Questions tagged [oauth-2.0]

5

votes
4

answer
1.3k

Views

Facebook login only works when hosts is set to localhost?

Unfortunately I keep getting this error: { 'error': { 'message': 'Invalid redirect_uri: Given URL is not allowed by the Application configuration.', 'type': 'OAuthException', 'code': 191 } } Login works however when my /etc/hosts file is set to: 127.0.0.1 [mysite].rhcloud.com, it only fails when I v...
user1438003
5

votes
2

answer
667

Views

implementing own oauth2 server and api server

we are trying to implement oauth 2 server and api server (both are different server). (using nodejs for all) we are using https://github.com/FrankHassanabad/Oauth2orizeRecipes Authorization Code flow do we need to write new validateToken function in oauth server and just hit it from api side to auth...
jit
5

votes
3

answer
2.4k

Views

oauth2client/appengine.py returns “InvalidResponseError: header values must be str, got 'unicode'” with webapp2/python27/wsgi

Beforehand, my problem is similar to question Pyramid on App Engine gets 'InvalidResponseError: header values must be str, got 'unicode', and several google-api-python-client bugs, but none helped in my case. Also, I had no answer on issue #254 (which itself looks similar to #111, so I'm trying here...
Ronan Jouchet
5

votes
1

answer
553

Views

How can I limit azure app service access to specific Google users only?

Azure app services provides an authentication/authorization setting for an 'azure webapp' -- see here. However, for all OAUTH authentication providers supported (e.g., Google, Facebook, Twitter, etc.) but Microsoft's own AD there's no authorization support, just authentication. Once a user is authen...
Uri
5

votes
4

answer
4.8k

Views

spotipy authorization code flow

I am using the Spotipy python library to interact with the Spotify web api. I have worked through the API and docs but I do not see a clear example that shows how the library supports the Authorization code flow ( https://developer.spotify.com/web-api/authorization-guide/#authorization-code-flow ).
user4016779
5

votes
1

answer
2k

Views

Secure JSON Web Token in Web API / MVC 6

The security concerns: According to https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ a lot of JWT libraries use the token itself in order to determine the algorithm for the signature. This is our use case: We want to create a login mechanism that validates a u...
Matthias
5

votes
1

answer
2.2k

Views

Using asp.net 4.5 OAuth to register google with clientid and secret

I notice in the asp.net 4.5 template, all the authorization samples besides google pass in secret and clientid. How can I pass in my google secret and clientid? Brock has a good discussion here that I'm following: http://info.develop.com/blogs/bid/232864/ASP-NET-Using-OAuthWebSecurity-without-Si...
Peter Kellner
5

votes
0

answer
3.4k

Views

Error: invalid_client when following five minute quick start for PHP

I am trying the 'Five minute quick start' ( https://developers.google.com/drive/ ) and have followed all instructions up to step 4 'Run the sample'. (I have changed the client ID and secret in the sample php code - I've followed the instrictions in text and watched the video to be sure I didn't mis...
user2070042
5

votes
1

answer
1.6k

Views

Asp.Net Owin Authentication Without Entity Framework

I have an existing website with 600,000+ users, my database of choice is RavenDb (NoSql). I am currently using a simple form of Owin authentication to login a user by simply calling this on my login controller: var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Sid, user.Id), new Claim(...
Paul Hinett
5

votes
3

answer
4.2k

Views

Automatic Soundcloud PHP Api authentication without user interaction

In my application i want to use the Soundcloud API with my own Soundcloud user. The Soundcloud API authentication process involves a user being redirected to the Soundcloud homepage, login and authorize the application, so that the page can use the API for this user. I want to automate the whole pro...
Alp
5

votes
1

answer
1.8k

Views

How to store clientId and clientSecret in clientside angularjs application using OAuth2?

I am building an MEAN JS application,I want to protect my application clientId and client secret in clientside angularjs application.Where can I store these details.How to provide security for this? For user login I have to provide these and need to get access token...new to this help me..
5

votes
1

answer
6k

Views

Laravel Passport vs JWT vs Oauth2 vs Auth0

Confusion about API auth types in Laravel? I'm currently learning how to create an API in Laravel and I found myself into this confusing concepts. After a few days of research and practice, I could finally understand enough this concepts to make a mini-guide. I had to look into a lot of separate web...
Luis Lopez
5

votes
1

answer
374

Views

Secure third-party API calls on mobile app

I have an API with the following method: https://api.example.com/services/dosomething I am providing this service to three different mobile apps, each one with hundreds of users. When a user logs in in the mobile app, a call to my API needs to be made. I know that providing each one of the three mob...
Arturo
5

votes
4

answer
2.5k

Views

Yii2 - Filsh OAuth2 Server Installation

I am currently trying to install a Yii2 extension for implementing an OAuth2 server (https://github.com/Filsh/yii2-oauth2-server). However, I keep running on the error below: Does anyone have an idea on how to install this extension. I followed the instructions given but there was no mention about t...
jackeblagare
5

votes
1

answer
2k

Views

Authorization has been denied for this request - Azure Active Directory - What logs are available?

So I'm using postman with the OAuth 2.0 process to try to authenticate against my WebApi over Azure Active Directory. I am still on the default project with the basic ValuesController, just trying to get authentication and authorization to work. I've followed this video to setup postman, and as far...
Ayo I
5

votes
2

answer
10.6k

Views

How to implement social login in asp.net mvc 4?

I want to implement role based login using oauth with facebook, twitter, google etc. It will only be using oauth and will have a role system. Not the default template with the usual registration and login. Seems like dot net open auth will help withe initial stuff, but i can find no good example of...
Shuvo
5

votes
1

answer
771

Views

If I exchange refresh token for a new access token then is the older access_token valid (Google OAuth2)?

I have an access_token say: A with access_type offline and it expires after 3600 seconds from time of obtaining ie t0 I also have the refresh_token obtained the first time along with the access_token. At a later time say at t0 + 1000 seconds (before access token expiry time), I exchange the refresh...
Pranjal Mittal
5

votes
2

answer
9k

Views

Wrong number of segments in token (OAuth Google Api)

My end goal is to send email to myself via Google Gmail API. And here is my problem. When i'm getting my access token an error pops up Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Wrong number of segments in token: ' I read here Cloud endpoints oauth2 error that 'This DOES N...
Randomius
5

votes
1

answer
1.2k

Views

2-legged auth standards in 2013 - should we use oAuth2?

If I was to implement a new server-to-server API, what authentication standards are available to make it as easy for others to consume? Ideally the less I need to document about how the authentication works, the better (hence the standard), and its more likely that developers consuming the service c...
Craig Francis
5

votes
1

answer
4.2k

Views

Identity Server 3 Access Token Validation endpoint fails with Audience Validation Failed

I have an IdentityServer3 instance set up and I am requesting a token using the authorize endpoint (/core/connect/authorize). My application requesting the token is an iOS application. I pass the following parameters; client_id= response_type=id_token scope=openid redirect_uri= state= nonce= This t...
Carl Thomas
5

votes
1

answer
823

Views

List all Google Apps Profiles on PHP Site

I am trying to get a list of all Google Apps users of a domain onto a public PHP website (without visitors of the site needing to login or do anything). I have a basic understanding of what needs to happen but can't quite piece it all together. It can't be as hard as it seems to me... could it? Auth...
RANGER
5

votes
1

answer
719

Views

Cordova Android application getting “invalid_client” from MobileFirst 8.0 server

My Cordova IOS application integrated with IBM MobileFirst v8 works fine. However I face a weird issue with Android. The scenario is, The user has to login into security check to access the application. The challenge handler is called and credentials are submitted to (runtime/api/preauth/v1/preautho...
Vignesh Sn
5

votes
1

answer
137

Views

How to implement google oauth in cakephp using cakedc/users?

I am trying to add a login layer using CakeDC/users plugin using linkedin and google. The linkedin login is working fine, but I am not able to figure out google login. Followed everything in the tutorial login with google oauth I am getting a code parameter in url returned from google/auth but the v...
Sushant
5

votes
1

answer
2k

Views

How do you authenticate to a single Skydrive account and not ask the user for credentials?

I have a client that would like to use SkyDrive as a cloud storage for a web site. This website will not be asking the user of the site for their SkyDrive account to show them their files, but rather the owner of the website will be storing some files in SkyDrive and would like to share them with us...
Jon Hargett
5

votes
1

answer
2.6k

Views

GAE Golang - OAuth and OAuth2?

I'm trying to implement a Google App Engine Go application that will be using OAuth and OAuth2 for users logging in. I'm wondering if it is possible, and if so, how to do it? Can someone provide an example of this?
ThePiachu
5

votes
0

answer
676

Views

Cordova InAppBrowser inception: Open a child window inside the original InAppBrowser window?

Sorry for the confusing phrasing - this is about the third level of Cordova inception: a nested window, within an InAppBrowser window, within a CordovaWebView! Here's what I am trying to accomplish in a Cordova/Phonegap project: Load a remote page within an InAppBrowser window, then... Let the remot...
peteorpeter
5

votes
0

answer
272

Views

Location.hash empty only in Safari 7

I am attempting to authenticate with Constant Contact via OAuth2 in a popup window. I am using $.postMessage to send the data between windows, and for the most part, it works beautifully. My problem is with Safari. A normal request has a URL that looks like this: https://example.com/oauth-v2/#acces...
Channeleaton
5

votes
1

answer
2.4k

Views

LinkedIn OAuth2.0 redirect url for iOS app without http or https

I think this might be a very simple setting issue and since I am very new to swift and LinkedIn API I might be doing this wrong: I am making an iOS app with swift and want to use LinkedIn to authenticate. For that, I created an application on LinkedIn Developer Network. But now I am not able to put...
Sumitk
5

votes
1

answer
3.9k

Views

how to logout from oauth2.0 authentication of windows azure active directory authentication

We are using auth2.0 for windows azure active directory authentication where authentication is performed on https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=...... and after successful authentication we are redirecting to our site. for logout the site we delete all the cookies gener...
Abhishek
5

votes
3

answer
6.2k

Views

Login with facebook or google using Oauth2 library in symfony2

I am using fosuserbundle for login and registration in my symfony 2.6 project. Now I want to allow user to login via facebook or google account. I want to use Oauth2 library of friendsofsymfony getting from here https://packagist.org/packages/friendsofsymfony/oauth2-php I have installed library usi...
Maya Shah
5

votes
2

answer
3.7k

Views

Google / OAuth 2 - Automatic logon

I'm playing a bit with OAuth 2.0 in combination with some Google API. Although the authorization process is quite easy, I'm facing a problem with the automatic authorization after the initial authorization has been completed. So: 1. Authorization is done for the first time. (user grants access, I g...
Rhapsody
5

votes
5

answer
822

Views

How should I make sure the user accessing a backend rendered frontend route is authenticated?

I'm using Laravel and Angular to write a web app. In the front end Laravel is used to create the basic template, but otherwise controlled by Angular. In the back end laravel is used to create a restful API. I have a few routes like this: Route::group(['domain' => 'domain.com'], function() { Route::...
Xecure
5

votes
2

answer
14.2k

Views

OAuth (OAuth2) ASP.NET REST Web API (Self host - windows service) implementation

I have built a Restful Web API for my (android) mobile application, and now i am trying to secure the access to the API. I was reading for about a week on this topic and i got the whole spectrum - from those who say that is is impossible to secure a Restful API to those who say that Https (SSL) is e...
user3466562
5

votes
1

answer
1.6k

Views

oauth2Client.getToken missing refresh_token

I have a small express server that has two routes. Then it writes the json tokens to a file (I know very insecure). For some reason there's no refresh_token. In the docs theres a comment that offline for access_type gets refresh_token, which is set and it's still not working access_type: 'offline',...
ThomasReggi
5

votes
2

answer
2.6k

Views

Does Twitter support OAuth 2.0?

I want to integrate Twitter with my Android application. Can I do this using OAuth 2.0? I have searched the internet but couldn't find any good explanation regarding this. If anyone has done this before, can you please guide me through this. I saw in a old post here that Twitter doesn't support OAut...
Spring Breaker
5

votes
1

answer
5.5k

Views

Does my Google oAuth2 Token look right?

I am programming a web server to support oAuth2 for Google APIs and am following this documentation. Everything seems to be working fine up to the point where I try to make a Google API using the Access Token. Example call from the documentation: https://www.googleapis.com/oauth2/v1/userinfo?acces...
M Schenkel
5

votes
1

answer
1.3k

Views

Using OAuth2 refresh token in React Redux app

I have an app that has OAuth2 implemented. It works fine, but I'm confused with refresh_tokens here. My app is using React + Redux combination. I know I need to check if my access_token expired and then ask for new one using refresh_token. Okay... But when should I refresh it? After the 401 happened...
Nickon
5

votes
2

answer
67

Views

How to verify that oAuth2 access_token is used by same client to whom it was issued in Spring security?

I have developed Spring REST API will serve as a back-end. It will be accessed by web application as well as mobile application. To make this API secure, I have used Spring's oAuth2 authentication. I know by using this architecture, my API is secured, but than also, is there any way to check whether...
Zalak Parikh
5

votes
2

answer
2k

Views

undefined method `helper_method' for ApplicationController, Rails 5

I'm trying to integrate oAuth2.0 In my rails-api only application, using doorkeeper. But I keep getting this error, 'undefined method `helper_method' for ApplicationController' and yet could not find a clear solution on how to solve it. bellow is my application_controller.rb class, Which has the he...
Tonny Baya
5

votes
1

answer
410

Views

Why does OAuth distinguish between web server apps and browser based apps?

I've been reading on OAuth2 here: http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified , and in the authorization section, it says that OAuth has different modes depending on the use case. Two of the use cases which are mentioned are browser based apps and web server apps. My first quest...
Shmoopy