Questions tagged [oauth-2.0]

2

votes
0

answer
608

Views

Node oauth2 server and client credentials in client side

I m actually working with Node-oauth2-server (https://github.com/thomseddon/node-oauth2-server) and I have some questions 1) I m actually using grant_type as password and refresh_token and I have to set client_id and client_secret in the client Side. Is this not a security problem to expose my clien...
mfrachet
2

votes
2

answer
1.9k

Views

Failed To get oauth2 Token via request.GetResponse()

I'm Trying to access Google Data (Contact, Edit profile data, Calendar ... etc) by using GData and OAuth2.0 server side (Check this link), I finished the first step and got the first code, and when try to post a request to get the oauth2_token I always got the error 'The remote server returned an er...
Wael Mansour
2

votes
1

answer
10

Views

Keeping user logged in after refresh/using refresh token with Google OAuth2 in React app

I’m building a React app where a key part of the functionality is a user can sign into their Google account and then access a feed of their most recent Google Drive/Docs mentions and notifications. A user arrives at my site where I load the Google OAuth2 client with my client_id, apiKey, scope and...
Stephen
2

votes
0

answer
26

Views

User management and key share with React +JWT+Express

I have created signup and login page using React+express+JWT+MySQL which is running in one server (8080). This server acts like SSO and is mainly used for authentication. I have a couple of apps(3000,3001,3002) which perform the authorization part (reads JWT from a cookie). Now the question is, what...
2

votes
1

answer
438

Views

Using Facebook iOS SSO for a wrapped web app?

I'm building an iPad optimized html5 web app which I am going to wrap (& distribute) in a native app container. For some social features I'd like to make use of the Facebook SSO and was wondering if I can use the SSO of the Facebook iOS SDK and 'forward' (& use) the access token to my web app. If t...
Sven Koerbitz
2

votes
1

answer
952

Views

Need to get OAuth 'flow' flowing for Google Drive on Python for a stand alone py app

I need to get OAuth2 'flow' for GoogDRIVE working. Previously I have gotten the success token thing to work fine, but I need to have it set up so I don't need to get the token each time, just once would be fine. Here is where I'm at, based on: https://developers.google.com/api-client-library/pytho...
sixD
2

votes
0

answer
707

Views

OAuth2 implicit grant flow from javascript avoiding refresh

At the moment I have a javascript client with a button doing an ajax call to a service, and I'd like to add a token-based security using OAuth. I am trying to implement an Oauth2 authorization server as well. I'm using DotNetOpenAuth and I've been checking the samples. The issue is that I don't see...
dave
2

votes
0

answer
23

Views

How to authenticate digitalocean spaces obejcts

I am using digital ocean spaces to store user files(images, videos, and others). I can access it by using amazon-sdk boto3. Tried using oAuth2 authentication to authenticate the user for accessing the private files, but it seems this is not supported. Please suggest a way, so that I can authenticate...
Krish V
2

votes
1

answer
36

Views

Long term account linking with Google Home

At the moment I'm using OAuth and Google Sign-In for account linking in my app. After this is done an accessToken is sent along with the request to my webhook. But the accessToken is only valid for a hour. For my Application to work correctly and have a smooth user interaction I don't want my users...
Miniflexa
2

votes
0

answer
53

Views

When saving the generated access token in the oauth2_provider_accesstoken model the created and updated timestamp is null

So I have deployed my Django application which serves as a back-end to my Angular 2 web application. Now when I'm authenticating my request it is supposed to generate an access token and save it in the oauth2_provider_accesstoken model. However it throws an integrity error stating that the created a...
Utsav Preet
2

votes
2

answer
151

Views

OneDrive SDK showing empty White window for OAuth

I am coding against the Microsoft.OneDrive.SDK and I have also included the Microsoft.OneDrive.SDK.Authentication. The issue I am having is that I have a console application which opens just a white window where it clearly is prompting me to log in. Code: using System; using System.Threading.Tasks;...
jdave
2

votes
0

answer
33

Views

Lightweight WSO2 ID provided Access Token validation?

How does one validate an OAuth 2.0 access token obtained from a WSO2 Identity Server? More specifically, I am looking for a lightweight alternative that: does not involve direct or indirect SOAP requests (such as using stubs to call an admin service). has a small set of dependencies (in software lib...
Guus
2

votes
0

answer
373

Views

Google App Engine (Python), OAuth2, Service Accounts, User Delegation, Youtube Service

I'm using the Youtube Data API (v3), along with the Python client library on Google App Engine. Here is a simple snippet of code that fails: kwargs = {'prn' : google_oauth_user_email} credentials = SignedJwtAssertionCredentials(google_oauth_email, google_oauth_key, scope=YOUTUBE_SCOPE, **kwargs) ht...
munkey
2

votes
1

answer
286

Views

What are the current steps to write a Google Tasks or Drive App?

After looking thru lots of pages (mostly contradict) I'm not able to write a simple Android app that does connect to Google with OAuth2: I started with this page: https://developers.google.com/google-apps/tasks/oauth-and-tasks-on-android#account I did download the current libs and had to experience...
Harald Wilhelm
2

votes
1

answer
514

Views

OAuth 2.0 google permissions dialog doesnt work properly on WP7

I have wp7 app that should consume Google Latitude API. It requires my app to be authenticated with OAuth 2.0 access token. To archive that I'm using authentication flow for native applications (described here http://code.google.com/apis/accounts/docs/OAuth2.html#IA). When my app navigates to Reques...
Stas Shusha
2

votes
0

answer
201

Views

YoutubePlayerFragment doesn't load age restrict content

I'm trying to load a video using YoutubePlayerFragment but when I load it, a request to sign in to confirm my age appears. Even if I authenticate with Google Play Services and get a token, how can I use it with Youtube Data API 3.0 classes? For example, to initialize a YoutubePlayerFragment you only...
leandrocastelli
2

votes
2

answer
158

Views

Azure bearer authentication with OAuth or certificate?

I'm very new to Azure so I'm sorry if my terminology is a little off. I have inherited a web service which authenticates users using OAuth 2 on Azure. I have been asked to create an application which also accesses the service using using certificates like this. I have implemented the above solution...
JoeS
2

votes
1

answer
436

Views

How to make Firebase work with the new Google SignIn flow? [duplicate]

This question already has an answer here: Firebase and new Google Sign-In on Android 2 answers This is how I construct the google sign in options. Builder builder = new Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestEmail() .requestIdToken([myclientidhere]) From the builder I get the GoogleSi...
Creos
2

votes
0

answer
96

Views

500 errors when trying to refresh Spotify token C#

I keep getting 500 errors when trying to refresh my Spotify token. error: {'error':'server_error'} request: POST https://accounts.spotify.com/api/token HTTP/1.1 Authorization: Basic ZWM.....WI= Host: accounts.spotify.com Content-Length: 170 Expect: 100-continue Connection: Keep-Alive grant_type=refr...
user3742899
2

votes
1

answer
3k

Views

How to get the value of access token in ASP.NET Core MVC OAuth 2.0

In Visual Studio 2017RC I created ASP.NET Core MVC app with individual user accounts and successfully completed https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins tutorial to attach Google authentication. I'm now logged in via my Google account. All I did was a...
Alex
2

votes
1

answer
154

Views

How to detect that the current request is an authentication callback?

I have a single-page JavaScript application and I'm using the Auth0 service for signup/login. I have integrated the Lock widget and I'm saving a string to localStorage after a user is authenticated, like so: lock.on('authenticated', function(authResult) { localStorage.setItem('login', authResult.id...
skunkwerk
2

votes
1

answer
1.2k

Views

How to properly define GAE's oauth2callback?

The Using GAE / Decorators guide tells me that 'you need to add a specific URL handler to your application to handle the redirection from the authorization server back to your application': def main(): application = webapp.WSGIApplication( [ ('/', MainHandler), ('/about', AboutHandler), (decorator.c...
Ronan Jouchet
2

votes
2

answer
2.5k

Views

FOSOAuthServerBundle Create Client

I'm currently trying to setup FOSOAuthServerBundle with my Symfony2 app. Everything seems to be setup and functional, anyway I'm stuck after the installation. What is the proper workflow with URLs to get the access_token ? I tried /oauth/v2/auth, but sounds like I need to define a Client object firs...
Thomas Piard
2

votes
0

answer
83

Views

why the expires_in in access_token use second rather than datetime

Sorry for my bad English. I'm trying to do something with OAuth2. And I found that the paramater 'expires_in' is using second like '5184000' rather than some accurate time like '2017-05-10 22:22:22'. Why they don't use datetime? Is this because of the time format or the time zone problem? I have rea...
Woko
2

votes
0

answer
608

Views

Combining Omniauth login (from one of several external ID providers) with our OAuth2-secured API

I'm refactoring a monolithic Rails app into a pure JSON API with a Backbone.js front end. Other smartphone app front-ends will be following in the near future, and the possibility of opening up the API to the public has been mooted around the office. For that reason I thought I'd do the job properly...
user1475135
2

votes
2

answer
1.4k

Views

Missing token endpoint URI while using a valid access_token

All of a sudden (possibly a gem update?) calling the Google api stopped woking. I was already able to retrieve the gmail threads, but no longer. What I have so far: I am able to retrieve a refresh token for offline access. So I have the refresh and access tokens stored. Great. Now I want to retrieve...
Ben
2

votes
2

answer
378

Views

error while trying to get access token from stackexchange API 2.0 if user not logged in

Here's my problem: I'm trying to get the current users profile url on stackoverflow using the stackexchange 2.0 API. If the user is logged in then everything works fine, the OAuth flow gives me the access token and I can get every info I want. But if the user is not logged in, stackexchange asks the...
zolipapa
2

votes
1

answer
5.8k

Views

Cannot find class [org.springframework.security.oauth2.provider.token.InMemoryTokenStore] for bean with name 'tokenStore'

I am using spring oauth2.. following is my spring-security.xml I am using outh2 version 1.0.0.REALEASE org.springframework.security.oauth spring-security-oauth2 1.0.0.RELEASE But I am getting an exception Following is error trace org.springframework.beans.factory.BeanCreationException: Error creat...
yog
2

votes
1

answer
1.3k

Views

Apache oltu Oauth2 token validation

I need to validate a token generated by a oauth .NET application using Apache oltu code: OAuthClientRequest oAuthRequest = OAuthClientRequest .tokenLocation('https://URL/idp/connect/identitytokenvalidation') .setClientId('CLIENTID') .setGrantType(GrantType.REFRESH_TOK...
Andrea Girardi
2

votes
1

answer
672

Views

how to validate WSO2 oauth2 access token on Resource Server

I am looking for fittings ends to our SSO puzzle. Currently we have an OpenLDAP behind WSO2 Identity Provider. A client (Service Provider) redirects authorization to the IP (OAuth2) and recieves an access_token. All fine. Next step is to validate this token on another Service Provider, in this case...
Raf
2

votes
1

answer
370

Views

When using OAuth, how do you get a user to accept your Terms and Conditions?

When signing a website user up/connecting with Oauth, whether it be Twitter, Google, Facebook etc..., how do you get them to accept your Terms and Conditions? I understand that the user gives consent for Google, or whoever, to use their data but if I or my company has additional T&Cs that need to be...
AndyD
2

votes
0

answer
205

Views

gapi login state not retained in users browser after page refresh

I've dove into a small project aiming to utilize the YouTube API. I've got some basic code in place, that I initially thought was, working properly. Using Chrome, I can login through multiple machines on my own network without any issues using the source below. I've also tethered my machines to my c...
Brandon Silva
2

votes
1

answer
96

Views

Simple active federation from third-party id providers

I have a secure web application that I wish to expose to partners so their clients can capture information directly into a form hosted on my application. The form will be shown in an iframe embedded within the partners web application. The URL of the iframe will point to my application and contain s...
Adrian Hope-Bailie
2

votes
0

answer
779

Views

Retrieve Facebook Data using ASP.Net 4.5 Web Forms

I am trying to use Facebook Authentication on my website which I have built using Visual Studio 2013 .Net framework 4.5 Web Forms (Note: I am not using MVC). Now, I am able to authenticate users via Facebook but after successful login, I want more user information (email, DOB, friends etc) but for...
Ankit Vora
2

votes
2

answer
124

Views

OAuth User Credentials Granting

I'm using the oauth2-server-php module in which you can use the grant=password credential type where it's necessary to use username, password and client_id at least. But in the description it is stated that you only have to use a Username and Password to ask for a token and, in case you are using a...
Patroklo
2

votes
1

answer
4.9k

Views

How do you create a new Google Drive Service in C# using OAuth

I'm trying to write a simple command line application that will upload a file to Google Drive. I'm following along with the steps provided here: https://developers.google.com/drive/web/quickstart/quickstart-cs The sample code they provide doesn't compile, specifically the line: var service = new Dr...
Chris Seltzer
2

votes
1

answer
556

Views

is the Authorization code in OAuth 2 is used only once for the lifetime of the client Application running server?

I am reading this blog on how OAuth2 works. It is an excellent source and I guess I have understood the basics of how OAuth2 works. when reading about Authorization grant, that involves granting access to the Application server (my server) which exchanges the authorization code it received from auth...
brain storm
2

votes
1

answer
2.8k

Views

Why is OAuth a viable technique to prevent CSRF for RESTful APIs?

I have an exact situation with this question: What are some viable techniques for combining csrf protection with RESTful APIs? One answer given talks about using basic authentication with SSL 1 API key per application OAuth I am already convinced about implementing OAuth2.0 where you will have acces...
Kim Stacks
2

votes
0

answer
195

Views

Wordpress oauth2 token is valid when checked from a browser but if called from android app the response is “Oauth2 token is invalid”

I am trying to make a post on my Wordpress blog using an android app. Iam getting the response {'Content':'{\'error\':\'invalid_token\',\'message\':\'The OAuth2 token is invalid.\'}','Message':'Bad Request','Length':-1,'Type':'application\/json'} But when I am using the same token for gettin token i...
Maksym Rzhevskyi
2

votes
1

answer
522

Views

OAuth 2 with spring security and setting the State parameter in the redirect

I am using Spring boot with Spring security, with custom 'Filter' Class calling to CIAM server with OAuth 2 authentication. I want to set explicitly or override the default setting so that I could set custom dynamic STATE parameter in the redirect URL that Spring Security prepares under the hood an...
Boris Gichev