Questions tagged [oauth-2.0]

2

votes
2

answer
728

Views

OAuth 2.0 Life cycle of “code” in Authorization code Grant

Authorization code Grant : I know the code is short lived token exchanged for the real long-lived access token. I have gone through the Oauth 2.0 but could not find this information so asking here: What is the life cycle of code? Is it for only one-time use? How many times can a code be exchanged t...
Suraj
2

votes
1

answer
443

Views

Sharing AccessToken to clients (say browser) is a security concern?

We have a MVC application, in which we are making web api calls from browser to get the data and display it in browser. Since our application is Claims aware, the client need to pass AccessToken in order to access the web api. Since the browser is not a trusted client (server does not have much cont...
Venkat Naidu
2

votes
1

answer
134

Views

Client Authentication in Django rest framework powered App using django-oauth-toolkit

I am creating a project in django for my mobile app. The django project is the API backend for the mobile App. I have created a signup for the user model using django rest framework. The signup API works fine. Now, i want to let only the request from my mobile app to be served. For this i created a...
Prabin Bhandari
2

votes
1

answer
541

Views

OAuth2 newbie - posting to facebook wall from wordpress plugin

I'm really stuck on understanding the steps needed to integrate a plugin i'm building for Wordpress into facebook such that it can post to either the target user's wall or their fan-page wall. Specifically i'm stuck with understanding OAuth2 and how to implement it. I'm no stranger to REST type API...
JamesB
2

votes
1

answer
2k

Views

Can't Query Google Analytics Reports API Using OAuth 2

I am trying to to use the latest version of the Report API using OAuth 2. It doesn't appear that there are many people using this version yet, so it has been really hard to find examples. I have a refresh token, which I am using to generate an access token. private AnalyticsService getAnalyticsServi...
Travis Parks
2

votes
0

answer
146

Views

How to secure google Client ID and Client Secret in Angular2 app?

I'm using google authentication for my angular2 application. I'm using config.js to store google Client ID and Client secret. But the user can get config.js data. I'm looking for a secure way to handling them. Is there anyway to do this?
Sivaprasad derangula
2

votes
0

answer
311

Views

Google oauth with custom URI-scheme redirect_uri using system browsers

Google just changed their oauth model to the new specification: Modernizing OAuth interactions in Native Apps for Better Usability and Security I am trying to follow (specifically section 7 of) the ietf 'draft-ietf-oauth-native-apps-09' linked in the above blog, and also this reference from google:...
meir
2

votes
1

answer
341

Views

provision_key is not coming in kong oauth2

I tried to use kong api manager with oauth2. As per documentation i did api registration in kong and I added oauth2 plugin to that service but provision_key is not came in my response. please help on this http://10.20.0.151:8001/apis/myservice/plugins **Request** : name=oauth2 **Response**: { 'api...
Rajadurai K
2

votes
1

answer
4.8k

Views

Does spring-security 3.1 support spring-security-oauth (for oauth2)? Is there a reference?

I am working with an app that uses spring-security 3.0 and oauth2 using spring-security-oauth-1.0.0.M3. It works fine. But it looks like migrating to spring-security 3.1 will not be trivial. I have been unable to find confirmation that the oauth module is still supported. For example, the oauth t...
Will
2

votes
1

answer
703

Views

Soundcloud: blank page with popup_callback.html when trying to auth using Facebook

I'm going through the OAuth2 flow with my application. The application seems to correctly request https://soundcloud.com/connect, with 'Allow 'app name' access to your Soundcloud account?'. However, if I then try to authenticate using Facebook on this screen, a new, empty page loads with the url: ht...
audiodude
2

votes
1

answer
149

Views

IdentityServer3 OAuth2 LinkedIn external login returning access denied

As of the last week our external LinkedIn provider for login/sign up has stopped working. When a user tries to sign up or login we receive a 'Access Denied' message back from LinkedIn. This is happening when we try to sign up through LinkedIn. I checked on the developer docs and our implementation s...
Leonard
2

votes
0

answer
730

Views

405 Method Not Allowed on AWS deployed application with Spring Boot OAuth2

I have an a application which up until yesterday ran fine both locally and on AWS. Suddenly the application has failed to work when calling /oauth/token on the AWS deployed version of the code - whilst locally the application runs fine without error. Both local and AWS based applications had been ru...
digitalbanana
2

votes
1

answer
702

Views

External Javascript client Authorization for Google Drive upload

I'm developing client application based on Javascript that won't be a Google App. I can create files on Drive but have a problem with a authorization when trying to upload the content. A comment in: Authorization of Google Drive using JavaScript seems to say that the client must be a google App to w...
user1638457
2

votes
1

answer
652

Views

How to set error in AuthenticationTokenCreateContext?

I have to set error in AuthenticationTokenCreateContext. Its possible to set error in OAuthValidateClientAuthenticationContext by using context.SetError(). But in AuthenticationTokenCreateContext there is no context.SetError(). How can i set error in AuthenticationTokenCreateContext?
Karthikeyan
2

votes
1

answer
1k

Views

Get LinkedIn profile from OAuth REST API with PHP

I used this site: http://blog.thewebcafes.com/post/1502524959/php-step-by-step-oauth-for-dummies-based-on to create the following php page:
Helto
2

votes
1

answer
127

Views

GAE, oauth2, and admin users

I currently use the 'Google Accounts API' to allow users to login to my GAE app. So I use users.create_login_url and users.get_current_user and add an ndb.UserProperty to my own user entity so that I can retrieve data for that user. I'm now in the process of switching to oauth2 (using authomatic)....
Jeff O'Neill
2

votes
1

answer
124

Views

Can I use OAuth2 on GDAX Api?

I would like to create an app that is connected to your GDAX account. I saw on GDAX docs that we can connect our account to the api https://docs.gdax.com/#authentication. But that is done manually, you have to go to your own GDAX account https://www.gdax.com/settings/api and generate keys then link...
Charly berthet
2

votes
1

answer
613

Views

asp.net mvc application need access to users google drive account from “service”

Im writing a web-app that gives our customers the possibility to SYNC their files on their personal Google Drive onto OUR bushiness application. (only limited file types). So - what works so far: Users signup to the app, (using OAuth2 and saves a refreshtoken in my end) the user/and my app, have now...
Hulvej
2

votes
2

answer
9.7k

Views

Laravel Single Sign-On

Is there any OpenID implementation on Laravel ? (Provider and Consumer) What I'm trying to do is having One CoreApp acting like an OpenID Provider, and the otherApps as OpenID Consumers so the user can choose between : Login with the CoreApp OpenID system Login with other OpenID Providers (Google, F...
cyberhicham
2

votes
1

answer
345

Views

Google App Engine flask SSL and OAuth2 problems

i'm trying to create flask web application on google app engine python 3 flexible env with oauth2 authentication on custom domain. So, the problems are following : 1)I have added custom domain to my project, and also added SSL to that custom domain. In google cloud console everything seems fine, but...
Igors
2

votes
1

answer
704

Views

Using Spring security oauth, using a custom OAuth provider, I get [authorization_request_not_found], should I handle the callback method myself?

Using Spring Security 5 oauth I successfully ran through the whole authentication/authorization cycle using Google as OAuth provider, but I am stuck if I use an OAuth provider that I made myself, running on a different application. I'm using the following 2 dependencies: org.springframework.security...
2

votes
2

answer
867

Views

NoMethodError in Doorkeeper::AuthorizationsController#new - Doorkeeper

I played around with doorkeeper using different flows. I tries successfully with password flow, client credential flow but with authorization code flow I got the following error: NoMethodError in Doorkeeper::AuthorizationsController#new undefined method `id' for nil:NilClass When I clicked the auth...
channa ly
2

votes
1

answer
2.2k

Views

JWT signature's verification at resource-server side

According to this and this there are two ways to validate the JWT token: Using RemoteTokenServices which basically calls /check_token endpoint of oauth server, retrieves the whole token and compares it Expose public key at oauth server and verify the JWT's signature at resource server At the beginn...
nKognito
2

votes
1

answer
1k

Views

OAuth2 with Twitter API 1.1 “Bad Authentication error”

I am trying to use the Twitter's API (v1.1) through node.js and Oauth2 but I am getting always the same error: Error: { statusCode: 400, data: '{'errors':[{'message':'Bad Authentication data','code':215}]}' } Here is the snippet of code I am using: http://pastie.org/8708152 Which is based on: http:...
htatche
2

votes
1

answer
1k

Views

Desktop application and Secure REST API : OAuth2 vs WSSE?

We need to develop a desktop application (installed on a computer) that need to access to REST API (over HTTP). This REST API must be accessible for authorized users only (registered users). We assume the installed application has access to the system browser. In the future, REST API might be used...
Koryonik
2

votes
0

answer
183

Views

User sign issue in lowest version(android 2.3.6) [closed]

I developed one Android app it's working fine in 4.2.2 but not in 2.3.6 and first of all I'm unable to login in to my app with 2.3.6. I'm using Authentication with Account-manager it returns access token length of 139 characters in case 4.2.2 like. ya29.1.AADtN_Xh_Wg1ffx5MSXzcT9Gk1dgKSLjUTAGc01dEabX...
Bhargav Methuku
2

votes
1

answer
524

Views

Why do i get a GoogleAuthException when i get a authToken if i have logged in with google+?

I have an activity which connects to Google+ and which gets correctly the GoogleApiClient object. After this i should be logged in Google and i need to send an email using GMail Apis, so i need to an authToken string. When i call the GoogleAuthUtil.getToken method i got a GoogleAuthException. How sh...
Francesco Ponzi
2

votes
0

answer
425

Views

Access gmail using imap with XOAUTH2 on production (JAVA)

I implement a IMAP gmail client using Oauth 2.0 that work fine on development mode. I can connect to IMAP, search e-mails, insert labels... but when I deploy my application, throw me an error here: IMAPStore store = OAuth2Authenticator.connectToImap('imap.gmail.com', 993, '[email protected]', oauth, t...
user1454172
2

votes
1

answer
53

Views

OAuth integration error

I have integrated OAuth Framework in the application with the help of cocoa pod as per the information given in this GitHub installation page? I am using Xcode 7.3 and swift 2.2 . When I try to build the app i am getting the following errors: I do not understand why am I getting so many errors.
Ronit
2

votes
1

answer
973

Views

How to protect Oauth2 implicit flow from iframe

I'm using Oauth2 implicit flow to secure Single Page Application & Rest API. If you are unfamiliar with oauth2 implicit flow, quick overview: We are using hidden iframes & little javascript to get access tokens & 'refresh'(actually getting new token, as long as users are logged in the authorization...
beku8
2

votes
2

answer
942

Views

c# Exceptions using Oauth2 with Google Drive API (using 4.0 .Net)

I am using a code example at http://www.daimto.com/google-oauth2-csharp/ which would allow me to connect to the google drive api and get authorized using oauth2. I downloaded the .json file that has my client id and client secret and put it in the \bin\debug output folder (and a few other places ou...
Chester Field
2

votes
1

answer
133

Views

Does Cortana Skill support login with Azure AD B2C account?

Does Cortana Skill support login with Azure AD B2C account? I have created a tenant on azure and done all configuration like setting sign-in or sign-up policy adding new application setting connected service for cortana skill Authorization URL: https://login.microsoftonline.com/tfp/9d380b75-4f64-4...
Andy Lai
2

votes
2

answer
589

Views

Asking for login creadentials during OAuth call with token

Want to implement OAuth Authorization code grant.Using OAuth2 documentation and other online materials, created 2 modules - Started client application and Resource Server - Go to - localhost:8090/getEmployees click Get Employee Info. We are redirected to Resource Owner login page. Enter credentials...
Rida Shaikh
2

votes
0

answer
74

Views

Close popup after receiving access token for oauth2 in php

I am trying to connect to an oauth2 flow of my city, I want the user to be able to get a popup where he can log in and then after we receive an access token the popup should close and the main window should be reloaded (so i can use the token). I am having issues with figuring out how to close the p...
Dennis
2

votes
1

answer
1.2k

Views

Implementing access and refresh token refresh with identityserver3

I'm trying to implement persistent access token usage on the client side and would love to hear about the right way to go about it. Right now I have a wpf application working with an identityserver3 backend using code flow. I use a long lived refresh token. My idea for keeping the access token alive...
Igor Liv
2

votes
0

answer
94

Views

Configurable token lifetimes in Azure Active Directory - Legacy Limitations

We experience issues with OAuth token that expires earlier than default Refresh Token Max Age. Exceptions table specify 12 hours for users that are federated. What if the federation doesn't use AADConnect (aka AADSync) and use no password for authentication but a different authentication factors fro...
Greg Spyra
2

votes
3

answer
656

Views

Google oauth2 get id_token

I am working in client side angularjs.I am try to implement google oauth2. I am getting accesstoken but i need to get id_token. I added app.js , controller.js and html part. I followed this tutorial: http://anandsekar.github.io/oauth2-with-angularjs/ app.js: angular .module('angularoauthexampleApp'...
RSKMR
2

votes
0

answer
312

Views

Set a different custom provider oauth scope depending on user role with devise

I'm providing API users with an OmniAuth strategy according to the doorkeeper docs. It's to allow certain users of the client application write/edit permissions on the APi. The doorkeeper wiki on using scopes says if your client application is requesting an authorization URI, you do something like...
Nona
2

votes
1

answer
1.5k

Views

ResourceServerConfigurerAdapter vs WebSecurityConfigurerAdapter

I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter. I hope someone can tell me the differences between the two configurations because I really get confused in whi...
ZiOS
2

votes
1

answer
228

Views

Library to authenticate user using their Facebook and Google accounts using OAuth on Mono Droid and Mono Touch

I'm very new to Mono Droid and Mono TOuch, but I would like to know if there is any library that allows me to authenticate users of my application using their Facebook and Google accounts? I've seen some examples for the Facebook SDK on 'Mono for Android' and 'Mono Touch' , but since I don't need th...
Julian Suarez