Questions tagged [oauth-2.0]

3

votes
0

answer
652

Views

dotnetopenauth samples “Attempt by method 'DotNetOpenAuth.OAuth2.WebServerClient …”

I've just been spending hours on an issue that some others have reported to experience too. The Sample.Oauth2.OAuthClient projet sample does not work for me. Let me explain in details: I got the latest version of dotnetopenauth from github (december 12th) I ensured to 'unblock' the zip before extrac...
oldbrazil
3

votes
1

answer
684

Views

Asp. Net 5. Jwt tokens revocation

I am using jwt tokens middleware and Asp.Net.OpenIdConnect.Server in my app. In fact, it works fine. But I am confused in one thing. If I use tokens, I can not immediately grant new claims or ban my users. For example. I give my user access token, which expires through 2 days, and refresh to...
Stalso
3

votes
2

answer
1.2k

Views

AuthenticationTokenProvider: Custom error message

I have implemented my own OAuthAuthorizationServerProvider and AuthenticationTokenProvider and everything works fine however I would like to send error message with a little bit more details. At the moment when something goes wrong with my refresh token I receive the following JSON object: {'error':...
webStuff
3

votes
1

answer
229

Views

Salesforce dynamic OAuth 2.0 Callback uri

We are trying to build an external application/Connected App over Salesforce and are using OAuth 2.0 Webserver flow to retrieve the access tokens and refresh tokens. We created the callback uri with the localhost uri path and this works fine for us. However, in production we have multiple instances...
bsam
3

votes
1

answer
467

Views

Can't get Oauth2 (Twitter) to work - returns invalid token

So I'm a bit of a newbie to Go, so excuse my ignorance. I'm trying to do a simple REST API call to twitter using oauth2 for an 'application only' calls, but I keep getting 'Invalid or expired token' back as an error. Anyone have experience with setting something like this up? Response is: {'errors'...
Christopher
3

votes
1

answer
275

Views

RewriteRule for url causes Facebook login to break

I have a rewrite rule: RewriteRule ^b/([^/]*)$ bus.php?location=$1 When I try to login from that page domain.com/b/23467 it hits the oauth page and sends it right back and I'm still logged out. What I think is the problem is FB is sending it back wrong.I have a domain.com/?logout=yes to log me out...
Digi Jeff
3

votes
1

answer
254

Views

Chrome packaged app oauth redirect problems due to different extension id

I am using an oauth provider with a chrome extension and they are only able to provide me with one client id at this time. Their redirect uri must be the same between my chrome app, android app, and ios app. However the instructions on the chrome app documentation say that my redirect url should be...
infomofo
3

votes
1

answer
182

Views

How to debug persistent 'SpreadsheetNotFound' errors using python gspread

After 2 days of reading gspread docs, gspread blog posts, and following the most recent docs for using gspread I'm still not able to open even one Google Spreadsheet. I set up a GDrive API service account. It appears that my OAuth2 credentials are working, but I'm still getting constant 'Spreadsheet...
BigDoug
3

votes
1

answer
1.3k

Views

SoundCloud's connect with Facebook not working in iOS

I'm trying to integrate my iOS app with SoundCloud. I've registered an app at 'http://soundcloud.com/you/apps' and got the app ID and secret key in order to compose the auth URL: 'https://soundcloud.com/connect?client_id=da3beb496ca5bd92e2ae39a4bf775cca&redirect_uri=rocksteady://oauth2&response_type...
Anton
3

votes
1

answer
942

Views

Best way to store OAuth token iOS?

I am writing an iOS app that uses Twitch.tv's API to allow my app to access their users content. They use the OAuth 2.0 protocol for authentication. I need to use this access token every time I make a request to access a users info. My question is where should I store it? Should I make a class tha...
MrDiddly
3

votes
1

answer
269

Views

Office365 - Application authentication with no user consent

We've been working with EWS Managed services for a while now, however we would like to transition over to using the RESTful API for Office 365. Is it possible for an application to access all of our users data without their consent? We have an in-house application that we would like to get some O365...
MightyLampshade
3

votes
3

answer
14.6k

Views

Unable to refresh OAuth2 token in PHP, invalid grant

I need to make a PHP script that creates a sigle event on Google Calendar. I had no problems setting up client id, client secret, dev key and creating a new event. My only problem is with OAuth2, in particular I need to make a permanent connection and I do not want to do the authentication everytime...
Roberto Milani
3

votes
1

answer
137

Views

gapi.auth javascript commands are not executed properly

I am trying to follow the sample example from Google's developer tutorial using updated chrome (version 38.0) But seems like the gapi.auth functions never reached to the their callbacks Here is a code example that demonstrate it: Google API Client test here will be the use of Oauth 2.0 googleApiCli...
GyRo
3

votes
1

answer
787

Views

authentication via django social auth and tastypie for a backbone application

I am using client side MVC, which reduces my server to be an API. I use django-tastypie for the API. When I did not have the trouble of calling the api, django-social auth did the trick for me. How do I handle social login/registeration with tastypie?
whatf
3

votes
1

answer
1.7k

Views

OAuth 2.0 multiple scopes (client credentials case)

In an OAuth 2.0 setting, suppose you have an application doing an 'Access Token Request' following the 'Client Credentials Grant' flow. In other words, we have an application A accessing some APIs exposed by other applications; as specified by Oauth 2.0, in this case 'application A' use only its cli...
user1759368
3

votes
0

answer
184

Views

WebApi2 Google OAuth2 middleware error response

For user authentication with external providers such as Google, it is using specific Owin middlewares. As for example Microsoft.Owin.Security.Google. WebAPI2 template uses this to support implicit flow authentication (response_type=token). But what about Code flow? Is it possible to implement Code f...
DasBoot
3

votes
0

answer
220

Views

Refreshing an expired access token after signing in Android application

I have implemented a sign in with Google in my Android application by following Google's guide : https://developers.google.com/identity/sign-in/android/start-integrating I was able to acquire access token, send it to my server , and verify it there using the following URL : https://www.googleapis.co...
user1963855
3

votes
1

answer
134

Views

Is there a secure way to implement a client side code snippet that my customers will embed

My company provide services to other websites. I would like to be able to give them a simple snippet of code to embed in their site (like a widget) that will send a query to the service I'm implementing, receive a response and render the results in the page. I'd like to minimize their effort, and on...
davidrac
3

votes
1

answer
1.2k

Views

trying to list google docs with oauth and gdata objective-c api

I am trying to connect with google docs using oauth 2.0 protocol. I think the connection is OK because I get the access token. After that I want to list the documents. I added the gdata for objective-c api to my project and I followed the examples but I am not getting any doc. I am just trying to re...
user1502091
3

votes
0

answer
750

Views

Spring WebClient with OAuth2 authorization

When integrating with some API behind OAuth authorization using old Spring's RestTemplate I was doing some kind of: ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();resourceDetails.setClientId(oauthClientId); resourceDetails.setClientSecret(oauthClientSecret)...
LukaszS
3

votes
1

answer
98

Views

Which django OpenID library works with new Google OpenID

Since Google deprecated OpenID 2.0 https://developers.google.com/accounts/docs/OpenID2 What django libraries are present which support the new settings? I am trying to add Google OpenID using django_openid_auth (that's on launchpad) and getting a 400 error as response!! What are the additional chang...
Iamcool
3

votes
1

answer
2.4k

Views

ADAL - AcquireTokenSilentAsync fails (Azure Active Directory Authentication Libraries)

I write a new application to access office data through the rest API, therefore i would like to use the new Authentication Model (V2.0 Endpoint) What's different about the v2.0 endpoit I can get a token with a call to private static string[] scopes = { 'https://outlook.office.com/mail.read', 'http...
Manuel Amstutz
3

votes
1

answer
439

Views

where do i modify 'signin-google' in owin security for google redirect url?

Im working on asp mvc 5 with google oauth login, I followed a tutorial installing owin security and set the google redirect url to be localhost/myapp/signin-google, my question is where can i change the localhost/myapp/signin-google to be something else like localhost/myapp/mycallback ? i tried cha...
Kevin Simple
3

votes
1

answer
501

Views

Invalid scope for Youtube API CommentThreads - java

I'm new to Youtube data API and I'm trying to develop a standalone java application on my computer to parse some comments form Youtube videos. The sample code for CommentThreads-list is provided on https://developers.google.com/youtube/v3/docs/commentThreads/list // Sample Java code for user authori...
sam
3

votes
1

answer
890

Views

CORS interfering with Spring Security oauth2

I'm having problems trying to get a token from oauth/token from the browser. I have a Spring Boot application with Spring Security and Spring Security oauth, and I'm trying to authenticate from a javascript SPA in a different port. When CORS is disabled in the backend, I can get tokens from the oaut...
SrThompson
3

votes
1

answer
4.7k

Views

OAuth2 different client authentication methods

I have a web service that acts as a OAuth 1.0a provider. Web applications go through the OAuth 1 workflow to gain access to user resources. So far so good. The client web application has the need to communicate with the service for other needs, to exchange private data NOT linked to a particular use...
Lorenzo Dematté
3

votes
3

answer
1.2k

Views

no such table: social_auth_usersocialauth

I'm trying to develop an Django Application which uses Google API for authentication. Everything seems to work fine, however after login I got this error: no such table: social_auth_usersocialauth and I have no idea how to solve it. Is there anyone who already had this same problem that could help m...
Renan Fonteles
3

votes
2

answer
5.9k

Views

Getting access token with axios

I'm working with the Lyft API, and trying to figure out how to get an access token with axios with a node script. I can manually get an access token by using Postman by filling out the form like this: When I fill out the form, I can get a new token from Lyft successfully. I'm trying to translate th...
Mike
3

votes
2

answer
2k

Views

Which flag for run_flow() will simulate the now deprecated run()

I am trying to authenticate my credentials to access the GMail API. Previously I did this using the run() method from OAuth2, and the code credentials = tools.run(flow, STORAGE, http=http) but this is now a deprecated method. I am now using the run_flow() method to authenticate my credentials. impo...
Stormie
3

votes
1

answer
3.5k

Views

Doorkeeper access token

I'm trying to build up an OAuth2 provider with Doorkeeper and I wanted to test all existing flows, but got stuck at the first attempt. I'm trying to test the authorization code flow. Everything works fine on getting the authorization code, but once I try to get the access token something gets wrong....
Andrea Reginato
3

votes
2

answer
1.6k

Views

OAuth for server side apps

I need to interact with an API that only supports OAuth2. The problem is, I would like to write a purely server side application which should sit there without a GUI polling an API every day. The API gives me the ability to get the application token programatically, but it looks like I need to imple...
3

votes
1

answer
6.8k

Views

YouTube api v3 debug oauth2 access token

I get an oauth2 access token using the following scopes from the user. scope: ['https://www.googleapis.com/auth/youtube'] Then i proceed to use this token for calls to the youtube v3 api. These calls work at first but then I start getting this response/error. { errors: [ { domain: 'global', reason:...
dre
3

votes
1

answer
6.2k

Views

OAuth 2.0 With Web API and Xamarin

I'm rather new to Web development so bear with me. I've developed a backend server in C# (non-web app) that exposes some features via a REST API implemented in Web API (OWIN and Katana). I've developed a Xamarin android app the consumes that API. Now I want to enable the consumption of the API only...
Omri Btian
3

votes
1

answer
1.3k

Views

Handle OAuth 2.0 Authentication - Get token redirect token response in ASP.NET MVC application

I recently started fiddling with OneDrive API which uses OAuth 2.0 authentication / authorization flow. OneDrive API OAuth 2.0 I am trying to follow along the Token Flow to get access token using an ASP.NET MVC Application. The request I make is something similar to the following: GET https://login....
Jsinh
3

votes
1

answer
500

Views

Adding account linking to my Actions on Google app

I created a Actions on Google app with the Actions SDK. For this i used as said before the Actions SDK, firebase function for the fulfillment and firestore for storing data. All works fine. Now i want to implement account linking to provide user specific information. I start to read the full documen...
Lukas W.
3

votes
2

answer
2.3k

Views

Error fetching OAuth2 access token : 500 Error

I am being randomly bugged by the following error message: This occurs when php library tries to obtain the access token line 112. Sometimes my code obtains access token in first try, sometimes I need to refresh the URL containing 'code' as get parameter multiple times before access token is obtai...
vivek.m
3

votes
1

answer
982

Views

Skip authorization page with oAuth 2 and FOSOAuthServerBundle

I've successfully installed and tested the OAuth 2 workflow with Symfony 2 and FOSOAuthServerBundle. I can request a code, and get a pair of access/refresh token successfully from a 'login with' button on a third party test page i've set up and retrieve a user from my API through a custom API call....
Romain Bruckert
3

votes
1

answer
428

Views

How to get Authorization Code from Google Play Services without adding account to device?

On my app, I am able to get Authorisation Code using google play services. The app shows this type of screen to select an account:: For a new account, user can select 'Add account' and enter the email and password. This way, I get the Authorisation code. But I just need the code to be passed to serv...
Abdullah
3

votes
1

answer
7k

Views

Does OAuth 2 use nonce?

I don't see it mentioned anywhere in the 2.0 spec, is nonce not used by OAuth 2 and if not, now does it prevent replay attacks? The 1.0 spec states: 3.3. Nonce and Timestamp The timestamp value MUST be a positive integer. Unless otherwise specified by the server's documentation, the timestamp is exp...
schmoopy
3

votes
1

answer
965

Views

chrome.identity.getAuthToken and refresh token?

I was under the impression that when using chrome.identity.getAuthToken and gapi.auth.authorize({immediate: true...}); the token would be refreshed in the background. But it clearly does not... after 40-50 minutes the GMail token expires, the cached one is used but returns 401, as one can expect. C...
ShadowHunter