Questions tagged [oauth-2.0]

2

votes
0

answer
601

Views

Symfony2 RESTApi authentication architecture

i'm planning on building Single Page Applications with Polymer and Angular. As a Symfony2 developer i searched for a bundle that provides me with a json token authentication feature for my RESTApi. So i found this two bundles: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle and https://gith...
2

votes
1

answer
2k

Views

Spring boot 2.0.3 + Security + Oauth2 autoconfigure

Spring boot 2.0.3 + Security + Oauth2 autoconfigure I'm working with OAuth2 and microservices, I've created a microservice to generate the authorization tokens and another microservice as a client. Generation of tokens is working, but when I try to use this generated token on the client service to a...
2

votes
1

answer
2.5k

Views

How can I get a user access token for a specific facebook test user?

According to Facebook Devlopers: Test Users, I can list the test users of my facebook app by making a request to https://graph.facebook.com/APP_ID/accounts/test-users?access_token=APP_ACCESS_TOKEN. The response includes a valid user access token for each user. How can I get a valid user access token...
Oswald
2

votes
1

answer
903

Views

Client side OAuth with google calendar api using React frontend and Rails backend

So I'm trying to do google oauth to get a refresh token for my users (not actually using google oauth to save the user). I had everything working when I used the client side OAuth for google api but they don't provide a refresh token when you do that handshake, only an access_token. I need a persist...
spencercdixon
2

votes
1

answer
4.4k

Views

IDX10503: Signature validation failed

I getting the following error with a valid token after the application re-start or publish IDX10503: Signature validation failed. Keys tried: 'System.IdentityModel.Tokens.RsaSecurityKey Exceptions caught: token: '{'typ':'JWT','alg':'RS256','kid':null}.{'unique_name':'[email protected]','iss':'XXXXXX','...
Son_of_Sam
2

votes
0

answer
289

Views

google-oauth : Invalid grant error

I'm new using oauth 2.0, so I followed the tutorial from google to access Analytics using oauth 2.0 I created an OAuth client in the google developers console and I used this code to access analytics: httpTransport = GoogleNetHttpTransport.newTrustedTransport(); dataStoreFactory = new FileDataStore...
Diego Roa
2

votes
0

answer
441

Views

Client app authorization for AWS API Gateway

I'm trying to figure out the best way to deploy an API in Amazon API Gateway. I'm getting totally confused about the appropriate authorization to use. The API will be used by our customers for their own custom developed apps. We don't need to provide end user authentication. This will be handled on...
user1751825
2

votes
1

answer
918

Views

Spring Security OAuth2 correct Authorization Manager

I try to configure Spring Security OAuth2. I have to authentication manager: clientAuthenticationManager and authManager. If I understand correctly clientAuthenticationManager is used to client authorization (by client id and client secret) and authManager is used to user authorization (by user log...
kuba44
2

votes
1

answer
1.2k

Views

How to silently refresh expired JWT token with OAuth2?

We have decided to switch from Hazelcast shared session to Stateless JWT authentication/authorization with OAuth2 and found out a problem that doesnt fit our infrastructure described below. So we have multiple Self-contained systems (scs) that may be accessed by direct link i.e. mysite.com/scs1 and...
aalekseyev
2

votes
2

answer
536

Views

How is OAuth 2.0 “Implicit Flow” better than “Resource Owner Password”?

I am just getting started with IdentityServer4 and working my way through different tutorials and articles. I understand that there are different flows for different architectures. I build mostly Single Page Apps (with Angular). As far as I've understood it I have basically two options to authentica...
Wolfgang
2

votes
0

answer
132

Views

GoogleIdToken-Sub and OpenID values are the same

I'm using google-oauth2 authentication workflow in my app which supports login with google accounts. My question is when I get the ID-Token from google it returns the same OpenID(2.0) value as the Sub. Is that the expected behaviour or is it due to some issue with the authentication-request/workfl...
Bhanuka Withana
2

votes
1

answer
477

Views

Function isAssignableFrom returns false during server startup

Implementing an oauth2 system, I am having some problems with the following code: import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping; import org.springframework.web.servlet.HandlerMapping; ... HandlerMapping.class.isAssignableFrom(FrameworkEndpointHandlerMap...
Laurent
2

votes
0

answer
376

Views

Linkedin Unsupported POST target

I have virtual host in my computer, project for symfony http://aog.local/app_dev.php and I create path http://aog.local/app_dev.php/auth/linkedin for linkedin connection but today its not work, I start dump($response->getResponse()) and I have: LinkedinProvider.php on line 24: array:5 [ 'errorCode'...
shuba.ivan
2

votes
4

answer
5.2k

Views

Whats the expiry time of Facebook access token fetched for the first time

Few days back I was trying to refresh access token and observed for 'Web' type of app the initial access token expiry time is around 2 hrs and for 'native/desktop' type app its 25 hrs. But since today morning I am seeing that for native/desktop type app the initial access token expiry time is 60 day...
Manasij Sur Roy
2

votes
1

answer
1.3k

Views

How to sign HTTP requests with user credentials for mobile app and backend server communication?

We have a pretty standard scenario - a mobile app communication with a backend PHP server API via HTTP POST and GET. A user must login in mobile app in order to do anything, so every request from mobile app to our server needs to be signed with user credentials. Userid and password are saved in mob...
Centurion
2

votes
0

answer
52

Views

Soundcloud: What Is going wrong with this Oauth2 request?

I have been trying to using oauth2 authentication with an api key. i'm tracing out every step of the way. Its successfully getting a token, but then giving a 401 error when I try to access https://api.soundcloud/me. oauth2.RoundTrip: credentials found map[ access_token:1-156891-51311-fec80e6e640f4...
user1756872
2

votes
1

answer
1.1k

Views

Is there a library for OAuth 2 in VB

I'm trying to implement OAuth 2 connectivity for an old site that's implemented in ASP over IIS 6 with VB (not VB.net) I tried to find a library that implements OAuth 2 and could not find one. Is there such a library? If not, what are my options? Sorry if the question is trivial, I'm new to VB...
davidrac
2

votes
1

answer
1.6k

Views

Error 401 Unauthorized. How to Use the same token for different Urls?

In ASP.Net Identity using Oauth2 a token is created once the user is authenticated posting User and Password. Before making a call to an action from one API, the user must ask for a token: http://mysite/auth/token Once the token is received, all Web Api calls can be done, sending the Authorization:...
Xavier Egea
2

votes
1

answer
930

Views

Azure B2C Access Token NULL Spring OAuth 2.0

I am trying to get a custom web application to work with Azure B2C OAuth and the Spring OAuth2.0 framework. The authentication leg comes back fine and I receive a JWT token. When the request for a token occurs afterwards I get the following error: java.lang.IllegalStateException: Access token provid...
Byron
2

votes
1

answer
3k

Views

google oauth fails fetching redirect url

I'm using Google OAuth2 client-side to authorize a web-app (Liferay Portlet) to use the Calendar Service. On my Development Server, the whole flow completes successfully: I start creating a GoogleAuthorizationCodeRequestUrl Using com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiv...
yannicuLar
2

votes
1

answer
4.9k

Views

ValidationError: Validation failed mongoose

Hello I am trying to connect Node.js with Facebook. I am following this blog entry. Can someone help me? I am gettin this error: ValidationError: Validation failed at model.Document.invalidate (/Users/me/node_modules/mongoose/lib/document.js:1009:32) at /Users/me/node_modules/mongoose/lib/doc...
Tony
2

votes
1

answer
3.8k

Views

laravel passport doesnt support authorization grant type?

I am having an issue using the authorization grant in laravel/passport. I usually get this error: {'error':'unsupported_grant_type','message':'The authorization grant type is not supported by the authorization server.','hint':'Check the grant_type parameter'} First of all it takes me to login page,...
dasersoft
2

votes
3

answer
1.7k

Views

Authenticating a mobile application with JWT and refresh tokens

Currently I'm starting to pulling my hairs out on this. I've done some researching the past days and it seems that I do not get quite the point how to achieve the following: I'm currently building a an API in Rails with a mobile application as the client. The mobile application can be either iOS or...
Ben Lime
2

votes
1

answer
39

Views

How can I refresh an OAuth2 token? Do I need to wait for the token to Expire? (Patreon API)

I'm trying out OAuth using Patreon's api. I've very new to the OAuth process and had been using Patreon's Javascript Package to help manage the request for me. NPM: https://www.npmjs.com/package/patreon Patreon Documentation: https://docs.patreon.com/#introduction So far I've been able to successfu...
Jonathan002
2

votes
1

answer
2.1k

Views

Chrome Custom Tabs, deep linking with Oauth2

Hi I'm using Google Chrome Custom Tabs for a project and I have a few issues with deep linking. I need to authenticate the users through a oauth2 process using chrome custom tabs. The user is sent to the authentication form then types is login/password. Then it is redirected to a url like myapp://s...
Jejefcgb
2

votes
1

answer
773

Views

OAuth redirect URI alternatives for non-web applications?

What would be the best way to handle redirect URIs for OAuth authentication? In a few projects, I used to boot up a web server that would wait for the authentication to be sent back. Is there any way to trigger any type of code without a local web server, or is it the recommended way? I'm not asking...
Molnár Márk
2

votes
0

answer
51

Views

OAuth Dribbble with Firebase Functions gives 'invalid_grant' error constantly

I'm currently trying to OAuth with Dribbble. I'm using Angular 4 with Firebase Functions/Google Cloud Functions as a backend. I've tried various different methods, spent over 12 hours on this and nothing seems to be working for me. I'm not very experienced with OAuthing, so I can't tell if this is a...
cssun25
2

votes
1

answer
1.2k

Views

How do I handle OAuth refresh token?

When I authorize on my OAuth server it returns me access / refresh tokens: access_token: 'ZjJlMGM2MDcxNDg5MDQ1NzA4ZjkyNzRiOTIwM2E5MWI4N2M0MWU0ZD...' expires_in: 3600 refresh_token: 'NWZjMzQ3YjNjMmY5YTEzYzMxMDYzNGVhNzRiNjAxZTdmZTdjNzE3z...' scope: null token_type: 'bearer' How do I use them in my cli...
pleerock
2

votes
1

answer
236

Views

Implementing OAuth 2 in a multi-tenant application using dynamic scopes

I'm currently trying to migrate a multi-tenant system from a 'custom' authentication and authorization implementation to OAuth2. The multi-tenancy model is very similar to GitHub's structure, so I'm going to use it as the main example. Let's assume that in the application we have users, repositories...
razvanz
2

votes
1

answer
160

Views

Office365 Rest API 401 “The audience claim value is invalid”

I have a microsoft token that is able to be refreshed successfully, yet when I try to make a basic call that is within one of the scopes authorized, I get a 401. The call is: https://outlook.office365.com/api/v2.0/me and here is the detail back from the server: https://outlook.office365.com/api/v2.0...
BryanP
2

votes
0

answer
362

Views

OAuth2 dance with Spring Security

I am newbie to OAuth2 and understood its implementation theoretically very well. I followed this link to handle OAuth2 callback URL Build Authorization Callback Handler. But i am using Spring Security in my project, so i don't have to do much work myself. I am using salesforce API. Whenever there is...
Jibran
2

votes
1

answer
3.9k

Views

Google Oauth2: Error refreshing the OAuth2 token, message: '{ “error” : “invalid_grant” }'

I have the following code running on my localhost to try and authenticate with Google Oauth2. After authenticating, it appears to work for a while. Then after a certain amount of time I'm getting this classic error: Error refreshing the OAuth2 token, message: '{ 'error' : 'invalid_grant' }' I've loo...
Dean
2

votes
1

answer
405

Views

What is Redirect URI in Youtube API?

I'm creating a personal python script to upload videos. What is the redirect API I should be using?
Vaish MK
2

votes
0

answer
258

Views

Allowing anonymous users to upload to a specific Imgur account using Imgur api?

I'm trying to build a web application which will allow many users to upload images to the same album on my own Imgur account. Is this possible without the need for authorization from the anonymous user? From the Api documentation on OAuth2 https://api.imgur.com/oauth2 it basically states the user ge...
Sakuya
2

votes
1

answer
560

Views

What is the equivalent of UseOAuthBearerAuthentication in an ASP.NET Core 2 application?

I am upgrading a resource server that accepts access tokens from our oAuth server. In .NET 4.7, I had a startup configuration that looked like this: appBuilder.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); When I add the Nuget Package 'Microsoft.Owin.Security.OAuth', I get a...
Joshua Belden
2

votes
1

answer
541

Views

Can I write to Google Sheet via Google Sheets API without Oauth, using developer key?

I am working on an app that reads and updates values in a Google Spreadsheet using Google Sheets API. I am able to read using my developer key, however attempting to write returns this error: 'Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other...
Karolis Kosas
2

votes
0

answer
1.2k

Views

angular-oauth2-oidc is not setting access_token

I was following the getting-started guide for the angular-oauth2-oidc library, but the only thing it stores is the nonce value, the access_token doesn't appear anywhere. This is the configuration I have for AuthConfig. export const AUTHCONFIG: AuthConfig = { loginUrl: 'https://login.microsoftonline....
Otto Cheley
2

votes
1

answer
1.9k

Views

How to Customize JWT token validation in oAuth 2.0 / owin?

I am trying to validate a JWT using oAuth 2.0 middleware. I tried using a custom Provider in my Startup.cs class : public class Startup { public void Configuration(IAppBuilder app) { HttpConfiguration config = new HttpConfiguration(); // Web API routes config.MapHttpAttributeRoutes(); ConfigureOAuth...
vjcj 99
2

votes
1

answer
212

Views

Security implications of using Self-Issued Providers in OpenID Connect

Are there any major security drawbacks to using Self-Issued Providers with OpenID Connect? (And the Implicit flow that those imply/require?) As opposed to, say, using Dynamic Client Registration? We're working on a project that requires decentralized cross-domain authentication, where server/client...
Dmitri Zagidulin
2

votes
1

answer
1.9k

Views

Spring OAuth2 XML configuration for Client and Resource Server [closed]

Can any one help me with a very basic configuration in XML to act my spring application as OAuth2/OIDC Resource serer and as well as cilent. What I have? A Spring Web MVC application with Spring Secuirity LDAP authentication. What I want to achieve? If user tries to access any resource(e.g. index.ht...
Agam