Questions tagged [oauth-2.0]

2

votes
1

answer
35

Views

How can I force Keycloak to use an Authorization header when connecting to an identity provider's token endpoint?

I've configured Keycloak as an identity broker, connecting to a custom OIDC provider that I've created. During the authorization_code flow, Keycloak calls the authorization endpoint to get the code. It then calls the token endpoint of my custom OIDC provider to exchange the code for an auth token....
Mark S
2

votes
1

answer
633

Views

How to test the spring check_token endpoint

The API is using the spring built in /oauth/check_token endpoint to validate the user with the basic auth. I can't seem to come up with any other scenario other than passing the invalid credentials. Are there any other scenarios ?
worrynerd
2

votes
0

answer
332

Views

Spring-boot oauth2 remote server integration test

I've got a problem with integration tests in spring boot which use remote oauth2 server. There is one additional profile called test. Here is the class with oauth2 configuration: @Configuration public class Oauth2serverconf { @Configuration @EnableResourceServer protected static class ResourceServer...
staszek
2

votes
2

answer
569

Views

Writing Pandas DataFrames to Google sheets: no such file or directory .oauth/drive.json

I've been trying to find a way to read and write data between Pandas and Google sheets for a while now. I found the library df2gspread which seems perfect for the job. Been spending a while now trying to get it to work. As instructed, I used the Google API console to create my client secrets file...
Sam Lilienfeld
2

votes
3

answer
8k

Views

Using PHP cURL to POST data on /oauth2/access_token and GET data as jSON

I has follow step on Path API about how to Authentication User. In the tutorial auth process, user is begin to redirect to the following URL and prompt to grant access: https://partner.path.com/oauth2/authenticate?response_type=code&client_id=THE_CLIENT_ID And after that, server will give response a...
Jhonny Jr.
2

votes
1

answer
1.2k

Views

instagram api https redirect uri

I've started working with Instagram's api. As part of this usage, I allow users to authenticate with their instagram account. My problem is the redirect uri. In Instagram's dashboard I must specify only one value for it. However, in my app I might need to handle two cases. One of them being secured...
vondip
2

votes
1

answer
213

Views

Implementing identity and access management backed by Stormpath

We are planning to create an identity and access management system for one of our application and using Stormpath made a lot of sense interms of ROI, given that one of the decision is to have the IAM system abstract the Stormpath, so incase required we can replace it with an alternate(custom or anot...
Somasundaram Sekar
2

votes
3

answer
277

Views

Google OAuth Code Contains Hashtag

In my attempts to get the necessary code so I can generate my refresh token, I ran this URL: https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/drive.file&redirect_uri=--mywebsite--&response_type=code&client_id=--myclientid-- And my received code contains a trailing hash...
Angry Spartan
2

votes
2

answer
366

Views

kid not matching on OAuth 2.0 flow

I'm using Okta for identity management. As the client in authorization flow, I send an authorize request to Okta. This works successfully, and I get a JWT payload. I want to verify the JWT signature, so I make another call to Okta in order to fetch the keys. However, the key ids (kids) do not match...
Magua
2

votes
1

answer
1.2k

Views

Github create token with 2 factor authentication

I am trying to get a authorize a user and get a token back. The user has 2 factor authentication on. This is the code I am tring to use. It will not accept the code I get via SMS. This works if the user does not have 2fa enabled. curl -i -u $user -H 'X-GitHub-OTP: $code' \ -d '{'scopes': [ 'repo' ],...
Cameron White
2

votes
1

answer
1.1k

Views

Google Drive API for iOS: OAuth2.0 with an application-owned account

I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my o...
USS1994
2

votes
1

answer
856

Views

Difference between using oauth access token and login/apikey in bit.ly API

I have to convert long urls to short urls on server side using bit.ly APIs. I was thinking of using some existing PHP libraries to do so like : https://github.com/tijsverkoyen/Bitly/blob/master/bitly.php This API requires login and api key to shorten urls. But after reading the bit.ly API docs, they...
coder
2

votes
0

answer
102

Views

iOS: where should I save clientId and clientSecret in my application?

My requirement is following a.) The client registers to an Authorization Server and receives clientId and clientSecret b.) The app needs to save it since this will be generated once for the app. c.) The app requests AccessToken by supplying clientId and clientSecret and gets accessToken back d.)...
daydreamer
2

votes
1

answer
163

Views

PassportJS: BasicStrategy vs LocalStrategy?

While looking at the many PassportJS examples, I was quite confused about the use of BasicStrategy. Some people use it for username/password authentication, others for clientID/clientSecret authentication, while some people don't use LocalStrategy at all. What would be the correct purpose of BasicSt...
James Game
2

votes
2

answer
883

Views

How to implement token verification via token introspection endpoint in Spring Boot?

We need to implement this endpoint as we have a number of micro services that need to verify the token. According to this link we can use this to return some user details as well as verifying the token. I went through spring documentation but couldn't find anything. How can we implement that so tha...
xbmono
2

votes
0

answer
204

Views

Authentication and Protection of API using Google and OpenID Connect

I am trying to integrate the Google Sign-in mechanism with OpenID Connect into my web application. The app has a Rails frontend just for rendering the web pages and it is connected to a backend written in Erlang. I will use the Google Sign-in Button but I want to centralize the Authentication in the...
albertoblaz
2

votes
1

answer
5.4k

Views

Does ASP.Net MVC6 support OAuth 2 bearer tokens?

I am developing an application using ASP.Net MVC6 and I would like to implement OAuth 2 auth using bearer tokens. I can't find any solid information on whether or not this is possible. Would anyone be able to point me in the right direction?
Alex Justi
2

votes
0

answer
53

Views

Google Analytics displaying data for only 1 user

I am trying to create a page where data about a persons GA account will be displayed. Currently only 1 users data is displayed no matter who is logged in. I dont understand why this is the case because I am using a client ID to authenticate along with oauth2.0. I call getFirstprofileId, however no m...
onebadbaggins
2

votes
1

answer
1.2k

Views

Is impossible to connect with webmaster tools using OAuth 2.0?

I managed to connect via Oauth 2 with Analytics but can not find the way to do it with webmaster tools. I got the 'scope' of webmaster tools at: https://developers.google.com/oauthplayground/ and I'm using the code here: https://code.google.com/p/google-api-php-client/ but I can not work me. If anyo...
user2927792
2

votes
0

answer
881

Views

Fetching gmail inbox using oauth , imap and Authtoken

Hi I'm trying to fetch gmail inbox by IMAP using and the token received from the Android's AccountManager instead of using username and password. I am trying out with the Google's example of SMTP/IMAP with oauth2 http://code.google.com/p/google-mail-oauth2-tools/source/browse/#svn%2Ftrunk%2Fjava%2Fc...
sanjana
2

votes
1

answer
766

Views

WebApi 2 Oauth2 Android client

I want my android app to communicate with an Asp.net WebApi2 secured by Oauth2. All samples I've found only show how it is done for websites. I'm able to get an access token from the '/token' endpoint and I add this token to the http header in the Autorization attribute. However, I always get: 'Auth...
stefan
2

votes
2

answer
100

Views

Identity Server 4 Client Credentials for custom endpoint on token Server

I implemented a token server using Identity Server 4. I added a custom API endpoint to the token server and struggle with the authentication. The custom endpoint is inherited from ControllerBase and has 3 methods (GET, POST, DELETE). I intend to call the custom endpoint from within another API using...
monty
2

votes
0

answer
54

Views

Ionic2 cloud google login with asp.net web api

I am building an ionic2 app and implemented google login flow. Which works fine and i get the token after a success full. How do i use this token to authenticate my project web api Endpoint ( using Oauth for generating the tokens). I am using default asp.net web api project template
user1472619
2

votes
0

answer
219

Views

How to access OAuth2 SSO protected rest resources by using access token and authorization page flow in spring boot

I'm developing a spring boot application which serves both RESTful API and Spring MVC web pages (with thymeleaf template). The web pages and RESTful API are protected by Spring OAuth2 SSO. But when I try to access the RESTful API from Spring RestTemplate in my Java client, I always get the status co...
Jason Wang
2

votes
2

answer
649

Views

Is it possible to implement Oauth 2.0 without javascript?

On my e commerce site I offer my users openid login. All major providers, except facebook offered an openid endpoint this. Facebook only offered oauth 2.0. For that exception I set up an openid endpoint myself, where users can log in using facebooks oauth. In other words, I created an intermediary s...
The Surrican
2

votes
0

answer
454

Views

Google Vision raises a Invalid JWT Signature

I am trying to run the quick start demo by Google Vision APIs on MacOS Sierra. def run_quickstart(): # [START vision_quickstart] import io import os # Imports the Google Cloud client library from google.cloud import vision # Instantiates a client vision_client = vision.Client() # The name of the ima...
Dinal24
2

votes
0

answer
14

Views

How to implement OAuth 2.0 Authorization Code Grant from Single-Page Application?

We have an Angular SPA backed by an ASP.NET Web API that uses the OAuth 2.0 Resource Owner Password Credentials Grant with a Bearer Token for authorisation. The API uses Microsoft.Owin.Security.OAuth to implement OAuth. We're trying to integrate with a third-party application that will use the Autho...
user10998602
2

votes
1

answer
100

Views

Why does Oauth2.0 says, “Client Password in request body not recommended”?

Client authentication of oauth spec indicates the following in section 2.3.1: Including the client credentials in the request-body using the two parameters is NOT RECOMMENDED and SHOULD be limited to clients unable to directly utilize the HTTP Basic authentication scheme (or other password-based HTT...
Kiran
2

votes
2

answer
375

Views

Apigee authentication via stormpath. Is this feasible?

Currently all users of my web application are authenticated against stormpath. From now on, that web application will need to consume a rest api hosted on Apigee. Here start my doubts. Apigee grants access to API through oauth2.0. That's great. However i'd like to know wheter I'll be able to keep th...
blackjack
2

votes
1

answer
447

Views

Freebase oAuth2 Bad Request(400) .Net

I read the tutorial in https://developers.google.com/accounts/docs/OAuth2ServiceAccount and tried using their example but keep getting 400 bad request. this is my code: ClaimSet cs = new ClaimSet() { aud = 'https://www.googleapis.com/oauth2/v3/token', iss = '1070248278615-hoq0meaunarl9hj8t9klg4gqko...
user2051871
2

votes
1

answer
199

Views

Where to enter Facebook login authorized redirect URI?

Where do I enter my Facebook app's authorized redirect URI? In the past this was under 'PRODUCT SETTINGS' for 'Facebook Login'. Now the 'PRODUCT SETTINGS' have changed to 'Settings' and the field for the authorized redirect URI is gone.
2

votes
1

answer
312

Views

Why do my Android app get an Unknown Source Exception requesting short-lived authorization code in Google OAuth 2.0 flow?

We have a project consisting of an android app and a web back-end, and as such it is registered in the Google Console. The Android app is authenticating the user with his Google account (Google OAuth 2.0 flow). We are successful in getting an access token to access the Google APIs. (the scope is: '...
jowi
2

votes
2

answer
185

Views

What will my mobile app that uses 3rd party API do if the private key has been stolen?

My mobile app uses 3rd party API to access some resources. It has a public key and a private key. For each request, I use the private key to do some hash calculating with some specific data and send the result to the server. The server will verify the result with my private key to make sure the requ...
flypen
2

votes
2

answer
266

Views

Adding Authorization Code Grant on top of StormPath

I need to build an OAuth 2.0 provider, and would like to use StormPath to keep identities and to generate access tokens and refresh tokens. However, StormPath does not support Authorization Code Grant. So, I'm considering to implement the Authorization Code Grant on top of StormPath. Is this recomme...
Adi Levin
2

votes
0

answer
474

Views

Get authorization_key in Django OAuth2 API without client_secrent

I'm trying to get OAuth2 working with Django to allow access to an API without having to log in with Django credentials. I'm using django-tastypie for the API and django-oauth2-provider for the OAuth2 authentication. It's all being tied together using this post as a guideline. I've gotten the basic...
cssp
2

votes
1

answer
116

Views

Server Error 404 is returned when trying to get an authorization code from live.com

We have two applications which use OAuth2 authentication to get access to Hotmail. The first application works fine. But in the second application we have an error after entering login/password: Server Error 404 - File or directory not found. The resource you are looking for might have been removed,...
Aleksey
2

votes
2

answer
133

Views

Facebook javascript sdk integration not working properly

I am developing a web app in which I wan't to import contacts from from facebook.. I have tried several times to include javascript for faceboook but it didn't worked for me... Oauth dialog comes reporting an error ... And same facebook app I tried to access on facebook shows auth dialog to access p...
Swapnil Godambe
2

votes
1

answer
1.1k

Views

Facebook login using artdarek/oauth-4 returns blank

I am attempting to setup facebook login using the artdarek/oauth-4 package. The redirect just returns a blank page with the following url: https://www.facebook.com/dialog/oauth?type=web_server&client_id=1423706434575595&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2FcontractorSherpa%2Fpublic%2Ffacebo...
retrograde
2

votes
2

answer
406

Views

FIWARE OAuth2 Authentication in Node JS

I'm trying to authenticate users in Fiware from Node JS. I've created a server code that calls Oauth2 and when running it, it redirect you to fiware page, but when logging in Fiware shows nothing, and then when checking /user_info page it gives access token is null here is my config.js: $ var confi...
user3260891
2

votes
2

answer
392

Views

OAuth providers that return an email address

I'm just getting started setting up OAuth authentication in Ruby on Rails using Devise and so far have successfully setup Yahoo, Google and Facebook sign-in. My goal is to provide one-click registration, so I need the providers to return an email address and was disappointed to learn that Twitter an...
Paul