Questions tagged [oauth-2.0]

17

votes
3

answer
2.8k

Views

OAuth 2.0 provider implementation for Scala/Lift

Does anyone know of a OAuth 2.0 provider (server side) implementation for Scala/Lift? I see Scala 2.0 client, but no provider.
user312728
17

votes
2

answer
5.4k

Views

Play Framework appending #_=_ to redirect after Facebook auth via OAuth2?

I'm doing a simple redirect after calling OAuth2::retrieveAccessToken() with Play Framework. I'm having funny characters appended to the URL that I never put there, so the end result looks as follows: http://localhost:9000/#_=_ Where on earth does the #_=_ come from? Here's my route definition from...
josef.van.niekerk
17

votes
4

answer
8.3k

Views

Using Oauth tickets across several services?

I currently have a pair of OWIN-based services that each use OAuth authentication against the same set of users. I intend to isolate the authorisation server (i.e. The token endpoint) and somehow configure both of my services to accept this token. I assume this would involve some configuration of al...
Barguast
17

votes
1

answer
13.6k

Views

Spring security oauth2 and form login configuration

My project consists exposes two different parts, a JSF admin panel and a RESTfull service. I am trying to setup spring security to use different authentication methods depending on the URL the user navigates. The requirements are Users navigating to the JSF page get a login screen where they authent...
maxsap
17

votes
1

answer
7k

Views

Difference between OAuth 2.0 “state” and OpenID “nonce” parameter? Why state could not be reused?

OAuth 2.0 defines 'state' parameter to be sent in request by client to prevent cross-site request attacks. Same is mentioned in OpenID spec for 'nonce'. Apart from the fact that 'nonce' is returned in ID token instead of query parameters, they appear to serve the exact same purpose. If someone can e...
dvsakgec
16

votes
2

answer
19.9k

Views

Why is there 3-legged OAuth2 when 2-legged works so well?

2-legged OAuth2 is used for Browser based app, where no client credential can be hidden from public. 3-legged OAuth2 is used by 'Web Server Apps' where there's a third call between servers. All well described here. The question: Why bother with 3-legs, when 2-legs seems to be fine? It's more work b...
Aron Woost
15

votes
2

answer
13.5k

Views

Is anyone using node.js with an OAuth2.0 authentication system? [closed]

Is there an OAuth2.0 library for Node.js, which is being used (or planned to be used) in a live, production system?
blueberryfields
15

votes
0

answer
1k

Views

Is there a deauthorize callback for Google OAuth2?

My PHP app allows user sign in via both Facebook and Google which work great, but I'd also like to know when a user revokes/deauthorizes access. For Facebook, it's easy to specify a deauthorization callback URL under Advanced Settings which will be called by Facebook with the user's Facebook ID. Fo...
ScottyB
15

votes
3

answer
21.2k

Views

OAuth 2.0 access token has expired, and a refresh token is not available

I have a web based application which use Google OAuth2.0 as the login framework. It works nicely previously until yesterday. The applcation couldn't get the refresh token after the access token expired. Besides that, the 'Request for permission' page had change to 'Have offline access' instead of 'K...
CK Tan
15

votes
1

answer
7.7k

Views

Customize SpringSecurity OAuth 2 Error Output (unauthorized)

We secure our REST services (for server to server communication, no user involved) with Spring Security OAuth2. However when one tries to access a protected resource in a browser, it will show: An Authentication object was not found in the SecurityContext unauthorized We want this to be a custom pag...
Pete
15

votes
4

answer
16.3k

Views

JSON Web Token expiration

On most of the JWT (JSON Web Token) tutorial (e.g: this and this) are saying, once validated you can use the incoming token to get client information without validating it from the DB. My question is, how invalid user situation is maintained then? What I mean is, lets say a client just got a JWT tok...
Jahid Shohel
15

votes
2

answer
7.1k

Views

Spring Oauth2. Password encoder is not set in DaoAuthenticationProvider

I'm quite new to Spring Oauth and Spring Security. I'm trying to use the client_credentials flow in my project. For now i managed to user my own CustomDetailsService in order to fetch client_id and password (secret) from a database that already exists in my system. The only problem is that I cannot...
gajos
15

votes
3

answer
7.5k

Views

Rails Google Client API - unable to exchange a refresh token for access token

After struggling with some SSL issues on my machine, I'm still trying to access a user's Blogger account through the Google Ruby Client API. I'm using the following: Rails 3.2.3 Ruby 1.9.3 oauth2 (0.8.0) omniauth (1.1.1) omniauth-google-oauth2 (0.1.13) google-api-client (0.4.6) I can successfully a...
cerrina
15

votes
2

answer
17.8k

Views

How to renew the access token using the refresh token?

I am using ASP.NET MVC 5 with OWIN. I have done a lot of research and haven't found how to renew the access token using the refresh token. My scenario is: The first time the user accesses my app, he or she grants access to the account I read the refresh token returned from the API. When the users co...
Marco Alves
15

votes
1

answer
14.4k

Views

How to get access token from GoogleCredential?

I am trying to get an access token to use the Google Play Android Developer API, and I got this far using the Google API Java Client documentation example: HttpTransport HTTP_TRANSPORT = new NetHttpTransport(); JsonFactory JSON_FACTORY = new JacksonFactory(); GoogleCredential credential = new Google...
Kalina
15

votes
4

answer
747

Views

Are refresh tokens necessary for online applications

Per Google's docs it would seem refresh tokens are only necessary for offline applications (applications that may run into an expired access token when the user isn't around). Access tokens periodically expire. You can refresh an access token without prompting the user for permission (including when...
Pace
15

votes
2

answer
1.8k

Views

Android Firebase Rest API Authentication

I'm currently developing an app using Firebase Realtime database, however I've opted to omit using the SDK to retrieve data from the db. The reason being I don't want my code to be so closely tied with FireBase as once the app is built the api itself will be moving to a custom rest based api. I've...
crazyfool
15

votes
4

answer
16.7k

Views

Facebook access token: server-side vs client-side flows

Facebook docs: Facebook Platform supports two different OAuth 2.0 flows for user login: server-side (known as the authentication code flow in the specification) and client-side (known as the implicit flow). The server-side flow is used whenever you need to call the Graph API from your web server. Th...
alexey
15

votes
1

answer
6.2k

Views

How to handle refresh tokens in golang/oauth2 client lib

There are few examples of using https://github.com/golang/oauth2 but none of them covers usage of refresh tokens. I've tried few approaches, but i'm still unsatisfied with my results. Is there any example code, or maybe you know some project at Github using oauth2 lib to take as example?
Andrew
15

votes
11

answer
6.8k

Views

Fatal error: Uncaught CurlException: 7: couldn't connect to host thrown in …src/base_facebook.php on line 887

I'm trying to develop a sample facebook php login example following the example here I've hosted my app here, but I'm getting the error message in the question whenever I try to access the link. Here's the code segment that throws the error try { $e = new FacebookApiException(array(// LINE 887 'erro...
KodeSeeker
15

votes
1

answer
3.3k

Views

Could not import 'oauth2_provider.ext.rest_framework.OAuth2Authentication' for API setting 'DEFAULT_AUTHENTICATION_CLASSES'

It's the first time I work with django rest and Django Oauth toolkit I'm following this tutorial oauth2-with-django-rest-framework But when I run python manage.py migrate I get the following error: ImportError: Could not import 'oauth2_provider.ext.rest_framework.OAuth2Authentication' for API setti...
Akamee
15

votes
3

answer
29.7k

Views

Adding additional logic to Bearer authorization

I am attempting to implement OWIN bearer token authorization, and based on this article. However, there's one additional piece of information I need in bearer token that I don't know how to implement. In my application, I need to deduce from the bearer token user information (say userid). This is im...
Echiban
15

votes
3

answer
14.9k

Views

Google API Oauth php permanent access

I am using the google Calendar API. This is what I want, once you give the app the permission, I can always use the app, without the need of giving access everyday. I keep hearing that I need to save the access token or use the refresh token to do what I want to do.. Here is the thing, how do you do...
hope_industries
15

votes
4

answer
5k

Views

OpenID Connect - how to handle single logout

I'm investigating the use of OpenID connect as the SSO protocol for our enterprise applications (that are consumer facing). In general most aspects of it align with our needs, except for its ability to handle single logout and am hoping for some guidance on this. I've had a chance to review the lat...
Peter
15

votes
3

answer
4.9k

Views

Unable to retrieve post data using ,@Context HttpServletRequest when passed to OAuthTokenRequest using Oltu

I'm using Oltu for Oauth2. When using @Context HttpServletRequest request I am unable to retrieve post data When I am using @FormParam I am able to retrieve post data. On passing request to OAuthTokenRequest OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request); I am getting following err...
15

votes
2

answer
11.2k

Views

OAuth2 and DotNetOpenAuth - implementing Google custom client

I'm having an issue implementing custom OAuth2Client for google using DotNetOpenAuth and MVC4. I've got to the point where I can successfully make the authorization request to the google endpoint https://accounts.google.com/o/oauth2/auth and Google asks if the user will allow my application access t...
soupy1976
15

votes
2

answer
6.5k

Views

Proper android Oauth2 library / framework [closed]

I've been searching day and night now for a proper OAuth2 library to use for my android app. I came across many, including apache amber (formally leeloo) and the android developer specified one (http://developer.android.com/training/id-auth/authenticate.html) which seems to be deceperated. Yet none...
Gooey
15

votes
1

answer
1k

Views

Error 500 with authorization while consuming OAuth2 RESTful service through C#

My current job is to consume a RESTful API with OAuth2. Currently I worked out how to get the access token and it is working ok while I use the chrome extension Rest Console, but when I try to do it from my application I always get the error that I am sending an invalid OAuth request. Below you can...
user2227904
15

votes
1

answer
2.2k

Views

What is the best way to perform OAuth2 authentication using akka-http?

Akka HTTP and Spray provide an authenticateOAuth2 directive, but their documentation states that This directive does not implement the complete OAuth2 protocol, but instead enables implementing it, by extracting the needed token from the HTTP headers. I also cannot find any libraries that implement...
Daniel Li
15

votes
3

answer
16k

Views

how refresh token should be saved

I'm trying to add authentication feature to my application. The authentication server implements oauth 2.0 I'm not sure how to save the refresh_token. I want to save it to a file, so next time when the application starts and there is a refresh_token available, it can ask for a new access_token. The...
Bill Yan
15

votes
3

answer
25k

Views

Browser test tool for OAuth2 “Client Credentials Flow”

Till now, the REST API application we've been developing has used a simple api key passed in as a URL parameter, but we've just switched to using the OAuth2 Client Credentials Flow. This is the simple workflow in which a client POSTs a key and secret via basic authentication and receives an expiring...
David Moles
15

votes
4

answer
902

Views

Using Google OAuth 2 on embedded Android-based device

We have an application for embedded Android-based device, it uses WebView and inside it we use Google OAuth 2 to login to the app. Unfortunately Google will soon block OAuth 2 inside WebView, and we have lots of restrictions: The device doesn't have Google Services installed, so probably no 'officia...
iirekm
15

votes
1

answer
14.9k

Views

How to get Google OAuth 2.0 Access token directly using curl? (without using Google Libraries)

I'm trying to follow this tutorial to authenticate with Google using their OAuth 2.0 API. However, I would like to make straight curl calls rather than use their libraries. I have obtained my Client ID and Client Secret Key. Now I'm trying to get the access token like this: curl \ --request POST \...
Saqib Ali
15

votes
5

answer
16k

Views

How do I use a Service Account to Access the Google Analytics API V3 with .NET C#?

I realized this question has been previously asked but with little in the way of example code, so I am asking again but with at least a little bit of direction. After hours of searching, I have come up with the following partial implementation. namespace GoogleAnalyticsAPITest.Console { using System...
Richard Collette
15

votes
1

answer
5.4k

Views

OAuth2 Resource Owner Password Credentials flow

Does the OAuth2 Resource Owner Password Credentials flow only need the following informations for authentication: grant_type: password username: [email protected] password: test Or does it need also the client_id and client_secret? I ask, because I want to use Ember-Simple-Auth together with Doorkeeper....
kunerd
14

votes
3

answer
14k

Views

Authentication using OAuth in Web API

I'm working on a project using ASP.Net MVC5 which also includes a Web API. The API will be for internal use only. I'm using the OWIN library to provider authentication. I'm having a difficult time figuring out how to correctly implement authentication through the API. I was planning on using OAuth 2...
sgtfrankieboy
14

votes
3

answer
8.2k

Views

What's the purpose of the client secret in OAuth2?

I have an app that offers an API. This app is an OAuth2 provider. I want to access this API (read & write) with a client-side only app. I'm using JSO to make this easier. It works great. The thing is, I don't have to enter my client secret (of the application I registered in my app) anywhere. And I...
Robin
14

votes
2

answer
5.8k

Views

ASP.NET MVC 5 and WebApi 2 Authentication

I recently built an MVC 5 Web Site as a front end protoype and used Individual Accounts for authentication. I now need to build a WebApi2 backend that will serve this website as well as an iPhone app, and multiple other clients. I am confused regarding authentication with the MVC site and WebApi. I...
narciero
14

votes
1

answer
32.2k

Views

How to write OAuth2 Web API Client in Asp.net MVC

We have developed a set of Web APIs (REST) which are protected by an Authorization server. The Authorization server has issued the client id and client secret. These can be used to obtain an access token. A valid token can be used on subsequent calls to resource servers (REST APIs). I want to write...
TejSoft
14

votes
1

answer
21.7k

Views

Is there a simple OAuth2 client for php? [closed]

I'm looking for a simple OAuth2 client in php. I tried (https://github.com/adoy/PHP-OAuth2), its complex, in fact most of the clients that I checked are complex.
AH.