Questions tagged [oauth-2.0]

4

votes
0

answer
287

Views

Users cannot login if their Microsoft Account is an Azure AD Account

We are using Microsoft Account Authentication on our website. We have implemented the v2 endpoint thinking that would allow anyone with a Microsoft Account to register and login to our site. However some users report that when they try to login to our site using their MSA, the Microsoft login page i...
Vague
4

votes
1

answer
652

Views

How to check for oAuth2 scopes in Apigility?

I am creating an apigility project where we will be hosting all of our APIs. We need to be able to use OAuth2 for authentication but we cannot figure out how to control access to certain APIs, it seems like once a client authenticates, they can use any of our APIs but we want to limit them to use o...
Jeff Burgin
4

votes
3

answer
1.3k

Views

Twitter reverse auth error

NOTE: the code I am using works on iOS 5 perfectly. Nothing has changed. When going through the motions of the twitter reverse auth, I get this error: Error processing your OAuth request: invalid signature or token I check to make sure my tokens and other credentials were valid. The only differences...
nicholjs
4

votes
1

answer
1.3k

Views

Gmail IMAP OAuth2 returns error code 400

When trying to connect to the Google IMAP service using the XOAUTH2 mechanism (https://developers.google.com/google-apps/gmail/xoauth2_protocol), I sometimes receive the following error response: {'status':'400','schemes':'Bearer','scope':'https://mail.google.com/'} I was wondering if anyone knew wh...
Dominik
4

votes
2

answer
2.2k

Views

Soundcloud OAuth2 API: Getting invalid_scope error after user connection

I'm trying to implement Soundcloud connect and having a weird issue. First thing I do is send my users to https://soundcloud.com/connect?client_id=MY_CLIENT_ID&redirect_uri=http://myredirecturl.example.com&state=RANDOM_STRING&display=page&response_type=code&scope=email When users connect they get re...
luchomolina
4

votes
1

answer
191

Views

Google+ Sign-In - stop requesting people you're connected with

Is there a way to make the Google+ Sign-In not request the user's 'list of people you're connected to on Google+'? My goal is to use the G+ sign in for authentication purposes today, and in the future also use it for social sharing functionality. As the owner/operator of the service requesting sign...
Tony Ranieri
4

votes
2

answer
9.4k

Views

OAuth 2.0 authentication in HTTP Module

Is it possible to implement OAuth(Open Authorization) 2.0 or 1.0 in HTTP Module. Why i m choosing this because, each and every request will first reaches the HTTP Module, so from that request i have to authenticate Is it possible ? If YES means , please like a related link for that Help me..
Suganth G
4

votes
1

answer
300

Views

Box v2 API - “Remember login” checkbox

To the Box SDK team: I'm using the iOS version of the BoxSDK. When I present the BoxAuthorizationViewController login controller, there is a checkbox labeled 'Remember login'. It doesn't seem to do anything. I get the same results whether I leave it checked or not. And the iOS API to the Box SDK doe...
rmaddy
4

votes
3

answer
626

Views

How to avoid “Complete action with” popup with OAuth callbacks from Google?

I am playing around with OpenID Connect and OAuth and I want to support multiple OpenID providers (so not only the ones known by the AccountManager). However, I ran into this issue. When authenticating against Google as an Installed Application, you pass a callback address, which is pre-defined (by...
Shade
4

votes
1

answer
9.6k

Views

Facebook exchange code for token

When you successfully exchange a 'code' for a token facebook responses with the following (html body) access_token=USER_ACCESS_TOKEN&expires=NUMBER_OF_SECONDS_UNTIL_TOKEN_EXPIRES But what happens when this code for token exchange fails? how does facebook response when the exchange fails? Reference h...
001
4

votes
0

answer
323

Views

OAuth without Asp.net Identity

This is a subjective / design level question. I am implementing OAuth JWT authentication / authorization mechanism for my web api. I have my own user store which is held in a sql server database. WebApi template has lots of ASP.NET identity specific classes. Now my question is Is it necessary or go...
4

votes
1

answer
3.2k

Views

Linkedin OAuth2.0 : How to configure OAuth 2.0 Redirect URL with a wildcard subdomain url for a multi tenant application

I am trying to configure a LinkedIn application for a multi tenant site. I will have 20+ tenants using the same application and the number is going to increase every time. As per Linkedin API documentation (https://developer.linkedin.com/docs/oauth2) we need to ensure following points We strongly re...
Rifaj
4

votes
1

answer
4.3k

Views

Cannot get data from Google Analytics (401 Unauthorized)

I try to implement basic data feed example and all I get is just: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized. But when I use http://code.google.com/apis/analytics/docs/gdata/gdataExplorer.html It works fine with my Google Analytics account. It seems I've do...
terrafant
4

votes
1

answer
1.6k

Views

Can I use Oauth2 Authorization Code flow for a SPA (React app), if I have a server-side proxy?

After watching an obscene amount of tutorials on OAuth2, there is one best practice that everyone repeatedly states - if you have a React app (or Angular, or Ember) - you must use Implicit flow with it. I understand that storing client credentials in publicly visible javascript would not work. Howev...
nikovn
4

votes
1

answer
1.6k

Views

Authenticate credentials received from facebook on my own REST API

Me and my team are working on a native mobile social network for Android that allows users to login using Facebook. Ive managed to implement the Facebook SDK for Android, but im struggling to figure out how to properly/securely authenticate a user who logs in using facebook with the credentials rece...
ChuckKelly
4

votes
1

answer
551

Views

Retaining Forms Authentication with IdentityServer3

We currently have a typical forms authentication setup in our organisation; with a login page located at something like account/login. We want to retain this but also want to start securing some of our APIs with OAUTH2 ; essentially we are the provider. From reading a fair bit about the subject Mic...
Barry King
4

votes
2

answer
2.4k

Views

OAuth 2.0 with complex or fine-grained scopes

I am currently working on an OAuth2 implementation for all the clients (web and mobile). So far nothing fancy about it, but we want to have more complexity in the scope, so that we can grant partial access to certain objects down to the granularity of a single property. Example: Client gets access f...
MatthiasLaug
4

votes
1

answer
412

Views

Sharepoint Online / Excel Services / Delegated authentification

We have an asp.net MVC application where users connect through azure active directory. They can manage files through their sharepoint online accounts. To access sharepoint online, we use CSOM.We want the user connected to azure active directory use his account to manipulate files without fill creden...
toast
4

votes
2

answer
950

Views

Difference between Access Grant and Access Token

I can't figure out the difference between Token and Grant in Doorkeeper. In which moment, Doorkeeper creates an Access Grant and when an Access Token? The documentation doesn't seems to say nothing about it and now I'm reading the code but is not a dozen lines.
Tute
4

votes
0

answer
792

Views

nodejs use REQUEST.get, callback never called

I am using request module: request.get({ url: 'https://www.google.com' }, function (err, response, body) { console.log('callback called!' ); I opened the request debug mode: require('request').debug = true; so i saw the debug output: REQUEST { method: 'GET', callback: [Function], url: 'http...
UNSTABLE
4

votes
1

answer
917

Views

Refresh Tokens - Server Side Storage And Revoking For Multiple Clients

I'm getting started with token based authentication using the ASOS (AspNet.Security.OpenIdConnect.Server) framework. I've got the access token generation and retrieval done and am now moving on to the refresh token bit. My questions are: How should I store the refresh token server side? Should I jus...
Steviebob
4

votes
1

answer
329

Views

Need help creating Coldfusion App to Google Group API

First, thanks in advance for anyone reading this post. My school (I am a teacher/ technology coordinator) is using Google Apps for Education. I have used the Provisioning API to talk with our Microsoft Active Directory Server to synchronize users and groups with Google. I have a web-server that runs...
user2041230
4

votes
2

answer
1.7k

Views

Do I need Oauth2 For my Web Apps API

I am trying to wrap my brain around building an express.js / node.js based REST API. I have a couple of questions... Do I NEED token based / oauth 1 or 2 security for my api if I'm only concerned about a web application right now (not necessarily phone apps) Are there any resources to learn how to b...
Daniel White
4

votes
1

answer
1.5k

Views

FB dialog broken (unknown skip_api_login paramenter)

We're using FB login for a few years now, both from our Mac and Windows app. Since about a month ago the Windows app stopped connecting to FB, the request to FB just returns with skip_api_login=1&error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied The pro...
kambi
4

votes
1

answer
2.2k

Views

How to authenticate to https://tfspreview.com (MIcrosoft-hosted TFS) using Java command line application?

I am trying to access https://tfspreview.com SOAP interface from my command line Java app. Unlike the on-premises TFS services, this one uses Live ID authentication, which makes causes the communication to fail with a 302 redirect to their authentication service. I have no idea how to proceed with a...
user1537794
4

votes
0

answer
3.7k

Views

Keycloak Direct Grant API and Admin REST API

I am creating a mobile application which will talk to my REST Web Services, for login, GET, POST, DELETE and logout. I have been trying to figure out how to secure these REST Web Services using Keycloak. I do not want any In Browser Login on the mobile application, so I was inclined towards Direct G...
aksappy
4

votes
0

answer
854

Views

Get the state parameters from OAuth callback in passportjs

I am trying to send state parameters to the Oauth and then catch them in the callback, but I cannot make it work. So does passportjs support such a functionality? My idea is to send an id as state parameter to the Oauth and then on the callback depending on the id from the state parameters sent back...
Velin Georgiev
4

votes
1

answer
2.8k

Views

Google Federated Login (OpenID + OAuth 2)

I'm trying to get OpenID working with OAuth 2 for using Google's API. I only want the user to have to 'grant access' once when they login for the first time. Here is the flow I have so far: User clicks 'Login with Google' My server signs in the User with OpenID. With federated login I receive an OAu...
Brian DiCasa
4

votes
1

answer
1.1k

Views

Single Sign-On with oAuth2 or Shared Session

I have three client-facing web applications all on different subdomains (one of these web applications actually has 700+ different subdomains that are changing all the time). I've written an oAuth server that I was going to use to allow users to login to each of these systems; this works, but I've...
andrewnelder
4

votes
1

answer
2k

Views

OAuth token authorization (request has been denied)

I have a WebApi 2 and a MVC Web project in the same solution running on different IIS ports. After recieving my Oauth token using jQuery AJAX I still get a 401 Unauthorized error message when trying to call an authorized Controller method. Startup: public void Configuration(IAppBuilder app) { HttpCo...
Sam
4

votes
0

answer
1.5k

Views

OAuth 2.0 to Access Google APIs not working in IE

The following code works well when using Chrome or Firefox. Here is how Chrome/Firefox handles. User clicks on the 'Authorize' button. Browser opens a popup window that request for permission to access calendar data. User clicks on the 'Accept' button. Popup window closes automatically. However, it...
Xuanhao
4

votes
0

answer
756

Views

How to exchange authorization code with access token? (AngularJS, OAUTH2.0)

I am currently trying to get explicit permission from the user via OAUTH2.0. The user is redirected to the UP authentication page where he enters his username and password if he hasn't logged in yet. Then I ask for permission on certain data (for example personal data). When the users gives me permi...
Mark
4

votes
0

answer
2.1k

Views

Spring Boot OAuth2 with JDBC Using Custom UserDetailService

I am trying to secure my Spring Boot Rest API using OAuth2.0 with Spring security and want to store OAuth tokens (Access Token and Refresh Token) in JDBC database. For Username and Password validation i have created CustomUserDetailService. I am getting following error- { 'timestamp': 1480042650103,...
sumit mittal
4

votes
0

answer
535

Views

Google OAuth revoke access token by scopes

We dealing with Google Authentications scopes, and we facing an issue on revocation. 1 - We have user authorized his Google Analytics account 2 - Then later on he can add his GMAIL account The two steps above can be switched 3 - Now if we want to revoke the access, Both of the authorizations are rev...
kaizer
4

votes
0

answer
573

Views

Single page app: authorization code grant with OAuth2

I am following the tutorial Spring Boot and OAuth2. I need some insight on the server-based OAuth2 flow when front end and backend are on the different servers. According to the tutorial backend provides /login/facebook endpoint which essentially redirects to the facebook and after authorization - b...
Vadim Kirilchuk
4

votes
1

answer
568

Views

TOAuth2Authenticator: How do i refresh an expired token?

I must be missing something here! I have been playing around trying to refresh an expired OAUTH2 token using the new ( new to me anyway, coming from delphi xe2 environment) TOAuth2Authenticator, TRESTClient, TRESTRequest, TRESTResponse components I have set the following authenticator properties wit...
user3639701
4

votes
1

answer
1.3k

Views

Spring boot OAuth2 custom roles on Resource server

TL;DR: How to assign users custom roles/authorities on Resource server side (that means without JWT) based on their access_token? The whole story: I have a working Auth server and a client (which is SPA), which can obtain access_token from the Auth server. With that access_token the client can reque...
hawi
4

votes
2

answer
1.6k

Views

Oauth2 flow in Flutter app

In the Flutter app I'm currently building, I need to authenticate users against a custom (so non-Google/Facebook/Twitter/etc) authorization server. In order to achieve this, the users should fill in their credentials in a webpage. To this purpose, the WebView-plugin can be used. However, when the p...
Rick de Vries
4

votes
2

answer
678

Views

OAuth 2.0 Server Provider in Swift with Perfect

How do I offer OAuth 2.0 provider services using swift? I would like to use swift as a rest API but missing this integral component. Would probably be able to build something from the spec but don't have budget on this particular project. Would be a great component to Perfect framework but I don'...
robwithhair
4

votes
1

answer
1.8k

Views

Validate In-App-Purchase Android/Google on Server side

I would like to use the purchase token from the in app purchases in an android app to validate it to the google server on my own server. With the following code I can validate a token, but I have to authenticate myself with my OAuth credentials every time: class GooglePlayVerification require 'goog...
Sebastian