Questions tagged [oauth-2.0]

5

votes
2

answer
11.2k

Views

Authenticating Google API with a service account with Java API

I am attempting to use oauth API to authenticate a google service account through the Java API. I am hoping to use it to access Google Bigquery. I get an 'invalid grant' returned from my API requests. Here is the code, which is a copy of a basic authentication example (which wasn't for Bigquery.. bu...
Sprooose
5

votes
2

answer
528

Views

What is the point in sending client_id and client_secret in SPAs to auth server?

I am trying to understand some concepts in oauth and openid connect. To provide some context, let's say I am building a SPA (single page application) that talks to a bunch of microservices. A user needs to authenticate themselves (through the application) before they can access any data and the user...
Ryan-Neal Mes
5

votes
0

answer
1.6k

Views

Why GoogleAuthUtil.getToken() method generate two type of tokens?

I am integrating google sign in my android app.I am using newly mentioned Google+ signin Api and am able to get user name ,email,profile photo for my app.But when i call the GoogleAuthUtil.getToken() with different parameters i get two kind of tokens.One is base64 encoded idToken (I think it is JWT...
Lejin KR
5

votes
1

answer
3.8k

Views

Facebook cookie and oauth 2.0 changes

This function used to work for me until the other day when facebook decided to enforce some changes. function get_facebook_cookie() { $app_id = '[MyAppID]'; $application_secret = '[MyAppSecrect]'; if(isset($_COOKIE['fbs_' . $app_id])){ $args = array(); parse_str(trim($_COOKIE['fbs_' . $a...
Joshua
5

votes
1

answer
6.9k

Views

Securing REST API using Spring-security @PreAuthorize annotation and OAuth2

I'm struggling with some spring-security OAuth2 configuration. I'm using: Spring.version: 4.0.5.RELEASE Spring security version: 3.2.5.RELEASE Spring security oauth version: 2.0.2.RELEASE Jersey version: 1.18.1 I want to secure my REST API using the PreAuthorize annotation of Spring security where I...
Mathias G.
5

votes
1

answer
1.1k

Views

Google+ login - Server side flow - Python - Google App Engine

I am building an app on Google App Engine using Flask. I am implementing Google+ login from the server-side flow described in https://developers.google.com/+/web/signin/server-side-flow. Before switching to App Engine, I had a very similar flow working. Perhaps I have introduced an error since then....
Jon G
5

votes
2

answer
394

Views

login with Oauth2 provider in twitter with satellizer

I would like to build a login with satellizer for Twitter. But I can't fuguire out how it is possible with the use of Oauth2.0. Here my function: $authProvider.twitter({ authorizationEndpoint: 'https://api.twitter.com/oauth/authorize', redirectUri: window.location.origin || window.location.protocol...
Ivan Demin
5

votes
1

answer
978

Views

Google API/OAuth - How to use [email protected] email address for “Branding Information”?

I'm setting up Google+ based login (OAuth2) to my website to allow people to login with their existing Google accounts (gmail, etc). The login piece all works fine but the email address that gets displayed for the 'Branding Information' is my personal email address (i.e. [email protected]). I'd like i...
Robertus Mensae
5

votes
1

answer
3.1k

Views

Changing default state of noauth_local_webserver?

I'm currently making a GUI YouTube video uploader for my community, but since I don't want all of my users to get my client_id and client_secret, I encoded them. Problem is that whenever program runs (it's not being run from command line using parameters, it gets those informations from Tkinter GUI)...
Amar Kalabić
5

votes
1

answer
1.3k

Views

SSO with Laravel Passport

I'm thinking to develop a full-fledged Identity System in Laravel 5 with Passport. Following is my requirement: I should have main identity management app like identity.mysite.com where all of my users are stored. I have 2 other applications APP1, APP2. When user request restricted resource on APP1,...
Sahil Purav
5

votes
1

answer
3.4k

Views

Sync contacts using Google Contacts API version 3.0 and NodeJS' Passport

I am using passport, and would like to use the Google Contacts API version 3.0 to sync Google contacts with my application (which would suddenly become 10 times more useful). Has anybody done this? If so, do you have some example code? Is it even possible to use passport authentication to get it all...
Merc
5

votes
2

answer
176

Views

Google authentication and authorization among their apps

Google provides a bunch of apps like Plus, Gmail, Docs, Reader, etc. Internally, these apps can talk to each other securely somehow to query information/data. I am wondering conceptually how Google implements this secured authentication and authorization among their apps internally. Does anyone know...
chawarong
5

votes
1

answer
891

Views

Which well-known OpenID providers is a new site expected to support?

I plan to develop a web application that supports OpenID Connect as a relying party, so that a user of the application can sign up and log in using the identity provider of his choice. (This is the same tech that 'My Logins' on each Stack Exchange site uses.) This application would be available for...
Damian Yerrick
5

votes
2

answer
4.1k

Views

Facebook with DotNetOpenAuth 4.1.0.12182

I'm attempting to create a user login for Facebook and Windows LiveId using DotNetOpenAuth 4.1.0.12182 However the examples in the download make use of DotNetOpenAuth.ApplicationBlock and DotNetOpenAuth.ApplicationBlock.Facebook which don't exist in the current build. Instead there is the DotNetOpen...
Peter Bridger
5

votes
2

answer
819

Views

GSC_Client and oAuth2 access

I'm beginning work on a PHP script that will run as a cron job and periodically update product listings via the Google Shopping API. I downloaded the GSC Client library for PHP and am trying to work through the Google Shopping API documentation in order to get as far as getting a token. However i...
GordonM
5

votes
2

answer
1.7k

Views

Bing Ads OAuth Automation using only .NET?

How can I log onto Microsoft Live (with .NET WebClient?) and automate the OAuth process to get a token to make Bing Ads API calls? My question is similar to How do I get an OAuth request_token from live.com?. However, I am building (C#, .NET 4.5.2) a headless Windows Service using the context of a...
Snowy
5

votes
1

answer
4.8k

Views

Google Calendar Integration with Django

Is there a fully fledged Django-based example of a Google Calendar integration? I was reading through Google's example page but their link at the bottom is outdated. I'm specifically struggeling with the refresh token as Google's examples focus solely on how to get the access token. That's what I ha...
pasql
5

votes
1

answer
6.6k

Views

python & smtplib: Is sending mail via gmail using oauth2 possible?

So I can login to and send mail through gmail using smtplib (using the script below), but I was just wondering if using oauth2 was an option like with imaplib? I didn't see anything on the smtplib documentation page about oauth and I haven't found anything googling. Thanks. #! /usr/bin/python impor...
nomadicME
5

votes
1

answer
2.2k

Views

login with google always asks user consent

I've got an internal web app for my company that uses a login with google authentication system. It's working well for the most part, they can authenticate with google, give consent for my app to access basic user details, and then when they are returned to my app, I can indeed get their user detai...
Greg
4

votes
1

answer
2.6k

Views

“your authorization header here”, what's that?

I've implemented the Google API v3.0, but the documentation is always telling to put 'your authorization header here'. What's the value we should pass as the authorization header ??? But they never mention where that value come from. Logically, I though it could be the $_SESSION['access_token'] valu...
FMaz008
4

votes
1

answer
1.7k

Views

Are there any Scala OAuth libraries that support OAuth 2.0?

I'm looking for both consumer and provider code. Dispatch and Lift's OAuth code both only target OAuth 1.0 right now.
pr1001
4

votes
1

answer
94

Views

Non-interactive access to google cloud storage

I would like to use only http calls (e.g., with curl) to make authenticated calls to the google cloud storage API. Using the google dev console, I have enabled the API and downloaded three created sets of credential information. These information JSON files have the following fields: ['token_uri',...
mdurant
4

votes
1

answer
175

Views

SessionExpiredException occured when trying to create a post using Google Blogger API OAuth2

I am using the below code to update an existing blog post. I'm getting SessionExpiredException. What am I doing wrong? GoogleService service = new BloggerService('MyBloggerIntegration-v1'); HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport(); JsonFactory jsonFactory =...
cegprakash
4

votes
2

answer
1.2k

Views

Google App Engine : SimpleAuth : Redirect Url On the Fly

i am using SimpleAuth by Alex (https://github.com/crhym3/simpleauth) in my GAE application. I have a Jquery Powered Login box in my base template which means users can login from any url inside the application. I want the users to be redirected back to the page they requested to login from. Is there...
Amyth
4

votes
3

answer
353

Views

Cannot authenticate anymore with new Google OAuth 2.0 token endpoint (v3)

I have a bunch of tests using Google Accounts as Identity Provider with OAuth 2.0 that are failing since 5th of december with an error around the expires_in field of the access token response that is no more a JSON Number but a String (I'm using grant_type=authorisation_code, but that shouldn't make...
Guillaume
4

votes
4

answer
1.1k

Views

Spring OAuth2 Requiring PlatformTransactionManager

I'm working on integrating Spring Security OAuth2 with JWT tokens into a Spring Boot project. My authentication server is configured similar to what is found in this sample project. When the OAuth2 client performs the POST on /oauth/token it is unable to create the access token. The specific error l...
David V
4

votes
1

answer
113

Views

Salesforce Authorization with Sandbox

Our app has a Salesforce integration, so our clients can authorize through our Salesforce App and sync their data. One of our clients wants to use Sandbox, do I need to create a separate app for that or I can just use the existing app with sandbox url? Do I need different Salesforce api keys? If yes...
4

votes
0

answer
370

Views

Microservice resource server how to identify user using oauth2 with spring-security

I'm trying to migrating existing monolithic application to micro-service applications. But get confused of authentication and authorisation strategy with oauth2.0. Take ordering service as an example, I want to identify the user who is placing order. 1. The user login and get an access token from a...
Hippoom
4

votes
0

answer
135

Views

Making Facebook Authorisation with Paw

I'm trying to reproduce Facebook Login flow for mobile app. So I have to Login with Facebook, retrieve Facebook profile and then login to my server with Facebook token and profile data. To Do it I have created two requests: facebook/me - to get OAuth token and user profile data myserver/api/facebook...
Ievgen Rudenko
4

votes
0

answer
103

Views

RAML file for OAuth 2.0 spec itsetlf (not an API using OAuth)

Is there a RAML file for the OAuth spec itself? I am seeing lots of examples of APIs defined in RAML that use OAuth, but I am curious if there is one that would define an OAuth Authorization server itself.
user3294980
4

votes
2

answer
2.5k

Views

Change Response in Oauth2 Spring

Hi i have posted this question in this forum. I post it here too, to have more chance for a response http://forum.spring.io/forum/spring-projects/security/oauth/745627-response-of-oauth2 I need to add information in the json response of an Oauth authentication2. Now my configuration return a respon...
java4fun
4

votes
1

answer
2k

Views

Why are POST requests to get a bearer token for application-only auth for Twitter's API returning a 400 Bad request?

I'm trying to follow the instructions for obtaining a bearer token for the Twitter API's app-only authentication, following the instructions here: https://dev.twitter.com/oauth/application-only However, every time I make the request described there with curl, I get a '400 Bad request' status returne...
Mark Longair
4

votes
2

answer
629

Views

Authenticating as a Service with Azure AD B2C

We have setup our application using Azure AD B2C and OAuth, this works fine, however I am trying to authenticate as a service in order to make service to service calls. I am slightly new to this, but I have followed some courses on Pluralsight on how to do this on 'normal' Azure Active Directory and...
ruffen
4

votes
1

answer
1.2k

Views

GoogleAccountCredential.setSelectedAccountName(String) not working on Android 6.0 without Contacts permission

I'm retrieving an GoogleAccountCredential object using: GoogleAccountCredential credential = GoogleAccountCredential.usingOAuth2( context, Arrays.asList({ GmailScopes.MAIL_GOOGLE_COM })) .setBackOff(new ExponentialBackOff()) .setSelectedAccountName(email) with email being the Gmail account I'm using...
Emanuel Moecklin
4

votes
1

answer
360

Views

Different oauth2 native/web client ids for same app

I am accessing Google APIs from a native iOS app (using gtm-oauth2) and from my web app, which each have different client ids. When I try to refresh the access tokens with refresh tokens created by a different client id of the one it was initially generated with, I get an authorization error. I don'...
hyotam
4

votes
3

answer
2.2k

Views

Native login with Instagram API

I've been working on an app for IG, and was looking at other websites which use the IG API. I came across this website which allows the user to login by entering their username and password directly into the site. It is then able to access the IG API and fetch things like follower count, however wit...
Benedict Lewis
4

votes
1

answer
1.1k

Views

Securing REST API for single page JS app?

I'm interested in developing a RESTful JSON data API using Sinatra, and have an HTML5/JS app consume that data API. Obviously the data API needs some form of authentication so that user Joe can only access his own stuff via the API. It would be nice if I could not roll my own authentication, and ins...
Ben Lakey
4

votes
3

answer
4.5k

Views

Where do you find GoogleOAuth2AuthenticationOptions?

I feel like I am missing something pretty basic however I have had a solid effort at resolving it. Basically I am trying to follow this question's answer here: https://stackoverflow.com/a/22694372/768952 It makes use of a GoogleOAuth2AuthenticationOptions object, which from my Googling should be loc...
4

votes
1

answer
2.1k

Views

Do I have to refresh the oauth2 access_token myself, or

I use the Google APIs Client Library for Python (oauth2client app engine). When the access_token expires, do I have to refresh it myself or will it be done by the API? Now the access_token expires and is not refreshed! I use the oauth aware decorator. The access type = offline and the refresh token...
voscausa
4

votes
0

answer
314

Views

MVC 5 Identity and Google Auth consent screen - minimal permissions and no email

When signing in to Stack-overflow, for example, you get the following consent screen: 1.In my consent screen settings I must give my email. How can I make it so that no email is displayed or a non-gmail email address is displayed ? 2.My consent screen asks for email and basic info. I want it to...
Yaron Levi