that by setting permi...
ajaybc
5

votes
1

answer
1.4k

Views

Multiple Auth Providers with AppEngine, Webapp2, and Cloud Endpoints Proto Datastore

I'm working on a webapp that will allow users to authenticate using simpleauth. For now I will be supporting Google and Facebook. Other than logging in and out (using webapp2), the webapp will consist of Cloud Endpoint APIs. The clients will be web, Android, and iOS. My questions is, using Endpoints...
Eliezer
5

votes
1

answer
294

Views

Using a third party OAuth API in Vapor

I am learning Vapor, and as part of this process I am building a website using the framework. As part of my application, I would like to make use of the Uber API which makes use of OAuth. The process of retrieving a User Access Token as outlined here and it specifically recommends making use of a pr...
maldahleh
5

votes
1

answer
286

Views

To what extent do the Google OAuth 2.0 APIs support RFC7636?

I am looking for concrete information regarding the state of RFC7636 (proof key for OAuth token exchanges) in Google's OAuth2 APIs. Google exposes an OAuth 2.0 and OIDC provider API where access tokens can be obtained. There is a proposed standard described in RFC7636 for using proof keys in token e...
JonathanS
5

votes
1

answer
164

Views

Google Classroom API - Student's “emailAddress” and “photoUrl” are not coming in the response

I have a query regarding Student's Response of courses. I am not getting two parameters in API call (emailAddress and photoUrl) While calling the URL to the API 'https://classroom.googleapis.com/v1/courses/{courseId}/students' via my code. I am getting the following response: { 'students': [ { 'co...
Praveen Aella
5

votes
1

answer
563

Views

Storing oAuth state token in Flask session

A couple of tutorials on oAuth use the Flask session to store state parameters and access tokens in the flask session. (Brendan McCollam's very useful presentation from Pycon is an example) I understand that Flask stores the session in cookies on the client side and that they are fairly easy to ex...
ThierryMichel
5

votes
0

answer
365

Views

error using rauth in app engine (Permission denied)

I have a app engine app, using oauth and rauth, i'm trying to use Facebook, Twitter and google to login. When i run it locally works, but in production i got this error, but only with google plus, with facebook works fine. ('Connection aborted.', error(13, 'Permission denied')) Traceback (most rece...
Kristian Damian
5

votes
0

answer
240

Views

Unable to get access token from Mule Salesforce

I am unable to get an access token when trying to get one from SalesForce. I entered a callback URL of https://localhost:8081/AppCallback. However, I get null in my browser when I print out the token. When I change the consumer key value I still get success, it doesn't seem like I'm hitting the serv...
BreenDeen
5

votes
3

answer
1k

Views

invalid_scope error in access token for client credential flow

I am getting invalid_scope error in access token request for client credential flow. The error log states that 'cannot request OpenID scopes in client credentials flow'. I haven't requested for the open id scope. I don't know from where it came from. I need to generate access token using client cred...
Wube Tuffa
5

votes
1

answer
772

Views

Access IMAP server from Command line Using OpenSSL and OAuth2

I'm trying to access an Outlook.com IMAP server via the commandline using openSSL. Specifically, I want to access it using OAuth2, but am unable to do so. So far, I am able to access the server without oAuth by doing: openssl s_client -crlf -connect imap-mail.outlook.com:993 tag login username passw...
jac300
5

votes
1

answer
843

Views

Doorkeeper limit application scopes

I have a doorkeeper provider and I need to add some scopes that not all apps can use. I want to limit the scopes a token can ask for, to the scopes than an application has access to. So for example, application A is an app that has 'access' to the xyz and abc scopes, but application B can only 'acce...
Hock
5

votes
1

answer
1.9k

Views

Connecting to Twitter - RestSharp OAuth2

I am attempting to connect to the Twitter API with these instructions https://dev.twitter.com/docs/auth/application-only-auth Here is my code: var baseUrl = 'http://api.twitter.com/'; var client = new RestClient(baseUrl); var request = new RestRequest('/oauth2/token', Method.POS...
Erik Bergstedt
5

votes
1

answer
4.1k

Views

Can / should I refresh an OAuth2 token with every request in spring security

We use the username-password grant to connect our JS client to our REST server. In a way the token returned by oauth/token is our session, as it allows access to the backend for a limited time. We would like to refresh that session/token every time we make a request to the backend using the token....
Pete
5

votes
3

answer
2.7k

Views

Invalid grant_type parameter or parameter missing on POST for requesting access token

I am struggling to get the access token on Quizlet (oauth2). Everything works fine so far, I can make the user accepting my app on Quizlet, get redirected, but when requesting the access token via NSURLConnection, I always get the following error: 2013-08-17 09:39:33.422 Abiliator[49549:c07] Returne...
renesteg
5

votes
2

answer
692

Views

Why is redirect_uri required on Access Token request?

I'm developing an oauth2 provider based on rfc6749 and I'm wondering, why is redirect_uri required on the Access Token Request? The /token endpoint is not redirecting and the state is assumed to be already validated (i.e. against CSRF) so a copy of the redirectURI doesn't make much sense to me.
themihai
5

votes
1

answer
2.7k

Views

Discord OAuth Code Usage

I'm interested in interfacing with Discord using the Discord API. I would describe their documentation as 'sparse,' but maybe I'm just not looking in the right places. Most of my information comes from this page: https://discordapp.com/developers/docs/topics/oauth2 I've already set up my Discord g...
user1325179
5

votes
1

answer
428

Views

Getting error: django.core.exceptions.AppRegistryNotReady: Apps aren't loaded yet while installing oauth2 provider in django rest framework

I am trying to install django-oauth2-provider in Django. After installing and configuring settings.py, during migrations, I am getting the error like: django.core.exceptions.AppRegistryNotReady: Apps aren't loaded yet. settings.py INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'd...
Ravi
5

votes
2

answer
374

Views

How to uniquely identify user logging in via oauth?

I particular - I don't understand how to link user that authenticated using oauth to a particular account in my application? So here's accounts in my applciation: CREATE TABLE accounts ( id BIGINT NOT NULL AUTO_INCREMENT, username VARCHAR(40), email VARCHAR(256), created DATETIME, updated DATETIME,...
Dannyboy
5

votes
1

answer
1.6k

Views

Best Security Approach for Integrating Salesforce.com with .NET Server C#

I have been tasked with integrating our homegrown multi-client CRM with Salesforce.com. I am going to write a server-based service which will push information from each of our clients CRM datastores to Salesforce. I'd like to use the SFDC REST API, but could use the SOAP API if necessary. I am str...
5

votes
1

answer
591

Views

Shouldn't OAuth2 redirect the user to the external browser instead of just loading the login screen into WebView

what is the correct way of handling OAuth on mobile devices? Android, iOS, etc.. As I am seeing most apps just do load the login screen into an in-app browser like WebView, or so..Isn't it actually trampling the whole principle of OAuth? because I can as a developer easily read the password the user...
simekadam
5

votes
1

answer
7.7k

Views

How to avoid 'Failed to retrieve access token: { “error” : “invalid_grant” }' in offline GAE cron tasks?

This post is a followup to How to make 'access_type=offline' / server-only OAuth2 operations on GAE/Python. The http = credentials.authorize(httplib2.Http()) part no longer fails when testing, but it seems it still does when run by GAE's cron, where it's unable to refresh my access_token : I can man...
Ronan Jouchet
5

votes
3

answer
4.4k

Views

Grails: Securing REST API with OAuth2.0

I am building a REST API using Grails. I want it to be protected using OAuth2.0 client_credentials flow(grant_type). My use-case is as follows: a external agent will send a request to something like http://server-url/oauth/token?client_id=clientId&client_secret=clientSecret&grant_type=client_credent...
SoftDev
5

votes
1

answer
1k

Views

Facebook OAuth on Google App Engine with iOS

I am still having trouble finding any sort of tutorials for authenticating a native iOS application with OAuth 2 Facebook on Google App Engine. I realize I might need to use a proxy on GAE (like here: Authenticate with Google App Engine from an Iphone Native Client ) to create a session with faceboo...
Evan Layman
5

votes
2

answer
2.5k

Views

Difference between client authentication and authorization grant in OAuth using JWT

I have been reading this spec for using JWT (JSON web tokens) with OAuth. In 2.1 and 2.2, it says that JWTs can be used as Authorization Grants or Client Authentication. From my understanding, authentication is to identify something (this user is who he claims to be) and authorization is to check if...
F21
5

votes
2

answer
2.8k

Views

Google OAuth Login: Avoid asking the User to choose which account to use

I am relying on Google OAuth to authorize a user for a site I'm building. At the time I'm requesting permission, I already know which Google Account he wants to use (I'm using Google OAuth as a second level auth). However if the User is logged in to several Google Accounts at once, Google redirects...
lucasvo
5

votes
2

answer
3.9k

Views

Can LinkedIn's access token renewal flow be performed on the server?

In the Facebook's Graph API, once we have initially authenticated the user, we can interact directly with the API (from the server) to obtain a long-lived page access token. This long-lived page access token never expires. (https://developers.facebook.com/docs/facebook-login/access-tokens/) In read...
rinogo
5

votes
1

answer
1.8k

Views

Pinterest API Access token expire

My question is does Pinterest access token expires? I am obtaining access token following Pinterest official documentation: For getting authorization code: https://developers.pinterest.com/docs/api/overview/#getting-your-authorization-code https://api.pinterest.com/oauth/? response_type=code& redire...
carpics
5

votes
1

answer
1.8k

Views

Send a email through googleapi gmail python using oauth2

I'm trying to send a email as a user using OAuth 2. On Google's website they state: This document defines the SASL XOAUTH2 mechanism for use with the IMAP AUTHENTICATE and SMTP AUTH commands. This mechanism allows the use of OAuth 2.0 Access Tokens to authenticate to a user's Gmail account. Using t...
mirugai
5

votes
1

answer
1.2k

Views

How to know if user disconnected from my Stripe Connect app?

I can provide a disconnect option on my app, as described here: https://stripe.com/docs/connect/getting-started#revoked-access But if a user revokes access to my app through his account settings, how can I know about that?
Maxim Zubarev
5

votes
2

answer
652

Views

OAuth2: How to send “deny” request to OAuth2 server?

When a user needs to approve a request to authenticate using OAuth2, they are typically given 'Approve' and 'Cancel' buttons. What should I send when a users clicks 'Cancel' ? As a developer, what do I send to the OAuth server to make it deny the request when a user clicks 'Cancel' ? I tried using...
Brad Parks
5

votes
0

answer
2.8k

Views

Instagram OAuth Authentication - www.instagram.com redirected you too many times

I'm trying to use the server side explicit OAuth flow to allow a user authenticate with Instagram, so my application can retrieve media on their behalf. I have configured my client on Instagram, which is in Sandbox mode, to redirect to https://localhost:44320/Admin/Instagram/OAuth I am redirecting t...
John Mc
5

votes
2

answer
3.3k

Views

Unable to access user's profile from Google Plus

I am using Scribe-Java to connect to Google plus using OAuth2. I am able to authenticate my application and obtain user's permission, but when I try to access anything other than userinfo, I am getting this Exception. 403 { 'error': { 'errors': [ { 'domain': 'usageLimits', 'reason': 'accessNotConfig...
Logan
5

votes
1

answer
992

Views

can I implement both SAML and basic spring security within an application?

I have requirement for our application where we need to implement Spring SAML within our app to enable federated SSO for one customer. However we need to maintain existing login flow using spring-security for other customer. So my question is can we have two security mechanism for an web application...
ManojP
5

votes
2

answer
312

Views

Google http/oauth2 api always throws EOFException for second HTTPRequest

I'm new to android. I tried to implement a simple client/server connection using OAuth2, the process is, try to connect to OAuth2 server with ClientCredentials (client_id and client_secret) and get an access token. using the access token to register a user. So it involves two rounds of connection. T...
user534498