Questions tagged [oauth-2.0]

2

votes
0

answer
413

Views

How to implement Basic Auth in project based on Spring Security OAuth 2?

I have project based on Spring Security OAuth 2. I want to add Basic Authorozation for /oauth/token. e.q. : curl -v --user admin:password 'http//localhost:8080/oauthtest/oauth/token?grant_type=password&client_if=my-tr usted-client&client_secret=2343k242j' (Authorization: Basic YWRtaW46cGFzc3dvcmQ=...
Alexiuscrow
2

votes
1

answer
416

Views

How can I configure doorkeeper so that more than one client can authenticate with the same username and password?

I'm using the doorkeeper gem with the resource owner password credentials flow, if separate clients authenticate with the same username and password they end up using the same access token. This means that a client will no longer have a valid access token if another client has refreshed the access t...
ChrisR
2

votes
1

answer
3.1k

Views

Fetch emails from Gmail via OAuth2

I'm trying to fetch emails from gmail using PHP and CodeIgniter, and an OAuth2 library. I have already got OAuth2 set up to get the users access token, etc. I can get the users info by doing public function get_user_info(OAuth2_Token_Access $token) { $url = 'https://www.googleapis.com/oauth2/v1/use...
iamjonesy
2

votes
2

answer
763

Views

Google+ Server Side Token Validation

I am using Google+ Sign-in in my application. A user gets an access_token back and I want to pass that token to my server and verify it with google. What is confusing me is conflicting information in google's documentation regarding the security of this: https://developers.google.com/accounts/docs/O...
mmilleruva
2

votes
1

answer
353

Views

Web API2 identity2 bearer token permission change

Using Owin + Oauth2 + Identity2. I have a web Api with default basic authentication setup that i have modified. my startup.cs partial class public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to tem...
lemunk
2

votes
1

answer
653

Views

Configure Spring Security with Hydra OAuth 2.0

I configured an Hydra instance with my Spring Boot app. I just configured my app as a resource server using the annotation @EnableResourceServer. So, when I'm using the Bearer authorization header in my request, Spring uses the value that I specify in the property: security.oauth2.resource.user-info...
Ben Chevallereau
2

votes
2

answer
299

Views

Safari Can't Get Uri Fragment After Google Oauth Callback

I'm implementing Google OAuth 2.0 following this document: https://developers.google.com/identity/protocols/OAuth2UserAgent I set the following steps: User click the Login Button and open up a new window. Formatting the authenticating url and redirect that new window to Google. User finished authent...
Benson Lu
2

votes
1

answer
1.4k

Views

Chrome Custom Tabs does not closes on redirection

I am using chrome custom tabs for getting oAuth connection request on the redirection from custom tabs I am redirected successfully in the app. The only problem remains is that the chrome custom tabs do not close on redirection stay in the stack. Code for launching url in custom tabs is as follows....
Sutirth
2

votes
1

answer
351

Views

IOS 7 LinkedIn share button implementation using oauth2.0 share issue

I am trying to make a simple application that will share content with LinkedIn, here i am able to receive the result without any error but the contents are not present in my LinkedIn timeline . Any Help will be Appreciated and this is my code. -(void)JsonPostRequst:(NSData *)jsonRequestData{ Globalt...
sanalsan
2

votes
0

answer
26

Views

Best practice for first-party auth in a native app

We have an auth infrastructure based on OAuth2 that is integrated into a variety of web apps within our organization. We also have a pure native application with no middle-ware of its own, and we want to integrate authentication into this native application. This application already has its own inte...
Jonathan Gilbert
2

votes
2

answer
4.7k

Views

Redirecting user to oauth2 authorization server to get token Spring Boot

I have 2 apps running, one is resource server where I have the info that needs authentication to view the text. Then I have authorization server that gives tokens. Right now I can use postman or Insomnia, add the auth_url, token_url, client_id, client_secret and I get the token. I add the token to h...
Jan
2

votes
1

answer
1.4k

Views

Alamofire Basic and Oauth2

I have been using Alamofire and it works fine for basic auth #1 Alamofire.request(.GET, ENDPOINT_URL).authenticate(user:_username, password: _password).responseJSON { response in } and for OAuth2 #2 let headers = ['Authorization': 'Bearer \(getLoginToken()!)'] Alamofire.request(.POST, ENDPOINT_URL2,...
perwyl
2

votes
0

answer
439

Views

OAuth2 Password Flow with Android and Symfony2 (FOSOAuthServerBundle)

I'm trying to allow users to access a RESTful API using FOSOAuthServerBundle. I need my users to be able to access the API using Android. I require said users to use a Password flow to connect to the API. Currently, if I were to use a browser with the URI: http://BASE_URL/oauth/v2/token?client_id=CL...
ABCaesar
2

votes
1

answer
543

Views

OAuth2 on Google Apps Marketplace

OAuth1 has been officially deprecated by Google on April 20, 2012, but the Google Apps Marketplace documentation states that Marketplace apps have to use OAuth1 2 legged authentication. I would much prefer to use an OAuth2 Service Account for my application. Is there some way to assign a marketplace...
sdonze
2

votes
2

answer
7.5k

Views

nodejs http post request throws TypeError

I am trying to make a simple server that use google oauth (without express and passportjs, as I want to study the data exchanged). When my program attempts to send a post request to google, nodejs throws: http.js:593 throw new TypeError('first argument must be a string or Buffer'); I have checked an...
MikeNQ
2

votes
1

answer
406

Views

Microsoft OAuth2 Authentication Not Returning Refresh Token

I am adding Microsoft OneDrive support to a product that my employer sells to other companies. When I went through my designing and prototyping stage, I was using an application ID that waw obtained through an application registration that I did using my personal account. Now, I'm working on actua...
ke4ktz
2

votes
2

answer
1.2k

Views

yammer oauth error invalid redirect uri

We integrate with YAMMER using OAuth2.0 Server-side flow. Some of our clients have subdomains so our redirect URI has to be dynamic. We set up the yammer-app to have a dynamic redirect URI as specified in the documentation. Our redirect URI looks like this: https://example.com Problem: It works not...
sfroestl
2

votes
1

answer
99

Views

ProcessUserAuthorization in Google OAuth2.0 is throwing 400 error

I'm having an issue with a line of code in c# to make a OAuth2.0 request. The code is like this: WebServerClient consumer = new WebServerClient(CGmail.serverGmail, CGmail.clientIDGmail, CGmail.clientSecretGmail); consumer.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(CGmail.c...
Diego Arturo
2

votes
1

answer
1.4k

Views

Angular using a promise for Interaction with a popup

I'm new to angular, services and definitely to promises. I have this bit of code in a service which works on its own, but it's messy. I want to put the whole thing into a promise if possible as that would make it super workable. I'm doing oAuth authentication with google. The flow is: User clicks '...
Coo
2

votes
1

answer
113

Views

Is localStorage preferred place to save Authorization token in hybrid mobile apps?

I am developing a hybrid mobile app (using HTML, JS and Cordova) for android and iOS primarily About App: The user log's into app via Sign-in process , secured by OAUTH 2.0 authentication. The application needs to access protected resources at various different places in the app, Hence there is a n...
RDX
2

votes
2

answer
1.4k

Views

Obtaining a valid access token for Microsoft Graph API

I am working on an ASP.NET MVC5 Web App that uses Azure ADAL libraries to authenticate users, it works fine, however, when I manually send requests to graph, ex: GET https://graph.microsoft.com/v1.0/me or GET https://graph.microsoft.com/v1.0/groups?$filter=from/displayName eq 'whatever'. I have trie...
LunielleDev
2

votes
1

answer
1.6k

Views

Spring Cloud OAuth2: Resource server with multiple Authorization server

We are developing an application in a microservice architecture, which implements signle sign-on using Spring Cloud OAuth2 on multiple OAuth2 providers like Google and Facebook. We are also developing our own authorization server, and will be integrated on next release. Now, on our microservices, wh...
Warren M. Nocos
2

votes
1

answer
184

Views

Gmail API multiple accounts

I have 4 gmails accounts, I am building a dashboard sort of web page, where i want to show number of unread mails in all of 4 mails. But When I auth with one account it doesn't displays the count of other accounts. Is there any method to keep multiple accounts signed in? I want output like; Mail 1:...
curious_nustian
2

votes
3

answer
5.9k

Views

OAuth1 or OAuth2 for a non SSL website?

I want to implement OAuth server on my PHP server, which dosent have a SSL connection. There's no decent OAuth 2 framework for PHP-codeigniter yet. So which one should I use OAuth1 or OAuth2 ?
AH.
2

votes
1

answer
1.8k

Views

Error 100 This authorization code has been used

I have a simple sign-in button that directs the user to: https://graph.facebook.com/oauth/authorize?client_id=APP_ID&redirect_uri=CALLBACK_URL&type=web_server&scope=publish_stream,offline_access,email,friends_likes,user_likes. The callback request handler at CALLBACK_URL grabs the code parameter a...
Matt Sither
2

votes
4

answer
968

Views

Automizing twitter login in Desktop app written in java

I'm creating a desktop Twitter client in Java using the twitter4j library. I've got my app's API key and secret. Now after I obtain the request token I get the authorization URL which the user has to open in a web browser, login from his account, allow access to the app, and retrieve the access pin....
Manindra
2

votes
1

answer
3.7k

Views

What's the difference between a Redirect url and a callback uri in openID Connect Oauth?

I was trying to learn how to implement openID connect in one of my Android app, I came across two terms redirect url and callback uri, I'm not able to distinguish between the two. What exactly is the difference?
gameOne
2

votes
1

answer
1.7k

Views

Add custom key/value to JWT token payload or user with keycloak

I have keycloak running in localhost. I want to add a key/value pair to the token payload or add a key/value pair related to the user (payload again) Can you suggest me a way to do this and a way to verify that it has been added? (I guess with https://jwt.io/)
Grandmaster
2

votes
0

answer
334

Views

Python - google drive authentication using email and password

I'm creating a simple python 2.7 application that uploads files to Google drive. I've used PyDrive examples and they work quite well. But in all the examples they all require the client to get their authentication secret key from their Google account and add it to the client_secrets file. Is there...
flow
2

votes
1

answer
379

Views

Can I use cognito AccessToken get Cognito identity ID?

I now use cognito user pool as “account system”, and also created a identity pool, Use IOS app I can make user sign up , sign in , get the account identity id, sync dataset and other operations. Then I use Cognito user pool as Oauth2.0 server to achieve Alexa Smart Skill Account link, it has bee...
Bruce Pan
2

votes
0

answer
88

Views

Gspread httperror when updating cell

For some reason I get: gspread.httpsession.HTTPError when trying to update a cell. spreadsheet_name = raw_input('Please enter a spreadsheet url: ') json_keys = json.load(open('keys.json')) scopes = ['https://spreadsheets.google.com/feeds'] credentialss = SignedJwtAssertionCredentials(json_keys['cl...
Test Dev
2

votes
0

answer
281

Views

Oauth2 for Native Mobile Apps and Backend API?

I'd like to authenticate users on both a native mobile app and API backend via third-party services like facebook, google, etc. As I understand it oauth2 allows 'clients' -- like native mobile apps and backend APIs -- to authenticate against third-parties following a request, authorization and acces...
Ari
2

votes
1

answer
164

Views

Any oauth2 library for ColdFusiion?

I have designed a Restful component using Coldfusion 11. Now I need to think of securing this REST service.After searching for sometime I found HTTPS + oauth2 is the best combination for securing REST service. In the official oauth2 page, We have libraries for different languages. But there is noth...
user3427540
2

votes
1

answer
267

Views

OWIN OAuth Authorization Server and individual accounts

I have an application that has been under developpment for quite a while now. We used OWIN with individual accounts. The application is asp.Net MVC with WebApi and AngularJs frontend. The API grew quite a lot and we have cases where we need to give access to clients to the API directly. Problem is t...
Georges Legros
2

votes
1

answer
5.8k

Views

Facebook javascript authorization modal dialog with OAuth 2.0

I can do it oldschool: function init(){ FB.init({ appId : 'MY_APP_ID', status : true, // check login status cookie : true, // enable cookies to allow the server to access the session xfbml : true, // parse XFBML channelUrl : 'http://MY_WEBSPACE/facebook-iframe/channel.html' // custom channel }); s...
borisdiakur
2

votes
1

answer
303

Views

API for google apis console?

Is there any way how to access https://code.google.com/apis/console with any kind of api? I need to access it with python and add subdomains to oauth2 callbacks dynamically, thanks.
Visgean Skeloru
2

votes
1

answer
2.3k

Views

oauth consumer key and consumer secret registration

i am doing a project on oauth. i have to ask the user to login to the third party site(google,facebook,msn,linkein) via oauth.i am in developing stage of the project. for facebook i went to the site and get registered to https://developers.facebook.com/apps As i am in developing stage of the projec...
user533
2

votes
1

answer
1.2k

Views

OAuth 2.0 where to securely store access token for long term use

I am working with API that uses OAuth 2.0. Its' flow is like this: In your application, you have a button which redirects you to the authorization server (APIs' in my case). You either have to log in to APIs' website and give access to your application (press 'allow' or 'deny' button) or if you are...
Tomeister
2

votes
1

answer
672

Views

Facebook Oauth CORS error

I am using oauth2 to handle a user login via facebook. The error occurs when I call the authorization server in the golang api. Here is the network error. Fetch API cannot load https://www.facebook.com/dialog/oauth?client_id=1543358959292867&redirect_u…=email+public_profile&state=mUi4IpdY8yF5TNVVp...
goda
2

votes
3

answer
1.9k

Views

Spring OAuth2.0: Getting User Roles based on Client Id

I have multiple clients registered for my oauth2 auth server. lets say user1 have roles such as ROLE_A, ROLE_B for client1, same user has roes such as ROLE_C, ROLE_D for client2. now when the user logins either using client1 or client2 he is able to see all the four roles ie. ROLE_A, ROLE_B, ROLE_C...
Alex Man