Questions tagged [oauth-2.0]

5

votes
10

answer
5.5k

Views

Google login uses same account everytime users login

I use OAuth to let users sign in to the android app via Google account. When the user taps the Google login button for the first time, it produces a dialog to choose the account. Again, when the user logs out and decides to login with different Google account, it doesn't prompt to choose the account...
Dinesh Adhithya
5

votes
1

answer
89

Views

OAuth with custom JWT authentication

I'm struggling to implement a custom auth flow with OAuth and JWT. Basically it should go as follows: User clicks in login User is redirect to 3rd party OAuth login page User logins into the page I get the access_token and request for User Info I get the user info and create my own JWT Token to be s...
João Menighin
5

votes
1

answer
1.1k

Views

Authenticate custom WP API endpoint with social login (OAuth)

I'm using Wordpress + WooCommerce in combination with the WP-API as a backend for my mobile ecommerce App. My goal is to offer some social login (via Facebook, Twitter, Google etc.) within the app to register/login and then use the WooCommerce API to receive e.g. all the orders of that authenticated...
flavordaaave
5

votes
2

answer
4.4k

Views

How to develop user-authenticated REST service with Azure ACS

I'm developing a REST service that uses MS Azure Access Control Service for authentication. If the examples are any indication, the typical way to secure a REST service this way would be to provide a global username and pw, private key, or X.509 cert for the protected service. However, I want to use...
snort
5

votes
1

answer
309

Views

Security of OAuth Authorization Code with Semi-Private Secret

I'm working on an application in which the OAuth secret won't be able to be secured completely; there is a group of users to whom it will be exposed by necessity. So imagine a situation like the following: A company is developing software that it hosts for the public that relies on OAuth2 to some 3r...
Jeff Allen
5

votes
1

answer
1.5k

Views

Send email using OAuth

I am trying to send an email through gmail using oauth credentials. I cannot seem to find any smtp class in the framework, or open source alternatives that work with oauth access token. I found these references on google developer's website Gmail IMAP and SMTP using OAuth - Overview and Gmail IMAP...
vondip
5

votes
1

answer
640

Views

Can I get Google's OAuth2 to display a mobile friendly approval page?

I am working on a mobile app that will hit some Google APIs, authenticating using OAuth2. It's working pretty well but when I navigate to the approval Uri, Google is returning what looks like a full blown desktop app approval page. It doesn't look too bad but I'd prefer to get the stripped down mobi...
dkackman
5

votes
1

answer
900

Views

OAuth2Decorator oauth_aware forces authentication

My understanding of the difference between oauth_aware and oauth_required is that aware doesn't force authorization, while required does, but that's not what I'm seeing in practice. I have the two webapp RequestHandlers below, one of whose get() method is decorated with decorator.oauth_aware and the...
Haldean Brown
5

votes
0

answer
346

Views

iOS App Using Google OAuth2(Web App) - “Please close this window.”

I am having the OAuth2 authentication process in my iOS Swift app's UIWebView. I used the official JavaScript OAuth2 library for authentication. However when the authentication completes, it goes to a webpage only with text saying 'Please close this window.'. I believe it is trying to do window.clos...
Gearbox
5

votes
1

answer
3.5k

Views

Safe way to consume REST Oauth 2.0 API from javascript

I'm about to start developing a Business application where I want the frontend to be a single page javascript solution. The backend is provided as a REST API. How can I in a safe way access the REST API from the Javascript frontend? I've already started developing Oauth 2.0 in my REST API and I alr...
rgullhaug
5

votes
1

answer
278

Views

Three legged oauth flow on mobile app

I have a 3-legged auth flow working on a web app of mine. It goes as follows: Use clicks Connect with Google They accept on the OAuth dialog that Google Provides The page gets redirect to my backend's /oauth/google endpoint with a code parameter which I send to Google to get a refresh_token so I can...
Venkat D.
5

votes
1

answer
3.1k

Views

Laravel 5.3 integrate dingo api and oauth2 Column not found: 1054 Unknown column 'api_token' in 'where clause'

I'm using laravel 5.3 to build api and backend management for mobile app. I'm integrated Dingo/api package and use Oauth2 for authenticate. I made an API and login with postman: API url: mydomain/api/auth/login Logged in result: { 'meta': { 'message': 'Success', 'status_code': 1000, 'status': true...
allready4v
5

votes
1

answer
2k

Views

Browser based OAuth / OpenID with persistent login

We have a regular web application with cookie based auth and now we want to split frontend and backend (api) in order to have third-party public API. So our backend will be on one domain and frontend on another one. For authorization we would like to switch for OAuth 2 with JWT. In this case our fro...
rinat.io
5

votes
2

answer
4.4k

Views

OAuth 2.0 Identity Providers in Windows Azure AppFabric Access Control Service (ACS)

OAuth 2.0 delegation is included within the Azure AppFabric Access Control Service: http://blogs.objectsharp.com/cs/blogs/steve/archive/2011/04/11/windows-azure-access-control-services-v2-rtw.aspx But how do you actually set up an OAuth 2.0 identity provider? In the management interface when you add...
Richard Astbury
5

votes
2

answer
1.4k

Views

Google's OpenID Connect says: OAuth 2 parameters can only have a single value: client_id

As part of the OpenID Connect (OAuth2 for Login), my application is supposed to request an access token, given a one-time authorization code, via the endpoint https://www.googleapis.com/oauth2/v3/token. According to documentation, this request needs 5 parameters passed to it, client_id among them. T...
Jan Krüger
5

votes
3

answer
6k

Views

oauth2orize with an API?

I'm trying to integrate an oauth2 server with an API and got terribly stuck. In the example, there are 3 different Strategies used (local, basic, bearer); Is there an explanation for that? How do I create client keys and secrets? Is there a working example for a simple login for users?
Patrick
5

votes
3

answer
6k

Views

get token, store it, refresh it if expired using oauth2 gem in ruby

I am working on script to get google contacts using google contacts api gem. I am able to access the token successfully using this code: require 'rubygems' require 'launchy' require 'oauth2' require 'googlecontacts' require 'google_contacts_api' # Get your credentials from the console CLIENT_ID = 'y...
ben
5

votes
2

answer
14.1k

Views

Get user profile using Oauth 2.0 from LinkedIn API

I want to implement 'sign up using LinkedIn' functionality ,I followed this document and stuck at point b with this error instead of getting access token. https://developer.linkedin.com/documents/authentication { 'error': 'invalid_request', 'error_description': 'missing required parameters, include...
Hardik Bhalani
5

votes
6

answer
8.9k

Views

How can Yahoo Mail be accessed by IMAP using OAuth or OAuth2 authentication

According to developer.yahoo.com/mail/ and IMAP responses: * OK [CAPABILITY IMAP4rev1 ID MOVE NAMESPACE X-ID-ACLID UIDPLUS LITERAL+ CHILDREN XAPPLEPUSHSERVICE XYMHIGHESTMODSEQ AUTH=PLAIN AUTH=LOGIN AUTH=XOAUTH2 AUTH=XYMCOOKIE AUTH=XYMECOOKIE AUTH=XYMCOOKIEB64 AUTH=XYMPKI] IMAP4rev1 imapgate-1.8.1_01...
Aleksey
5

votes
0

answer
490

Views

How do I resolve ambiguous mapping error when using spring oath provider?

I'm trying to add Spring OAuth2 security to my application to secure my REST endpoints, which are Spring RestControllers. For the moment I'm just trying to get the basic pieces in place. However, something with the OAuth2 provider is generating an ambiguous mapping of oauth2AuthorizationEndpoint bea...
Clark Richey
5

votes
0

answer
550

Views

Rest API to validate external OAuth 2.0 access token

Im building rest api (using PHP, Laravel) which is used by mobile applications. The api basically is just commenting system. Im planning to allow users to log in (to use this api) using their Facebook/MS/Twitter etc accounths using OAuth 2. Flow would be something like this: Authenticate user in mob...
devha
5

votes
2

answer
730

Views

Get current user information in Apigility Resource

I just started with Apigility and oAuth2, and I was wondering if it is possible to get the currently authenticated 'loggedin' user when fetching information from a database. I currently have the following code: /** * Fetch all or a subset of resources * * @param array $params * @return mixed */ pub...
Bas van Stein
5

votes
1

answer
1.4k

Views

How to use varnish with RESTful Api using Oauth2 protocol?

I have a RESTful Api written in Symfony2 using FosOauth2Serverbundle, FosRestBundle and FosUserBundle. I am planing to bring varnish in front of my api as reverse proxy. Since my app using my api always send access_token as parameter or header varnish caches almost every request as different request...
Omer Temel
5

votes
2

answer
840

Views

OAuth 2 is a protocol or a framework?

Actually, my question is in the title of the post itself. So, really, in RFC OAuth called framework, but in a lot of articles, it's called protocol. So what is the proper name and why? As I know protocol is a set of rules - and it seems to be relevant in that case. Under the framework, I usually un...
nowiko
5

votes
1

answer
1.4k

Views

Proper method for accessing OAuth2 tokens via javascript

I understand the basics of oauth, and I've used it in application before, but never like this. I've got an oauth2 based api I wrote, and I'm writing a javascript application (in backbone.js), and I want to access the api with it. My problem is that I need to obtain an access token for the js app. No...
zombor
5

votes
1

answer
1.3k

Views

Using a Facebook access token as the resource owner credentials in OAuth2.0

The OAuth 2.0 specification defines the Resource Owner Password Credentials Grant Type, which allows the resource owner password credentials (i.e. username and password) to be used directly as an authorization grant to obtain an access token. I want to allow a user to 'login via Facebook' on the cli...
Eugene Yarmash
5

votes
0

answer
342

Views

oidc-client isLoggedIn()

What is the most concise and accurate way to determine isLoggedIn() with odic-client? Much like the Angualr2 example my first method was: // return true if user (token) exists. public isLoggedIn(): Promise { return this.userManager.getUser().then(user => !!user); } Then to handle expired tokens: //...
William Lohan
5

votes
1

answer
3.2k

Views

Linkedin login for a Cordova app

I have a Cordova app - for Android and iOS platforms, and a feature in the app where user needs to login with their linkedin credentials. The linkedin login is used to retrieve the user's profile information. I have questions as below - 1. In the 'Add New Application' screen, what is the URL I have...
Lohith Korupolu
5

votes
3

answer
349

Views

Understanding Google Developer Console

I am a little confused regarding developer console functioning. I have a project in which I access youtube data apiv3. I have created my project and got 4 keys: Browser Key Server Key Web Client OAuth2.0 Client ID Secret Key Android Key Out of this, first three are autogenerated by google service....
Rushi M Thakker
5

votes
0

answer
1.8k

Views

oAuth Instagram login

I am trying to get access token from Instagram using oAuth 2, to use it in scopes. I couldn't understand how should I configure 'redirect_uri' (tried a lot of combinations) if I use it in native app, it means I don't need any websites to have redirected, I need redirect to app itself, after logged...
helgun
5

votes
2

answer
1.9k

Views

Signing requests with python-oauth2 [closed]

The Github page of python-oauth2 gives instructions on creating signed requests with req = oauth.Request(...), which returns a dictionary that can be signed. But how do I actually send these requests?
Steve
5

votes
3

answer
627

Views

Failing to retrieve OAuth 2.0 access token on android emulator

I'm trying to login into my application using GoogleAccountCredential for the authentication: mGoogleAccountCredential = GoogleAccountCredential.usingOAuth2(context, Arrays.asList(Scopes.EMAIL, Scopes.PLUS_LOGIN)); mGoogleAccountCredential.setSelectedAccountName(accountName); String token = mGoogleA...
meltedspark
5

votes
1

answer
4.1k

Views

Login with FB Connect / Google OAuth in .NET

I'd like to allow my users to login to my website using my login system, or FB Connect or Google Login. I wouldn't want to use big libraries (like dotnetOpenAuth) for only those 2 options - So how should I accomplish this? Additional question - how should I bind the FB/Google user to my inner user s...
Roman
5

votes
2

answer
5.2k

Views

skipping user consent screen oauth2

Im using oauth2 for my app. Im getting google user profile information. Every thing is working fine. I want to know if there's any way to skip user consent screen? I want to get access token without showing 'Allow access' step. Thanks!
Kevin
5

votes
1

answer
2.6k

Views

Implementing OAuth2 with AccountManager, Retrofit and Dagger

I'm trying to figure out what would be the best way to implement a Retrofit client which supports AccountManager.getAuthToken() for OAuth2 flow. I'm following the U2020 Ideally I would like to have a simple injector along these lines public class ExampleFragment extends InjectionFragment { @Inject A...
Alon Burg
5

votes
3

answer
8.5k

Views

Get Google API Token

I need to get the google valid token to use Google APIs, but my code does not work. could you please advice me? $client_id = '495225261106.apps.googleusercontent.com'; $client_secret = urlencode('MY_SECRET_CDE'); $redirect_uri = urlencode('http://MYPAGE.net/test.php'); //$grant_type = urlencode('aut...
Expert wanna be
5

votes
1

answer
1.7k

Views

OWIN Security - How to return a refresh token in a cookie while maintaining authentication bearer tokens

I am setting up refresh tokens in a web service that is based on the Web API 2 template. It is going to be consumed by both our own website as well as external clients. After researching for some time, the general recommendation on securing the refresh token from XSS attacks is to store the identif...
5

votes
2

answer
753

Views

Google Sign-In endpoint doesn't return the user's name anymore

I'm using Google Sign-In on my iOS app. Everything was working well until recently when I noticed the app no longer gets the user's name, only the email address is returned. I am getting a token through the app that I am sending to my server, which used to fetch the full information by sending a req...
Kali Aney
5

votes
3

answer
2.9k

Views

Google Javascript API (gapi) - problems with .load

I am trying to use the Google plus API (via googie-api-javascript) implementation like so (omitting full code): var clientId = '7454475891XxxxxxXom4c6n.apps.googleusercontent.com'; //fake client var apiKey = '-uTH_p6NokbrXXXXXXXXXXXXX'; //Fake Key var scopes = 'https://www.googleapis.com/auth/plus.m...
Alon
5

votes
2

answer
6.5k

Views

Android PlusClient implementation & getting a token

so i implemented google plus login to my app... my implementation pretty closely follows the example given here. The biggest difference between mine and his is that i have a larger set of scopes that i require. when building my plusclient i specify the following scopes: 'https://www.googleapis.com/a...
MrTristan