Questions tagged [oauth-2.0]

1

votes
1

answer
1.2k

Views

How can I do FaceBook login with django rest framework without requiring the client to use a popup?

So, I've setup an auth system using djoser and rest-social-auth ( https://github.com/st4lk/django-rest-social-auth ) but it seems it requires the client to open a pop-up or modal to login with facebook, which our frontend dev says is a bad idea, we should use server-side redirects instead. So - assu...
Chozabu
1

votes
1

answer
1.1k

Views

Retrieving single raw file from Bitbucket with token based authentication

I successfully managed to retrieve my access token and refresh token following these suggestions, and I can also clone my private repositories using the access token. However, what I'm trying to do now is retrieving a single raw file from my private repository, using the same kind of token-based aut...
swahnee
1

votes
2

answer
1.2k

Views

How to restrict API endpoint access to certain clients?

I'm building an API using the Django Rest Framework. I've looked at a whole bunch of documentation, however I can't seem to answer this: How can I restrict my API such that only my iOS client can register users / log them in? I understand that I can use OAuth2 or Token Authentication for additional...
blue_zinc
1

votes
1

answer
1.1k

Views

WebAPI 2 - OAuth 2 intercepting Authorization Token

I have created a simple web service - WebAPI 2 using owin hosted on IIS in my startup file public void Configuration(IAppBuilder app) { // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888 ConfigureOAuth(app); var configuration = new HttpC...
li-raz
1

votes
1

answer
5.7k

Views

Spring Security Oauth2 Resource Owner Password flow: When I send a REST request, my user detail service always gets the client id instead of username

So I'm trying to send a request to my oauth server (with no headers): grant_type=password&username=blah&password=blah&client_id=blahblah. I have 2 authentication-manager (one for the client and another for the user validation). The problem is, none of my authentication managers are being passing the...
Dean
1

votes
1

answer
2.8k

Views

What to do after getting Auth Token - Android Youtube API

I am creating an android app, using the youtube API where you play and then favorite YouTubeVideos.I have (I think correctly) gotten the Auth Token using Account Manager and oauth2 for the user. What I am wondering, is where to go next? I would like to create an instance of a YouTube, so that I can...
Isabelle
1

votes
1

answer
638

Views

Use password credential flow and some 3rd party authorization server

This is more of a general question but I hope it is still valid for SO. So far I have learned, that in general, a mobile app (such as official Pinterest app) use the Password credential flow to let their users login and access the API directly. (let's just assume they use OAuth for this) So they col...
Sebastian Wramba
1

votes
1

answer
1.2k

Views

OAuth2 in Identity Server with API Manager

I'm new to WSO2 products and SOA but this is what my superiors assigned me to do. They wanted me to install, based on the requirements, WSO2 APIM, IS, and DSS products. In DSS they wanted me to create a service that would use a MySQL table as the datasource and use an URI template. I have done that...
Drew
1

votes
2

answer
9.7k

Views

OAuth 2.0 in php using curl

I need to get my access_token and refresh_token for OAuth 2.0 to Access Google APIs, the php script below should return a json with access_token, refresh_token like this: { 'access_token' : '####', 'token_type' : 'Bearer', 'expires_in' : 3600, 'refresh_token' : '####' } but, the php script return me...
FilipR
1

votes
1

answer
4.6k

Views

Oauth2 and Spring-Security: java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?

I am using Oauth2 with spring-security for secure my rest services. i am using latest version of oauth2 and spring-security dependencies. Following is my dependencies: org.springframework.security spring-security-core org.springframework.security spring-security-web org.springframework.security spr...
1

votes
2

answer
29

Views

What does this hospital mean with the following OAuth requirements?

We've got a hospital as a customer which wants to have an app developed. This app will probably make use of various ways of validation, of which OAuth2 is one. They have a list of requirements, of which one kind of puzzles me: For every user session, the app needs to generate an unpredictable 'state...
kramer65
1

votes
2

answer
3.2k

Views

IdentityServer3 PostMan invalid_client

I've set up an an instance of IdentityServer3 running in IIS. var validators = new List { new Registration(), new Registration() }; // .Register() is an extension method that setups that setups the // IdentityServerServiceFactory var factory = new EntityFrameworkServiceOptions() .Register() .UseInMe...
Rabid Penguin
1

votes
1

answer
238

Views

Can OAuth2 be utilized for token generation for non-social login types?

I'm creating a RESTful web service with Spring MVC. I'm attempting to locate a secure way to generate authentication / access tokens for the client side (website) to connect to the web service. I've read up on OAuth2, but I've only seen it used for logging in through other platforms (Facebook, Googl...
Jake Miller
1

votes
2

answer
95

Views

OAuth2 for REST API with tightly coupled SPA as only client

I'm developing a REST API with a tightly coupled SPA as the only client of the mentioned REST API. Let's say the SPA is available at myservice.com and api is under myservice.com/api. They're basically one service, just split at code level, and deployed at different root paths. What I'm using for s...
Tuan Pham
1

votes
1

answer
389

Views

Bean 'scopedTarget.oauth2ClientContext' could not be registered same bean name has already been defined in class path

I am simple trying to enable google sign in feature for my app but getting this particular error. I don't understand this problem why I am getting it? I need help to fix this error? Any hints? @Configuration @EnableOAuth2Sso public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter...
bmalhi
1

votes
1

answer
449

Views

Google Drive SDK asking for permissions

I have a test app created in .NET with the DrEdit example. I have published this to the testusers group so I can open it in Chromes webstore. But everytime I access it it will ask for permissions 'My App is requesting permission to:'. Is this expected behavior or is this a mishap in my .NET app?
YesMan85
1

votes
1

answer
235

Views

rxjs5 Observable.ajax ignores explicitly set HTTP headers

I'm getting my feet wet with redux-observable and OAuth2 authentication. I'm stuck at the point where I have to POST adding Authorization header to my HTTP request. The header is has not been added. Instead, I see any custom-set header names as values of Access-Control-Request-Headers, and that's it...
badbishop
1

votes
2

answer
343

Views

OAuth2: using PKCE instead of client_secret

I have a web app that uses OAuth2's Implicit Grant to authenticate. I'd like to be able to keep my session active for a long time, using refresh tokens. But since I can't securely store a client_secret in a web app, I can't use the traditional Authorization Code grant. Is it safe to use PKCE in plac...
JW.
1

votes
2

answer
476

Views

Generate Personal Access Token to call an Azure Web Api (OAuth)

I have an ASP.NET Web API and I registered a new Application under Azure Active Directory. This is how the ConfigureAuth is in the source code of the Web API. public void ConfigureAuth(IAppBuilder app) { // Configure the db context and user manager to use a single instance per request app.CreatePerO...
user3587624
1

votes
2

answer
200

Views

Sabre Dev Studio API call by Javascript

I am trying to make a web application of Sabre Dev Studio using there Rest API. I am using javascript. I collected the required access tokens and client secret for the app . I wrote this code to send an api request: var clientId = 'V1:abcD123:OPQRST:UVW'; var clientSecret = 'aBcdEfG'; // Using jQu...
Syed Galib
1

votes
1

answer
1.3k

Views

Instagram oauth flow in angularjs

I am using angularJs and rending a button to let user authorize to instagram. I can test by passing https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token iI get the accessToken in the redirectUrl. The question is how do I invoke this flow in an...
Vik
1

votes
1

answer
760

Views

Getting 500 Internal Server error on sending the token and requesting SAS URI

I am passing token as : String access_token = object.get('access_token').toString(); System.out.println('Access Token -------->' + access_token); System.out.println('Decoded Access Token --------> ' +URLDecoder.decode(access_token)); //String basicAuth = 'Basic '+ new String(new Base64().encode(acce...
MikasaAckerman
1

votes
1

answer
357

Views

Grails spring security oauth2 provider request for resource with correct bearer token redirects to login

As the title implies, I have a controller method protected by the oAuth2 plugin, but when I send a request to it including a correct Authorization: Bearer (using Postman), the response I get is the HTML for the login page. Method in question: @Secured(['ROLE_USER', '#oauth2.clientHasAnyRole('ROLE_...
OsaSoft
1

votes
2

answer
493

Views

What is the best way to implement LinkedIn Authentication in MVC6 ASP.NET5 web app

There is no LinkedIn-specific library from Microsoft like Microsoft.AspNet.Authentication.Facebook. The third party libraries I tried are designed for ASP.NET4.5.
mkvakin
1

votes
1

answer
796

Views

OWIN Google authentication - how to get id_token?

I have things set up so that I am able to successfully authenticate using Google. Code looks like something along these lines: app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions { AuthenticationType = 'Google', Caption = 'Sign-in with Google', SignInAsAuthenticationType = signInAsType...
599
1

votes
1

answer
101

Views

Enabled Google Contacts API not shown on Consent Screen

So I've been trying to figure out why my Google Contacts wasn't being enabled after I had enabled it on Google developer console as so: After I had enabled it, when I log in I am able to see this knowing that the Google+ Api is working fine. As we can see, it seems as though the Contacts API is not...
Julius Doan
1

votes
2

answer
1.7k

Views

For a B2B Enterprise REST API, should requesting an access token in oAuth2 invalidate previously granted access tokens to that Client ID?

For a B2B REST API servicing Enterprise clients who may have multiple applications using a Client ID/Secret: If you send a request for an oAuth2 access token for a specific Client ID and Client Secret and receive an access token then later on send another request for a token with that same Client I...
anataliocs
1

votes
1

answer
1.1k

Views

Instagram getting Access token Notice: Undefined index: access_token

I'm beginner programmer to get Instagram Authentication, I uploaded this php code on my server
user4315272
1

votes
1

answer
129

Views

How do you log responses with oauth2 gem?

I see that oauth2 uses Faraday to handle requests and response which has support for logging to stdout. How do you enable that option with the oauth2 gem?
Jonathan Mui
1

votes
2

answer
2.5k

Views

Identity Server OAuth Resource Owner Password Grant always returns invalid_client

new Client { ClientId = 'esmifavorito', ClientName = 'esmifavorito-client', Enabled = true, ClientSecrets = new List { new ClientSecret('esmifavorito'.Sha256()) //PQ/pIgjXnBfK67kOxGxz9Eykft6CKPkPewR3jUNEkZo= }, Flow = Flows.ResourceOwner, //RequireConsent = false, //AllowRememberConsent = false, //C...
Vector
1

votes
1

answer
993

Views

Token Authentication or OAuth 2 for Django Rest Framework API (Or Both?)

I'm setting up a new API using Django REST Framework, and I'm a bit confused how to set up authentication. The API I'm setting up is consumed by the public, whom I want to have the most flexibility possible. Out of the box, DRF provides Basic Authentication, Session Authentication and Token Authenti...
mlissner
1

votes
1

answer
5.1k

Views

OAuth2 with Spring MVC rest APIs

I am targetting to secure my REST APIs by custom OAuth Authorization server of my own (NOT google, facebook etc.) by using Resource Owner Password Credentials Grant. The user would pass the credentials over SSL and would get back the Access Token and Refresh token. I followed this tutorial - http://...
Puneet Pandey
1

votes
1

answer
941

Views

Oauth2 password grant type with Doorkeeper and Angular

I've got a Rails API that is using Doorkeeper with the password grant method for Oauth2. Doorkeeper requires both the client_id and client_secret to be sent to the token request (/oauth/token), alongside the user's login details and scope. How would I go about doing this in an Angular app? I don't l...
Chris Edwards
1

votes
1

answer
1.3k

Views

Fetching User Info like Name, Email using Google OAuth2

I am using Google's .NET SDK in my application and would like to get the user info. I have obtained the UserCredential object using the below scopes. new[] { Uri.EscapeUriString('https://www.googleapis.com/auth/userinfo.email'), Uri.EscapeUriString('https://www.googleapis.com/auth/userinfo.profile'...
Vignesh.N
1

votes
2

answer
1.4k

Views

gdata oauth2 authorization NullPointerException: No authentication header information

I am trying to export/import google contacts using gdata+Oauth2 in my web application. The application has a client side on js and java server side, communicating through REST API. The js side performs auathorization via google getting the following data { state:'38c4ebb6-b763-4e98-969c-16a86221ec...
lopushen
1

votes
1

answer
663

Views

How implement Mule App as a OAuth2 Resource Server of Restful Services

How implement an Component that publish secure services Rest , conditions: These services should be secured by OAuth 2.0. This component will is the Resource Server. The Authorization Server is third party component implemented with Spring OAuth2.0 and Deployed in JBoss Server. The client app will b...
dmotta
1

votes
1

answer
1.6k

Views

How to fetch access token in Google AppEngine (OAuth 2.0) using java

I am getting exception for accessing token Socket java.lang.RuntimeException: com.google.apphosting.api.ApiProxy$FeatureNotEnabledException: Is there any solution to post the request (code) for exchange of token Here is my code for retrieving code to access token i am using Httpclient is any solut...
Ashraf
1

votes
2

answer
145

Views

Access google api with user's username and password

I am working on a mobile app that is a planner app for ios. I have many people that are requesting the feature to integrate with google calendar. I looked at the calendar api's and they look very straightforward. The challenge is getting the user authenticated. The user experience that I want is...
justspamjustin
1

votes
1

answer
110

Views

AdalJs - How to disable silent renewing Tokens

I'm working on applying a custom company security policy in my company's application. I use the AdalJs library and I see that even if I apply the my Azure policy to the AD application, because of the silent renewing tokens, I'm not able to comply with the policy requirements. Is there a parameter t...
OaicStef