Questions tagged [oauth-2.0]

2

votes
1

answer
1k

Views

Controlling expiry of auth token using Azure Active Directory client credential flow

I am using the endpoint /oauth2/token to request (via a HTTP POST) an authentication bearer token from Azure Active Directory. Everything is setup fine within AAD to register the web client which retrieves this token using this flow. A client_id and client_secret (shared symmetric key) is used and I...
retail3r
2

votes
1

answer
5.9k

Views

Google+ api - Key from https://accounts.google.com/o/oauth2/token gives 401 errors

I'm having some trouble with Google+ API OAuth2 tokens. Here is a simple program that gets an OAuth2 access token: HttpClient httpclient = new HttpClient(); PostMethod postMethod = new PostMethod('https://accounts.google.com/o/oauth2/token'); NameValuePair[] data = { new NameValuePair('client_id', '...
Nicholas DiPiazza
2

votes
2

answer
399

Views

What should the Authorization Server do when Resource Owner fails to authenticate him/herself in OAuth 2.0?

I am developing an app and I am trying to save user data to a third-party service. The service allows me to access the users' resources via OAuth. I have finished implementing the OAuth flow and it works as follow (when no error occurs): I redirect the user to the authentication page of the servi...
Teddy Hartanto
2

votes
2

answer
1.1k

Views

The State Parameter in the Google OAuth 2 Process in Java

Please I need a quick help on how to add the 'state' parameter to a authorization request to the Google OAuth 2 service using the Java Client Library. According to the docs, the OAuth provider is said to roundtrip this parameter to keep an application state through the authorzation process. My app n...
Sayo Oladeji
2

votes
1

answer
1k

Views

React Native app - how to use oauth 2.0 and Open ID connect?

I've searched and spent so much time wrapping my head around this. Given a client_id, client_secret, authorization_endpoint, auth URL, token_endpoint and a few other info-- * How do I do connect to get an auth token via ajax call? And when I receive the JWT, how do I parse it? * There are librarie...
Anney
2

votes
2

answer
751

Views

How to Form WebRequest for Multi part Form data and it's Value?

I have the Rest API Url https://www.box.com/api/oauth2/token. To get the Refresh/Access Tokens respectively. When i try this in PostMan (Chrome Extension) Its working fine. Below i have attached the screen shot. Getting the Access Token Reference : https://developers.box.com/oauth/ But the same i t...
RajeshKdev
2

votes
2

answer
257

Views

Doorkeeper - Reject access token request if user not an admin

Using password-grant OAuth-2 flow, If a non-admin user requests an access token with scope: 'admin' I want to be able to reject that from happening - I'm using doorkeeper with devise. Currently any old user can ask for any scope and by default it gets granted. I don't see an obvious hook in doorkee...
cjroebuck
2

votes
2

answer
722

Views

Uber API: Specify multiple scopes while requesting or issuing a token returns Invalid Request Paramenters

I know that the OAuth 2.0 specs allows to specify multiple scopes while requesting or issuing a token, but Uber doesn't like the multiple scopes. For example: 1) [No error] parameters = { 'response_type': 'code', 'redirect_uri': 'INSERT_ROUTE_TO_STEP_TWO', 'scope': 'profile', } Returns correct token...
user3908599
2

votes
1

answer
644

Views

DotnetOpenAuth scopes and claims

I'm building an ASP.NET Web Api with OAuth2 authorization and am working on a application where we've got: Customers Organisations Users A customer has one or more organisations and a user can act for one or more customers. I want to make this logic a part of the scopes and accesstokens. This way...
Jos Vinke
2

votes
1

answer
1.5k

Views

python + appengine + oauth2 + google contacts api

So I am verily confused. Mainly about the 'right' way to have a web app that runs on python app engine that can talk to the user to get them to accept via oauth2 permissions so that my app engine app can read/write to their contacts db. I have something along the lines of this (which is based on the...
Richard Green
2

votes
1

answer
200

Views

OAuth 2 client implementation how to request for new scope?

I am implementing OAuth 2 flow on our client (Android app). The client is our app which communicates with a trusted server. There is no third party here. When user logs in , I uses the client id and secret to get authorization code from the server and eventually I get the access token. I have the a...
Sayooj Valsan
2

votes
0

answer
189

Views

Spring OAuth2 Separate Authorization Token Server and Authentication Server

I am aiming to have the following structure: The UI The Resource Server The Authorization Server The Authentication Server I want the Authorization and Authentication to be done by two separate entities, each running in their own container. Basically, I want to achieve the same thing as in here in t...
Croco
2

votes
1

answer
67

Views

Google API: one authenticated user for all

I need to read/insert events into a specific calendar, using Google API. All registered users (in my app) can read and insert events into the calendar. I don't have to authenticate each user with OAuth 2.0, because the app will not read the user data - only specific account data. I'm a professor and...
Eduardo
2

votes
0

answer
249

Views

Securing a Spring Boot REST service using Oauth2 and Keycloak

I've successfully been able to secure a Spring Boot REST service using the keycloak Spring Boot adaptors and a Keycloak identity provider. However we now wish to attempt the same thing thing without using Keycloak adaptors but using Oauth2 directly. This is so that we can potentially connect to any...
JPD
2

votes
0

answer
738

Views

Exception while spring boot startup : A ServletContext is required to configure default servlet handling

I am trying to implement oauth2 with spring boot but facing below error while spring boot startup. (Reference : link), I have checked on google but did not able to figure it out.Can someone please help me to understand the cause and resolution of this exception. Error Trace org.springframework.beans...
027
2

votes
0

answer
768

Views

Is there a way investigate an “invalid Assertion” received when attempting OAuth 2.0 JWT Bearer Token Flow in Salesforce

I have written a java client as per Salesforce's OAuth JWT Bearer Token Flow but the response is 'Invalid Assertion'. The Certificate I have uploaded to the Salesforce organisation is self-signed and the claim I am sending consists of the client_id (the OAuth connected app's consumer key), the email...
Jason Harris
2

votes
2

answer
2k

Views

Spring oauth2 ver 2.0.7, 404 error on endpoint /oauth/token

I got problem when try to integrate our web app with Spring oauth2 the end point /oauth/token is mapped for both GET and POST method o.s.s.o.p.e.FrameworkEndpointHandlerMapping- Mapped '{[/oauth/token],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}' onto public org.springframe...
Long nh
2

votes
1

answer
273

Views

GET Access token from API (oauth2)

I am very beginner at Python scripting and i have a problem. I am trying to rewrite PHP code to Python to get Access token from API for further use. ##/* Request for access token */ $base_url = 'myurl'; $client_id='1234'; $client_secret='5678'; $client_details = '${client_id}:${client_secret}'; $con...
odrzyja0
2

votes
1

answer
976

Views

How can I use a oauth2 token to create a connection with HTTParty

I am trying to connect to the Basecamp API using HTTParty, I am however getting an issue with authentication. I am getting an error 'HTTP Basic: Access denied', which doesn't make sense when I am trying to do OAuth. The class looks a bit like this (The XXXX comes from other places, but is just har...
Dofs
2

votes
1

answer
810

Views

Authentication and OAuth2 implementation in admin-on-rest

First of all I would like to thank you for the awesome work in admin-or-rest that you have done for this template. I would like to ask if there is an easy workaround in order to implement oauth2 authentication. There is an example on how we can implement a basic JWT Authentication but I cannot figur...
stelioschar
2

votes
1

answer
641

Views

Implicit grant Laravel 5.4 passport unsupported_grant_type error

I have successfully implemented authorization code grant and password grant with passport 2.0 and laravel 5.4. After adding the Passport::enableImplicitGrant(); in AuthServiceProvider.php, I tried implementing the implicit grant with an angular2 app. getImplicitAccessToken() { const headers = new He...
Sarthak Khanal
2

votes
1

answer
814

Views

Laravel passport non-expiring tokens

We're having Laravel with Passport setup for OAuth2, it's working fine in all ways. Does Laravel supports non-expiring bearer tokens? If so, what is the way to have non-expiring bearer tokens? We're using authorisation code grant.
2

votes
1

answer
467

Views

Account linking with actions on google

I am facing an issue regarding account linking in Actions on Google: I am able to authenticate the user and access his email address and username however after this how can I redirect the user back to the google assistant and close the browser where he was authenticated? Any help will be appreciate...
charlie
2

votes
1

answer
146

Views

chrome extension needs offline access from server side

I am building a chrome extension. I used chrome.identity.getAuthToken to get the access_token. This provided me the access_token at the client side ( browser ) . Now I want to pass this access_token to my server. I want to have offline access to granted APIs, I understand that for this I have to e...
Rusty
2

votes
0

answer
24

Views

How to add a header into `AuthenticationKeyGenerator`?

Context: Multiple devices can use the same client credentials and as a result they share tokens, which can lead to race conditions when 2 or more devices try to refresh token. Device identification can be found in headers, so custom AuthenticationKeyGenerator implementation can use device id to gene...
schatten
2

votes
1

answer
264

Views

redirect_uri for a website using oAuth

I am working on an android app using the kivy framework , for which I require using the coursera API described here:https://tech.coursera.org/app-platform/oauth2/ The point of consideration is : An example request (with line breaks and spacing for readability): https://accounts.coursera.org/oauth2/...
ZdaR
2

votes
1

answer
1.9k

Views

Salesforce OAuth 2.0 API: get refresh_token with authorization URL launched in a normal browser

In this page, it is mentioned refresh_token is returned only for callback URLs that do not start with HTTPS or point back to salesforce. https://na5.salesforce.com/help/doc/en/remoteaccess_oauth_user_agent_flow.htm However, in the SF->setup->develop->remote application creation page it takes only UR...
so_mv
2

votes
1

answer
1.5k

Views

Laravel JWT and socialite plugin

I am using Laravel's JWT plugin for user login/authentication. This works fine for my users table: when he specifically registers into my website, entering a password, email etc. In the jwt, i am checking for email(which is unique) and password. I would like to also implement the Laravel's sociali...
harveyslash
2

votes
2

answer
4.2k

Views

OpenID Connect Examples using Multiple Providers? [closed]

I'm trying to figure out how to use the Google OAuth Client Library for Java to authenticate against multiple OpenID connect providers. The example they have here works with Daily Motion. I'd like to see how it works with other providers so I can abstract the differences. Are there any other exampl...
Brad Parks
2

votes
3

answer
1k

Views

What is the most recommended django/oauth package for Facebook and Twitter integration?

I'm looking for a django/oauth project which would allow for open authentication to at least Twitter and Facebook (other services would be a bonus). It appears there was a thread started by TIMEX in Febuary 2010 with a few different package recommendations. Since it has been approximately a year...
johncosta
2

votes
0

answer
170

Views

SSO login in desktop application and its inner web-view

There is a web-site/web-api behind a central authentication server (IdentityServer4) and a desktop application (written with QT) which contains a web-view (Qt WebEngine). The server supports both OpenId and OAuth2. The desktop application communicates with some APIs which needs authentication/author...
Babak
2

votes
1

answer
304

Views

Error in Ionic2 when I clone project from a repository on other computer

I made a project in ionic2. It is a login with google provider. I followed this tutorial. The application works fine in the computer where it was developed. I cloned the project in another computer to work in team. And I ran these commands. npm install ionic serve ionic platform add android ionic ru...
Luisconsi Velasco
2

votes
1

answer
158

Views

Is clearing the token from local storage enough? to create an effect of a session timeout due to inactivity?

I am building an angularjs/web-api application. It uses OAuth token based authentication. I have a requirement to implement a session timeout based on inactivity. I am using ng-idle for the client side to implement the effect. My question is: 1. Is it enough for me to clear the token from local-stor...
blogs4t
2

votes
1

answer
238

Views

serve images from protected folder using Oauth2, angular and yii2 REST

I have project that have to deal with very sensitive images, which shouldn't be accessable for unauthorised users, saved on protected location. I've done this before, for regular http requests, but now I have angular app on frontend with Oauth2 client, and Yii2 powered API on server side. I am wonde...
dzona
2

votes
1

answer
1.3k

Views

Google Drive simple API Access authorization fail

I'm trying to authorize in google using .NET SDK provided, but it failes with 'Invalid credentials' error. I found this answer Google Calendar V3 2 Legged authentication fails but I still don't see where is the mistake. Looks like everything is done as described. Here is my code const string CONSUME...
axe
2

votes
3

answer
3.2k

Views

Google OAuth 2 PHP call to userinfo

I am trying to use Google's OAuth2 API. In their generic documentation, they mention a call called UserInfo: http://code.google.com/apis/accounts/docs/OAuth2Login.html#userinfocall , which would allow me to retrieve user ids, email, name and other basic stuff. However I cannot find it in their PHP c...
Nathan H
2

votes
2

answer
1.8k

Views

Linkedin API oAuth 2.0 REST Query parameters

I'm running into a problem with adding a query to the callback URL. I'm getting an invalid URI scheme error attempting to authorize the following string: https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=75df1ocpxohk88&scope=rw_groups%20w_messages%20r_basicprofile%20r_co...
apoji187
2

votes
1

answer
2.1k

Views

Get a custom claim value from a bearer token with api2.1

Thanks to @leastprivilege I have gotten a lot closer to what I am trying to achieve. I have added some custom values to a claim (none of my own original work!!) After updating the Auth.Startup file public partial class Startup { static Startup() { PublicClientId = 'self'; UserManagerFactory = () =>...
Diver Dan
2

votes
0

answer
45

Views

access_token not present in the passport-github2 request

I have registered an OAuth App via my Github account. I am basically trying to authorize my node requests(by sending access_token as part of request cookies) so I can access few APIs on another server. Hence I am using the github-passport2 package. I have setup the github strategy etc. & it seems to...
Nikhil Nanjappa
2

votes
1

answer
191

Views

OAuth 2.0 access_token renewable

I have an iOS application which connects to different APIs such as the Instagram, Facebook and Twitter API's. I thing you need to do when authenticating via OAuth 2.0 is to get a access_token, which I have. I just have one question, when do I renew it? I have read online that it will last a long tim...
Supertecnoboff