Questions tagged [oauth-2.0]

2

votes
2

answer
1.6k

Views

Improve login experience by using google-api-java-client + OAuth 2.0 (Installed Application)

Previously, my installed application (desktop application) is using gdata-java-client with ClientLogin mechanism, for user to access Google service. In order to provide seamless experience, the desktop application will store users previous entered username and password in encryption format. Wheneve...
Cheok Yan Cheng
2

votes
1

answer
558

Views

Google+ Sign-in for server-side apps, exchanging auth code for access token

I'm trying to follow this flow to sign-in a user on an android app using a python server backend: https://developers.google.com/+/web/signin/server-side-flow I'm successful in getting the authorization code from the Android app, but when I try to exchange this code for an access token from the serve...
Kimsterv
2

votes
1

answer
744

Views

OpenID Connect server with ASOS, .NET Core pipeline

I have started playing with OpenID Connect server with ASOS by implementing the resource owner password credential grant. however when I test it using postman, I am getting generic 500 internal server error. Here is my code for your debugging pleasure. I appreciate your feedback. Thanks -Biruk he...
BHR
2

votes
0

answer
297

Views

Linkedin authentication showing blank screen on 2nd step verification in android

I have integrated Linkedin in my android app using OAuth 2.0. But when testing using LinkedIn test accounts which are frequently used on different devices, due to 2-step verification process, on the second screen, it's showing blank screen with just a LinkedIn logo on top. I am using webview to dis...
Midhun Murali
2

votes
1

answer
1.7k

Views

Why am I getting a TokenError when authenticating with OAuth2Strategy for Passport/Node Express

I'm trying to use the OAuth2Strategy for Passport JS in conjunction with Express (4). After I'm redirected to to login, it successfully navigates me back to my callback url, at which point I get the following error: TokenError: Invalid client or client credentials at OAuth2Strategy.parseErrorRespon...
Chris
2

votes
1

answer
304

Views

OAuth2 redirect URI required to be fully defined

I must be missing something obvious. I am developing a web app that will be shipped to a number of customers. The app will be installed on a web server of their choice. My problem is with the OAuth2 authentication and GA requiring me to register a redirect URI. I can't know the URI ahead of time...
user3827317
2

votes
2

answer
5.5k

Views

Facebook PHP-SDK doesn't handle the code/state parameters passed through $_GET?

It looks like the authentication bit when Facebook is sending code, state parameters through $_GET is not covered in PHP-SDK. if(!empty($_GET['code']) && !empty($_GET['state'])) { $response = file_get_contents('https://graph.facebook.com/oauth/access_token?' . http_build_query(array('client_id' =>...
Gajus
2

votes
1

answer
392

Views

ASP.Net OAuth Authorization Server: Add an array as additional response parameter

I have implemented a custom OAuthAuthorizationServerProvider and I want to add some additional elements in the response when my client is requesting an access token. To do so I overrided the OAuthAuthorizationServerProvider.TokenEndpoint method and I successfully managed to add some single elements...
Quentin V.
2

votes
1

answer
188

Views

How to pass data from login page to OAuth 2.0 and then get it back?

I am using OAuth 2.0 for my AngularJS application. When the user clicks on one of other application I am redirecting to my Angular application with parameters like this: https://stic-scm-auto.snitco.com/fsHardSoft/createCase?sn=FOC0948Y1WB When above URL is accessed I am showing them the login page...
3gwebtrain
2

votes
1

answer
633

Views

Azure Active Directory and OWIN

I'm attempting to add Azure Active Directory sign-in using OAuth2 to an existing MVC app. I've got all of the OWIN boilerplate stuff in Startup.Auth.cs as well as the AccountController and Account/Views. When attempting to access a controller with the Authorize attribute (Test/Test) I am shown the l...
Anthony Compton
2

votes
3

answer
481

Views

Avoid google oauth2 client secret in code

I'm writing a small c program which connects to the google api via Oauth2. Therefore I need to send a client secret to google. I store this secret in my code, which I want to push to github, but how can I avoid to show my client secret to everybody who looks at my code?
EarlOfEgo
2

votes
1

answer
1.6k

Views

Google Calendar Booking System

I have seen many posts on this subject, but none have been answered, and most are closed because of their vague nature. Hopefully I can write something a little more explanatory. I've been writing a program which loads data from my clients Google Calendar. The OAuth2 'access_token' for this calendar...
outrunthewolf
2

votes
2

answer
3.6k

Views

Symfony2 : Argument 2 passed to Doctrine\ORM\EntityRepository::__construct() must be an instance of Doctrine\ORM\Mapping\ClassMetadata, none given

I'm trying to implement OAuth2 in my actual symfony2 project using the FOSOAuthServerBundle. I've been following this Article to implement it. Since i don't use FOS User bundle i had to create a UserProvider. I'm also using A User Repository as he did in his Article. I've been stuck with this error...
Brieuc
2

votes
1

answer
421

Views

No given name or surname claim when using Azure Active Directory OAuth

We are authenticating our MVC application using Azure Active Directory but the only information we get back in our ClaimsPrincipal is the Name and Group Memberships. We need access to the users given name and last name as well. Any pointers on how we can resolve this?
Shane Courtrille
2

votes
1

answer
457

Views

Can't get access token from Bigcommerce API, invalid client ID

I am trying to get the access token so I can start building an app that works with BigCommerce. I've been following the docs here: https://developer.bigcommerce.com/api/callback. I'm using the PHP client for Bigcommerce. The response is HTTP/1.1 400 Bad Request {'error':'Invalid client id.'}. I swea...
Erin
2

votes
1

answer
538

Views

Can my OAuth2 client retrieve the canonical user ID from the access token?

Using the OAUth2 web server flow, I've: User tries to access www.third-party.com/welcome User is redirected to www.myserver.com/oauth2/authorize MyServer authenticates user, and redirects them to www.third-party.com/welcome?code=... third-party.com talks to myserver.com behind the scenes, exchanges...
Dylan Beattie
2

votes
1

answer
765

Views

Custom URL scheme for an iOS app with dropbox oauth2 authorization?

I'm trying to utilize dropbox with my Qt-based iOS app. My problem is the redirection from the dropbox authorization webpage back to the app. I did not manage to get the dropbox authorization to work with the Qt WebView, so I am simply launching the default browser to the dropbox authorization site...
Miika Pirttilä
2

votes
1

answer
374

Views

REST API Authentication (maintaning an authenticated state)

I am developing a REST API. Currently I am trying to make it minimally secure. I am asking this question because most of the posts I found about this subject were quite old. For authentication I found this schemes: Basic authentication AWS authentication protocol OpenID OpenID Connect OAuth pseudo a...
doart3
2

votes
1

answer
643

Views

Types of authentication in OAuth2 in Spring: How does authentication via user credentials work?

I am currently trying to implement a web service (API) with OAuth2 authentication using Spring Security OAuth. As far as I understood, given a user, a client app and a server, the authentication process is as follows: User requests resource from server via client Client retrieves request token from...
user2035039
2

votes
2

answer
198

Views

Programmatically choose which page to show first

I'm working on a Windows 8 Phone app where the user logs in using OAuth2. Once logged in, I can store their access and refresh tokens and use them to authenticate the user for future uses. How do I choose which page to load first when the app is opened? I can check if an access token exists, and if...
tverghis
2

votes
1

answer
657

Views

Oauth2 without server or with AWS lambda

I am trying to design an web application that will query data from Fitbit via its APIs and display it in different forms to the user. All this data functionality is implemented in Javascript and is executed on the client side (ie. in the browser) - there is no need for a backend or storage. I am str...
abali
2

votes
1

answer
458

Views

Change scope while issuing new access token when client sends valid refresh token

I am using php oauth2 library from this github repo. PHP oauth2 library Whenever i send a refresh token, I receive new access token with old scopes. But i want to change the scopes returned with new access token. When i first generate a token using user credentials grant type, I get the supported sc...
Krish Gowda
2

votes
2

answer
1.2k

Views

Invalid redirect url after open auth 2.0 authentication via Google

I'm trying to implement authentication in my MVC 3 web application via Google Open Auth 2.0. I've already successfully formed URL request URL and it looks like this: https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/useri...
Pavel Shkleinik
2

votes
1

answer
1.8k

Views

Does OAuth 2.0 refresh token expires at all?

I need to understand if a refresh token from OAuth 2.0 for Google data expires or not if unused for more than 6 months? At many places it is called out that it doesn't expire and at some places it is said that it will expire if unused for 6 months. For example, in this question, the accepted answer...
Nitesh
2

votes
1

answer
369

Views

Responsibility to store tokens in OAuth 2.0

If I am building a library in .NET based on, say FB or Google API, we get an access token (short lived) and a refresh token (long lived). As a developer who wishes to build such a library, whose responsibility is it to store those tokens? The client library developer or The application consuming my...
NoobDeveloper
2

votes
2

answer
579

Views

Securing REST API with OAuth2.0 or Azure Active Directory

I have a REST API that i call from within my web application in order to get the result. I have a client which asks for my API only but I can't expose my API without any security. Apparently I have to use it with my application as well, so far the API is not secure, I want my client to consume my AP...
Mavericks
2

votes
1

answer
718

Views

How to protect Google's clientSecret and clientID in a WinRT application?

I'm developing a WinRT application that makes use of the Google Tasks API. Currently, the ClientSecret and ClientID strings are embedded in the code. However, I've read that this should be avoided, as Windows 8 Apps can be easily reverse engineered. So, what is a better way to keep these tokens secu...
dcastro
2

votes
1

answer
200

Views

Is there a good ASP.NET package to implement StackExchange-style authentication and profiles

I'm familiar with ASP.NET Membership, Profile, forms auth, etc., as well as OpenId/OAuth. However, I haven't found a great resource on rolling together a really smart, modern OpenId-enabled login and profile system similar to what StackExchange does. Is there a package or template that adds in Sta...
Daniel
2

votes
1

answer
2.1k

Views

Retrieve user information from Web API OAuth Bearer authentication

I have a working Web API using Token validation but I want to retrieve the user who sent that token. Request.GetOwinContext().Authentication.User.Identity.Name; // returns null How can I achieve that? Thanks for your help.
Bruno Cabral
2

votes
1

answer
173

Views

How to use the access token from uber api in accessing trip history

I am trying the Uber API and have got the following response output from the Uber API which has the Access Token : {'last_authenticated':0,'access_token':'KQ.eyJ2ZXJzaW9uIjoyLCJpZCI6IlpOTjJ0ZjVMUzFpcW5JbVEvAdffgfgmc9PfsfsZXNffsdfdsfsdf5MDY4OTEsaW5lX2tleV9pZCI6Ik1RPT0iLCJwaXfCI6MX0.i3fnzPo61qO29IyOcs...
Sandy505
2

votes
1

answer
145

Views

omniauth - is there any reason why I should store the OAuth2 token in db?

So, I'm just starting to use omniauth and have gotten it working with facebook. I have set it up so that it automatically redirects back to facebook for a new token when the current token expires. Based upon that, is there any reason why I should be storing the token to the db? I currently log user...
timpone
2

votes
2

answer
1.5k

Views

Proper paradigm for refreshing OAuth2 access token

I'm working with an API that uses OAuth2, provides an access token that expires in 3600 seconds, and provides a refresh token with it. Originally, I'd waited for an API call to fail in a way that indicated the access token was expired and then tried to refresh the access token using the refresh tok...
Isaac
2

votes
2

answer
138

Views

How to Edit Extensible Service Proxy configuration file

I need to integrate OAuth2 in my Project with AppEngine Backend. I am planning to use firebase Auth with AppEngine to take care of security. Tutorial used : https://cloud.google.com/endpoints/docs/authenticating-users#configuring_extensible_service_proxy_to_support_client_authentication Where is the...
Shubham Maheshwari
2

votes
2

answer
2.1k

Views

redirect_uri_mismatch error when using OAuth Google Client program

I am using the google OAuth java client to get my application authourized by google for accessing google fusion table data. I used the code at here http://code.google.com/p/google-api-java-client/source/browse/fusiontables-cmdline-sample/src/main/java/com/google/api/services/samples/fusiontables/cmd...
user1036204
2

votes
0

answer
252

Views

Get additional data stored in Oauth2 token in Spring Boot app

Currently I'm developing a rest controller in a Spring Boot app that uses Oauth2 tokens for authentication and I need to get some user info from the token. To get the basic info I'm using the OAuth2Authentication object like this: @RequestMapping(CONTROLLER_PATH) public DataDto getActivityData(@Requ...
slash3584
2

votes
1

answer
114

Views

Login with OAuth & retrieve user details from DB

I'm new to OAuth. Does anyone know how to login with OAuth, I have managed to generate a token by passing user name and password and used sessionStorage.setItem('accessToken') in javascript to store the token, $(document).ready(function () { $('#btnLogin').click(function () { $.ajax({ url: '/token',...
KMR
2

votes
1

answer
124

Views

Add OAuth2 to Existing Django App

I already have a django app running on App Engine, but the current user authentication is provided by Djoser, which uses a simple token authentication. Now I want to write some new APIs to third party applications to allow them to access user data. So I need to implement the OAuth2.0 authentication....
J Freebird
2

votes
1

answer
741

Views

On Premise ADFS 3.0 OAuth2 WebApi + AngularJS

I am completely lost on this, any help would be appreciated. When I click Login through my client app from angularJS, I get redirect to : https://adfs.dev5.local/adfs/oauth2/authorize?response_type=code&client_id=09c9a8a2-6bf1-427d-89ba-45c2c02bb9fc&resource=urn%3Awebapi%3Atest&redirect_uri=https%3A...
penleychan
2

votes
1

answer
167

Views

GOLANG:exclude trash files from google drive

type listAllFilesArgs struct { query string fields []googleapi.Field sortOrder string maxFiles int64 } type Field string func (self *Drive) listAllFiles(args listAllFilesArgs) ([]*drive.File, error) { var files []*drive.File var pageSize int64 if args.maxFiles > 0 && args.maxFiles <...
Vijay Kumar
2

votes
1

answer
263

Views

Get oauth2 access_token owner email address in ruby?

I am successfully using Oauth2 gem to get an access tokens from Google accounts. But I want to get the email address which produced the token (I mean if I used this account '[email protected]' to get the access_token, how can I know the email address from the token?). Or can I get the email while ob...
ben