Questions tagged [oauth-2.0]

5

votes
1

answer
134

Views

recent media instagram GET request returns status 200 but empty data

I am doing a simple GET request using this instagram API endpoint: https://api.instagram.com/v1/users/{USER ID}/media/recent?access_token={ACCESS TOKEN} I get the access token via OAuth2Authenticator from Xamarin.Auth plugin. I just notice today that the get recent media request is returning this...
Motumbo
5

votes
2

answer
1.6k

Views

How to force Angular to send request to server on HTML5 mode?

I m tring to build and web using angular and nodejs. I'm loading Angular on /home path where / contains login and registration form. Here is my angular configuration: window.app.config(['$routeProvider', '$locationProvider', function($routeProvider,$locationProvider) { $locationProvider.html5Mode(tr...
biborno
5

votes
2

answer
391

Views

Can a user have two valid token at a time in oauth 2.0 for auth code grant type?

*I have simple question related to oauth token ,so my requirement is that user can have multiple scopes say A and B and he has generated token for it but later on he needs scope A and B both and his previous token is valid, So in that case Should we update the scope for the existing token ? Should...
Mohammad Faizan
5

votes
1

answer
652

Views

Does the Gmail API support JWT?

I want to access the Gmail API using NodeJS. I'm using a server-to-server approach (see this) but when I execute the code below, I get a backEndError, code 500 from the Google API. Any ideas? var authClient = new google.auth.JWT( 'email', 'key.pem', // Contents of private_key.pem if you want to load...
vitorvigano
5

votes
1

answer
1.4k

Views

How to get access token in Asp.net MVC5 Controller action from OwinContext

I am trying to use OAuth 2.0 with my Asp.net Mvc 5 application with salesforce. How can I get access token in controller action on authorization like - [Authorize] public ActionResult getToken() { // I want to get my access token here using some thing like this . String token = GetOwinContext().Get...
Ramashanker Tripathi
5

votes
5

answer
284

Views

Organizing a secure channel between a Web app and a Native app

This question is kinda complimentary to 'Share credentials between native app and web site', as we aim to share secrets in the opposite direction. TL;TR: how can we securely share the user's authentication/authorization state from a Web Browser app to a Native Desktop app, so the same user doesn't h...
noseratio
5

votes
2

answer
861

Views

Google App Engine Remote API + OAuth

I'm using GAE remote api to access the data store of my app. The authentication to GAE is made using remote_api_stub.ConfigureRemoteApi with an authentication function that returns a user name and a password. Is there a way for authenticating using an access_token, for example OAuth or OAuth 2.0?
Tzach
5

votes
4

answer
445

Views

Facebook token in relation with Session

I have this function for facebook public function link2(){ global $config; $facebook = new Facebook(array( 'appId' => $config['facebook_appId'], 'secret' => $config['facebook_secret'], 'cookie' => true )); return $facebook; } then I do this to get the token if(isset($_SESSION['fb_'.$config['face...
5

votes
3

answer
1.4k

Views

Android Jtwitter, authentication issues

Hello I am having difficulty using the JTwitter functions to authenticate with my twitter application. I always get a 'TwitterException' Here is my method OAuthSignpostClient oauthClient = new OAuthSignpostClient(consumerKey, privateKey, 'oob'); a) I don't know what the 'oob' value SHOULD be, it is...
CQM
5

votes
3

answer
848

Views

OAuth2: authenticate with email instead of username

I'm using OAuth2 with django-oauth-toolkit django-rest-framework. I usually authenticate my users the following way, in order to get a token: curl -X POST -d 'grant_type=password&username=new_user&password=new_user' -u 'GZwzDjPM89BceT8a6ypKGMbXnE4jWSzsyqbM3dlK:' http://localhost:8000/o/token/ Is the...
Michael
5

votes
1

answer
7.1k

Views

does authorization code for gmail oauth2 ever expires

I am trying to use gmail smtp using oauth 2.0. I have used aspose.dll for requesting access token using authorization url. I do not get refresh token when i get the response.so there is no way to request new access token if previous is expired. So i thought of getting access token every-time my app...
5

votes
0

answer
2.2k

Views

C# Authorization roles in web API 2

I have implemented a token based authentication web Api 2 application using OWIN middleware, authentication is made successfully where I can retrieve token and use it to get to the method of the web Api. However when I tried to add roles authorization, it doesn't work, I've searched thoroughly and f...
user1874288
5

votes
0

answer
307

Views

How to extend Django Oauth Toolkit?

I'm relatively new to Django and currently using Django Oauth Toolkit for implicit Oauth. It handles generating tokens and redirecting users to the correct url without issues. I haven't even needed to touch my login page code except for passing the redirect correctly. My urls.py of course has: url(r...
Slamice
5

votes
1

answer
475

Views

Refresh token with Google API via Flask-Dance

I'm having hard times implementing Google OAuth with Flask-Dance. Here is the deal. In order to make everything work I need to set offline=True and reprompt_consent=True when creating Google blueprint: google_bp = make_google_blueprint( client_id='trololo', client_secret='ololo', offline=True, repro...
Nick Slavsky
5

votes
2

answer
884

Views

Laravel Passport token length

Using passport for api authentication for a mobile app. The app devs were quick to complain about the size of the access_token provided (1071 characters) and having to pass it in each request. On investigation the bulk of the token is the signature portion. By default passport is generating a 4096bi...
Vince Lowe
5

votes
0

answer
635

Views

How to obtain the keystore's sha1 programmatically

I want to secure my rest api with oauth2 client credential grant specification like what we see in google services for android like Drive and Maps api. In google service the keystore SHA1 key which our app is signed with is the client id, We store this SHA1 key in the google developer console which...
M. Reza Nasirloo
5

votes
1

answer
422

Views

Devise/Google OAuth 2: Not found. Authentication passthru

I followed the tutorial in the readme of the omniauth-google-oauth2 gem and when I click the link on my root (@ pages#home), , I get the error: Not found. Authentication passthru. I've confirmed the ENV vars are there. I've been looking at similar topics with no luck. Any idea what I'm doing incorre...
Zack Shapiro
5

votes
2

answer
2k

Views

jhipster authentication login with email

I'm looking for a way to use email / password as authentication and not the default login(username) / password. I'm using spring security oauth2. Would this be possible? I do allow change email for the user. Google was not my friend. Nor was my code hacking: When putting the same email in the login...
DavidT
5

votes
2

answer
1.6k

Views

Passport & JWT & Google/Facebook Strategy - How do I combine JWT and Google/Facebook Strategy?

This question is for anyone who is familiar with Node.js Express Passport JWT Authentication with passport (JSON Web Tokens) Facebook OAuth2.0 OR Google OAuth2.0 I have been doing some online courses and understand how to do the two following things: Authentication using Passport Local Strategy + JW...
Vaderico
5

votes
2

answer
1.4k

Views

WPF application authentication with Google

I have found many different solutions with OAuth and either with some libraries or with pure requests (https://github.com/googlesamples/oauth-apps-for-windows). However, none of the solutions looks like the one that I really need. Currently, my application uses its own database for users to log in u...
Gab
5

votes
1

answer
3.8k

Views

How do I setup Thinktecture Identity server v3 beta 1-2 with ASP.NET Identity?

I have looked at all the docs for Thinktecture Identity server v3 and have not been able to figure out how to get started using ASP.NET identity. Can someone please explain at a high level step by step from step 1 (i.e. cloning the git repo) to it's final state which is up and running with the Ident...
user1870738
5

votes
1

answer
4.7k

Views

Single sign-on support for REST APIs

I am trying to find the best way to solve the following problem: our application is SaaS, and it supports SAML for web login. The application also exposes REST APIs that are supposed to be used in automated and unattended processes, meaning there is no interactive user to type credentials. We need t...
Moshe B.
5

votes
1

answer
2.2k

Views

How to specify audience for an OAuth2 access token?

I am confused that there seems to be no standard way to specify the audience for an access token when sending an authorization request to an authorization server. OAuth2 specifies access tokens as opaque strings; there is only one mention of 'audience' in the spec, to say that access tokens could be...
Free Willaert
5

votes
1

answer
2.9k

Views

Dropbox.js authentication in Cordova/PhoneGap

I'm writing an app in Cordova/PhoneGap which tries to fetch a file from Dropbox using Dropbox.js. Cordova version is 3.0.1 and Dropbox.js version is 0.10.0. My Javascript works just fine on a desktop browser with this: var client = new Dropbox.Client({ key: '', secret: ''} ); client.authenticate(fun...
auramo
5

votes
1

answer
2.5k

Views

How to implement a refresh token process with JWT for Android apps

I'm working on a Oauth2 Token system to access my REST API for my Android app. I'm having some problems with the token refreshment part on the client side. Here is the flow : My app makes a request (with an access Token in parameter) to the server thanks some asynctask ( PostCommentAsyncTask(), AddF...
Frédéric
5

votes
1

answer
1.4k

Views

Invalid parameter value for redirect_uri: Missing scheme: /auth/google_auth_code/callback

edit: here is a minimal viable project I am trying to get an access and refresh token from Google from an authorization code for the server-side flow. I followed Google's guide here: https://developers.google.com/identity/sign-in/web/server-side-flow. I am using using passport and passport-google-au...
SamB
5

votes
1

answer
1.3k

Views

Using Xamarin.Auth for OAuth2 authentication - username and password?

I'm facing some issue, while using Xamarin.Auth for OAuth2 authentication. From POSTMAN I'm sending request for token, via GET method to my backend URL: http://example.com/backend/oauth/token by adding to header: Authorization, Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and with below parame...
Namek
5

votes
1

answer
714

Views

Is there an authorization server that I can use to test a client implementation of OAuth 2.0?

Related: Is there an OAuth test server Is there a service or website that I can use to test a client implementation of the OAuth 2.0 protocol? The question linked above points to some excellent resources but they currently implement v1.0 of OAuth.
Nathan Osman
5

votes
1

answer
717

Views

GData with Oauth with Service Account

I am in a strange problem. I am writing an application in core java which needs to access its own account at google docs. So after doing a lot of googling, I found that OAuth2.0 with Service Account is something I am looking for. But I am not using App Engine or anything. Its a simple application. I...
user381878
5

votes
1

answer
143

Views

Unable to get Token from oauth2 office365 calendar API

I am not able to get token from office365 calendar API,From last 7 to 8 months it was working but suddenly I am getting the error 'expecting an array or an iterable object but got [object Null]'. You guys can see my code here var oauth2 = require('simple-oauth2')(ConfigOutlookCredentials); var scope...
5

votes
1

answer
811

Views

How to allow non-admin users to authenticate via OAuth2.0 for tenants where users are not allowed to consent apps on their behalf?

We have an app that uses Office365 OAuth to register and authenticate users (via the allauth.social Django library). The problem is, when the Microsoft/Azure tenant is configured to restrict non-admin users from 'consent[ing] to apps accessing company data on their behalf', users are not able to reg...
john2x
5

votes
4

answer
347

Views

Java - Token flow OAuth 2 E2E with code

I'm New to security & JAVA and I need to implement token follow of OAuth2, this is the exact flow which I need to implement (if there is some library which can help it's great ) http://tutorials.jenkov.com/oauth2/authorization-code-request-response.html How can I achieve it with JAVA, I want to use...
John Jerrby
5

votes
1

answer
6k

Views

OAuth 2.0 using Spring Security + WSO2 Identity Server

I'm developing a web application to expose a number of RESTful services secured by OAuth 2.0. Here is the planned architecture: 1- OAuth Authorization Provider: WSO2 Identity Server (IS) 2- OAuth Resource Server: Java web application using the following technologies: Jersey (to implement and expose...
YAM
5

votes
3

answer
4.5k

Views

What's the best practice for APIs authentication?

I want to build a token-based authentication to my web APIs to let 3rd party applications access those APIs. No user interaction, no delegation, the roles and the connected applications are managed manually from a management portal. With those requirements, what's the best practice to acquire the j...
Homam
5

votes
3

answer
4.2k

Views

GoogleWebAuthorizationBroker not found

im learning C# (to develop for windows phone), and im trying to authenticate my user into Google's account. Im using this code: https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#wp var credential = await GoogleWebAuthorizationBroker.AuthorizeAsync( new FileStream('client_secret...
Pedro Celso
5

votes
1

answer
2.7k

Views

OAuth 2 for native application - what is difference between public and confidential client types?

I trying to implement OAuth 2 provider for web service and then built native application on top of it. Also I want give access to API for third-party developers. I read OAuth 2 specification already and can't choose right flow. I want authenticate both CLI and GUI apps as well. First of all we have...
ssbb
5

votes
2

answer
2.7k

Views

How to access Bitbucket API from a Java Desktop App via Jersey+Oltu?

As the title states it, I want to access the bitbucket API from a native Java Desktop Application. Bitbucket requires Applications to use OAuth2, and for that I found that Oltu should do the job. However, my knowledge of OAuth is very limited and so I am stuck at a very early point. Here is what I d...
bln-tom
5

votes
4

answer
1.8k

Views

Google's Service Account OAuth2 in C#.NET for URL Shortener API

I already wasted my full day for finding sample code for Google's Service Account OAuth2 in C#.NET for URL Shortener API. I am trying to use shortener api with server to server request. Please help me. Thanks
Maddy
5

votes
2

answer
3.6k

Views

What is best for auth ASP.NET MVC REST API? OAuth 2.0 or OAuth 1.0?

We are building a REST API using ASP.NET MVC. This API is similar in principle and usage to the Factual v3 API. They use 2-legged Oauth 1 for their API. Our design is very similar in that applications, primarily mobile will use our API behind the scenes to provide a service. The end user of the appl...
craigtadlock
5

votes
3

answer
4.5k

Views

Best way to upload files to Box.com programmatically

I've read the whole Box.com developers api guide and spent hours on the web researching this particular question but I can't seem to find a definitive answer and I don't want to start creating a solution if I'm going down the wrong path. We have a production environment where as once we are finishe...
user1110938