Questions tagged [oauth-2.0]

3

votes
0

answer
28

Views

Windows Live Auth - Get User Profile

I created an application in Microsoft Application Registration Portal https://apps.dev.microsoft.com/ On my page, I put a button redirecting the user to the microsoft website. I get the user back after he accepts to dispose the data to my application. So far, nothing wrong. After the user returns to...
3

votes
2

answer
379

Views

Is there a way to renew IDP session token from a Client in Identity Server

I am using Identity Server to achieve Single Sign In/Out for the apps at my company. Is there any way to make it so that when a Client's cookie is renewed (via Sliding Expiration) it also goes to the IDP and renews the expire time on the it's session cookie? The goal is to be able to have a shared 1...
LukeP
3

votes
0

answer
250

Views

Impersonate user in AWS Cognito

I have a file server that uses Cognito so users can access by authenticating themselves with basic authentication or the OAuth2.0 authorization code flow. I'd like external apps to be able to authenticate themselves using the client credentials flow, and then be able to impersonate a user. Is there...
syim
3

votes
1

answer
203

Views

Using Guice Injection in custom Authenticator on Google Cloud Endpoints

I want to secure a google cloud endpoint with a custom com.google.api.server.spi.config.Authenticator. see this post (Google Cloud Endpoints and user's authentication). For example to authenticate via facebook oauth. The Authenticator must have a default constructor without any params otherwise th...
SmilingM
3

votes
2

answer
188

Views

google signin not working when distributed through playstore firebase oauth2

So, i created a signed apk with my key store, all the credentials/sha1 key on firebase and google api console matches to my release keystore. and the google signin is working when i externally install the generated apk. but when i try to distribute it through playstore i am not able to sign in. i...
vky
3

votes
2

answer
199

Views

Github oauth callback url is adding query string before hash

I'm trying to implement Oauth (using Github) in a Vue project and when my callback url gets called from github it's appending the query string ?code=something before the hash from the url. For example if I load https://myapp.com in a browser and click my login link Login I get redirected to https://...
Catfish
3

votes
2

answer
1.9k

Views

What to do after getting oauth2 token?

I'm trying to implement a 'Sign in with ...' authentication system. I've read several posts and articles on oauth2. Everyone that I've read stops the discussion or tutorial at getting the access token and possibly logging in the user for that session. I understand that and can implement that part. H...
john
3

votes
3

answer
605

Views

how to get twitter feeds in shopify

I am trying to get twitter feeds in to my shopify site. I want to get the feeds and style them as I want and thus cant use a app. I know how to do it using PHP but can not use that code in shopify and looking for a way I can use OAuth in shopify and get the feeds. I tried the shopify docs but withou...
Adrian
3

votes
2

answer
3.2k

Views

box api error getting the access token: Invalid grant_type parameter or parameter missing

I am trying to get an access token and using the following url to POST the HTTP request and receiving { 'error':'invalid_request', 'error_description':'Invalid grant_type parameter or parameter missing' } error message . No matter what I try. I am posting seconds after receiving the code so I don...
Christen Mitchell
3

votes
1

answer
115

Views

What is the preferred method of using Google for sign-in?

Google has a habit of providing multiple means to achieve a goal. And of ditching services when they feel like it. If I would need to implement a 'sign-in with Google' authentication feature today, which one should I pick? Google Sign-In or Google+ Sign-In? Or to put it differently: which one will...
Kees de Kooter
3

votes
1

answer
1.2k

Views

Picasa API with oAuth 2.0

I want to create an app which gets all my albums from google+ account. I need to use picasa api with oauth 2.0 to accomplish this. Can anyone please guide me in right direction? Or suggest me any tutorial?
Raheel
3

votes
1

answer
2.2k

Views

authorizing a google api client without a browser?

I have a python cron job which performs operations on my calendars which I run on my laptop. I currently am using a 'Client ID for native application' for the python script. Authorizing the client_secrets.json credential is not a problem on a desktop or laptop since I have a full GUI browser which r...
ErikR
3

votes
1

answer
164

Views

OAuth and OpenID confusion regarding claims and access

I checking how to use IdentityServer4 as I have heard about it a lot. I am trying to make my concepts clear but I am confused: Access Token: It contains claims that can be used to restrict API access, it contains client info with a token. Id token: It contains identity info of user, it cannot be use...
newbeedeveloper
3

votes
1

answer
817

Views

how to get scope associated with access token in Spring OAuth while building microservices?

I am in the process of spinning up a microservices system with a central Authorization Server that grants tokens with different scopes for accessing individual micro-service. Here is the picture explaining the various service calls. The numbers marked are requests made in the chronological order. 1)...
brain storm
3

votes
2

answer
191

Views

Google Api, how can I refresh user token when I have acces token and previous refresh token

Is it possible to refresh Google Api token when I have previous refresh token and access token using pure php, without Google Api library? I am storing in database many users refresh and access tokens. I am using url from this address: https://developers.google.com/identity/protocols/OAuth2WebServer...
ssuperczynski
3

votes
1

answer
1.5k

Views

Is Android Cloud 2 Device Messaging (C2DM) compatible with Google's 2-step verification?

I've been reading up on Android's cloud 2 device messaging (C2DM) and all the documentation mention ClientLogin as the authentication method. However the ClienLogin info page specifically states its not compatible with 2-step verification and recomments using OAuth2. Can I use OAuth2 as a replaceme...
adnans
3

votes
0

answer
1.8k

Views

How can I configure access token in doorkeeper-gem on Rails4?

doorkeeper's spec with token through http header My goal is creating secure API between iOS and Rails4. So I've been trying doorkeeper-gem for a while. But I'm wasting time for testing and configuration now. In detail, the problem is doorkeeper_for method and token transferring through HTTP header....
shogochiai
3

votes
1

answer
10.4k

Views

Configure Application Permissions in Azure AD

Background I have a Web API registered in Azure AD and secured using WindowsAzureActiveDirectoryBearerAuthentication (OAuth2 bearer token). This is a B2B-type scenario where there are no interactive users - the applications calling the API are daemon-like background apps. As such, I don't need any...
BenV
3

votes
2

answer
755

Views

How to implement a Simple 2 legged Oauth in php?

In my application there are providers(api) Users when the user logged into the system it will make a call to api , and the api should return a access token and access secret I have gone through lot of tutorials but they are looking complex. I want to simply return token, token secret and i should...
3

votes
1

answer
2.6k

Views

Spring/OAuth2 Error - InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter

I've been stuck for hours trying to figure out what in the world is going wrong with this Spring Security OAuth2 implementation. The error occurs when I go to hit the /oauth/token endpoint: localhost:8080/my-oauth-practice-app/oauth/token Error: InsufficientAuthenticationException, There is no clien...
TyRyDurden
3

votes
2

answer
1.8k

Views

OAuth 2 authentication for both iframe and api

I'm integrating several web sites/services into my application. I use iframes (or webview for Vue Electron) for UI integration and I also use API to implement cross-communication between those services. At the moment I have to go through OAuth 2 authentication twice for each service: once as part of...
SiberianGuy
3

votes
2

answer
1.1k

Views

No route matches [GET] “/auth/google_apps” when I try to authenticate with omniauth-google-oauth2 gem

I have implemented twitter and facebook authentication with omniauth gem, but when i try to authenticate with openID or google I get: No route matches [GET] '/auth/google_apps' or No route matches [GET] '/auth/open_id' errors My omniauth.rb file is: require 'openid/store/filesystem' Rails.applicatio...
TomasMax
3

votes
0

answer
340

Views

Google Adword API generate refresh token using generate_refresh_token.py

I follow the step here: https://github.com/googleads/googleads-python-lib/wiki/Using-OAuth-2.0 Log in google developers console Create project, then credentials, then acquired the client ID and client secret Install the googleads through pip and download the library: https://github.com/googleads/goo...
viviwill
3

votes
3

answer
484

Views

How to implement OpenID Connect authentication with 3rd party IDPs in a microservices architecture

For the past 10+ days I've read an watched ALL the content I could find on understanding OAuth2 and OpenID Connect, only to find that many people disagree on the implementation, which really confuses me. To my understanding, all the articles and examples I found assume you want access to eg. google...
Dac0d3r
3

votes
1

answer
1.2k

Views

How to avoid redirect login.microsoft.com to live.com sign in azure active dirctory

Our scenario is : we have an application use Microsoft azure AD to authenticate our users. all of them use only organizational account. problem: After the login request, we arrive into login page(login.microsoft.com), after few seconds we also redirected automaticaly into live.com... how we can...
natnael88
3

votes
0

answer
451

Views

Facebook SDK / Where to store the long-lived access token?

I use the Facebook Javascript SDK logging in User by retrieving a short-lived access token. This short-lived access token is immediately sent to my app server, in order to get a long-lived one from it. I think about 2 ways to deal with this token: Storing it as a User's field (User being an Entity d...
Mik378
3

votes
3

answer
787

Views

Rails / Devise: undefined method `router_name' for nil:NilClass - what is coming through as nil?

So this code (Devise & OAuth2 in Rails 5) class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def google_oauth2 puts request.env['omniauth.auth'] @user = User.from_omniauth(request.env['omniauth.auth']) if @user.persisted? sign_in_and_redirect root_path, event: :authentica...
dwilbank
3

votes
1

answer
3.4k

Views

Oauth2, scopes and user roles

I am asking a question conceptually here as I am trying to understand the relationship between scopes and user roles in an OAuth2 based system. As I am implementing an API, I want to restrict access to specific resources by using scopes on the resources. I understand the use of access tokens to req...
Jason
3

votes
3

answer
2.4k

Views

FB.login Javascript changes needed by October?

So, we switched from Facebook Connect to the new Javascript SDK and OpenGraph when it first came out. Back in May, some of our customers got an email telling them that they might have security holes and might need to upgrade to Oauth 2.0. I looked at our new code compared with the docs for FB.login...
Mike Ruhlin
3

votes
1

answer
1.6k

Views

Amazon Cognito Oauth2 with Spring Security

I'm trying to implement Spring Security in a resource server with 'Cognito Oauth2', however I don't seem to find too much info. about it (or if It's even possible to do so). My nearest approach was using 'Nimbus+JOSE' to check the validity of the 'Access Token' with the 'JWKS' and give permissions t...
jalmaraz
3

votes
1

answer
1.9k

Views

'Google_Exception' with message 'Cant add services after having authenticated'

I am working on a WP plugin with Google Analytics, using Oauth 2.0. All of my authentication & data pulls work fine, with the exception of this one issue: the first time I get a new Google authorization code (ex: '4/-xbSbg....' ) & authenticate, then try to call a new Google_AnalyticsService() obje...
jmadsen
3

votes
0

answer
689

Views

Store OAuth2 token securely in KeyStore and link to account in AccountManager

My web API requires an authentication token to access protected resources. I can request and receive these, and consume the api. Now I want to store this token for later usage. I am aware that it is hard or even impossible to securely store confidential data, but this article suggest to use the KeyS...
Stephen B
3

votes
3

answer
692

Views

Google Developer Console - Consent Screen - Custom Product Logo Doesn't Work

In the Google Developer Console, Consent Screen, under Product Logo I added the URL to an image that's 120 x 120 px size in png format but the preview shows a broken link icon in the upper left corner and my image doesn't show. I've confirmed the image is in a public URL and can access it directly....
Peter Roesler
3

votes
1

answer
3.3k

Views

Authorize and authenticate canvas app users with php-sdk and oauth

Egads...programming for Facebook these days is like going on a scavenger hunt. The info on FB is incomplete, their own code examples often don't work and you just want to go home and have a beer. Before I completely lose my hair, can someone please point me to a working php-sdk code example that che...
Ian
3

votes
2

answer
2.8k

Views

Android LinkedIn Integration Error on Device And Emulator

I am trying to integrated linkedIn using this question answer Posting LinkedIn message from Android application but this given example LITest in not working on Device is Shows me some Error like below 12-19 19:36:30.489: ERROR/AndroidRuntime(11868): FATAL EXCEPTION: main 12-19 19:36:30.489: ERROR/An...
Bipin Vayalu
3

votes
0

answer
57

Views

Cookie lost on Google Signin on CORS in AngularJS

My AngularJS SPA is hosted on web.example.com. APIs are hosted on api.example.com. All requests are made to api.example.com I am using Cartalyst Sentinel for Authentication and Authorization. On top of Cartalyst's Authentication, I have also implemented jwt authorization. My basic login with email...
SLearner
3

votes
2

answer
5.4k

Views

Oauth2 - Unsafe JavaScript attempt to access frame with URL

I am using the following code to rendered the facebook login button FB.init({ appId:'appid', cookie:true, status:true, xfbml:true }); FB.Event.subscribe('auth.login', function(response) { window.location = 'http://xxx'; // redirect if user has logged in }); But it no longer works today, and I thin...
Yuen Ying Kit
3

votes
2

answer
248

Views

identifying which android app is making contact with my appengine app

This is an 'Is this possible?' question. I have an app for the android phone and another application for the appengine platform. The appengine thing is really just a db of high scores, and the phone app is really just a game. I can, using some json/gson/httppost stuff, send the scores from the game...
D Liebman
3

votes
1

answer
700

Views

Subdomains for oauth process?

My app allows users to have custom subdomains, as in user1.domain.com. I am integrating various oauth providers, all of which support the ability to authenticate via oauth with a subdomain of the registered application domain. Is there a way this can be done with Foursquare, or if not is there a s...
mattmueller
3

votes
3

answer
3.4k

Views

What oAuth2 Grant should I use for AngularJS secure site that pulls from an API

I am looking for suggestions on best strategy with this project. I am building a SaaS service in which a client (tenant) may be able to access the service using an iPad app or the service website. The service website is to be written in AngularJS and laravel. Authorization is to be oAuth 2. Users lo...
John Hamman