FAQ Database Discussion Community


Flask-Restful, oauth, and Salesforce

python,rest,flask,oauth-2.0,salesforce
I am building out a REST service using Flask-RESTful that will allow users to connect to their salesforce Environment and pull data. Is it possible to secure a restful API with oauth2?! I cannot seem to find any documentation this....

Facebook auth setup

facebook-graph-api,oauth-2.0,paw-app
How can I setup PAW to work with Facebook locally for development? Or even at all for that matter? I have a node.js backend that I'm setting up with Facebook Auth. Every one of my routes needs the user to be logged in. I have two endpoints related to FB...

Building Daemon or Service Apps with Office 365 mail — Compilation Error

oauth-2.0,office365,outlook-restapi
I am following this entry at Exchange dev blog (MSDN). For the sample project published on GITHub, I'm getting following build errors, wondering which step I missed... Could not copy the file "AccessMailboxAsApp\Content\myappcert.pfx" because it was not found. Could not copy the file "AccessMailboxAsApp\Content\encryptionCert.pfx" because it was not found. ...

OAuth2: How to send “deny” request to OAuth2 server?

oauth-2.0
When a user needs to approve a request to authenticate using OAuth2, they are typically given "Approve" and "Cancel" buttons. What should I send when a users clicks "Cancel" ? As a developer, what do I send to the OAuth server to make it deny the request when a user...

Handle bad access_token sent through request using Web API 2 C#

c#,oauth-2.0,asp.net-web-api2
Hi I am using Bearer authentication in my web api 2. After user login i generate access token to the user. Further when they request my web api, they have to send access token in request header. All valid access tokens are requesting web api with out any problem. But...

OAuth2 with Spring Security - InsufficientAuthenticationException

java,spring,exception,oauth-2.0,spring-security-oauth2
i am currently working on a project involving spring security (for OAuth2). We are using the authorization_code flow. However when the client hits the AuthorizationEndpoint (/oauth/authorize) we get an "InsufficientAuthenticationException". This may be due to an external system which is also involved in this flow which performs a redirect for...

OAuth 2 - Custom Attributes like SAML

authentication,oauth-2.0,saml-2.0
SAML supports just in time provisioning with custom user attributes to be passed as part of SAML assertion after successful login, wondering OAuth2 supports anything similar ? Thanks...

“OAuth2 not granted or revoked” when trying to evalutate free trial in Chrome extension

google-chrome,google-chrome-extension,oauth-2.0
I'm attempting to offer a free trial period for my Chrome extension and have been following the Chrome documentation about how this can be accomplished. When my extension loads, though, the background script is logging the following error to the console: Unchecked runtime.lastError while running identity.getAuthToken: OAuth2 not granted or...

Use Bearer Token Authentication for API and OpenId authentication for MVC on the same application project

c#,asp.net-mvc-4,oauth-2.0,openid,identityserver3
I am trying to use both OpenId and Bearer token authentication on my application through Identity Server. The problem currently is that once I have authenticated the user, I still need to get a bearer token to be able to call any action methods for my Asp.Net MVC application. Here...

Mule SFDC connector: redirect_uri_mismatch&error_description=redirect_uri must match configuration

oauth-2.0,salesforce,mule
I am connecting to SFDC with mule connector by oauth, trying to authorize but getting following error message. <flow name="sfdcFlow1" doc:name="sfdcFlow1"> <http:inbound-endpoint exchange-pattern="request-response" host="${hostname}" port="${port}" path="sfdc" doc:name="HTTP"/> <sfdc:authorize config-ref="Salesforce__OAuth_v2_0" display="POPUP" accessTokenUrl="https://na1.salesforce.com/services/oauth2/token" authorizationUrl="https://na1.salesforce.com/services/oauth2/authorize" doc:name="Salesforce"/>...

AngularJS / OAuth 2 transport-layer security

angularjs,http,oauth-2.0,http-post
The OAuth service I am trying to get the response from is working but something wrong in my code which does not make the request. $http.post(myURL, 'grant_type=password&username=' + userName + '&password=' + passWord, headers: { 'Content-Type: application/x-www-form-urlencoded', 'Authorization Basic ' + btoa(secretWord) }). success(function (response) { console.log(response); }). error(function (response)...

Spring Security OAuth2 - Add parameter to Authorization URL

spring,spring-security,oauth-2.0,spring-security-oauth2
I am using Spring Security with OAuth2 for authentication/authorization using following project. http://projects.spring.io/spring-security-oauth/ I have a requirement to add parameter to OAuth2 authorization url. I am not sure how should I add it to AuthorizationCodeResourceDetails bean? The problem is I want to start the user journey by login or registration...

Correct way to set Bearer token with CURL

php,http,curl,oauth-2.0
I get my bearer token from an API end point and set the following: $authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274" Next I want to use CURL to access the secure endpoint however I am unsure on how or where to set the Bearer token. I have tried this but but it does...

Does CAS 4.0.1 support OAuth Grant Type “Implicit”?

oauth,oauth-2.0,cas
Does CAS currently (4.0.x) support any other grant type than "Authorization Code"?

Having trouble trying to use gdata and oauth2 in python

python,eclipse,oauth-2.0,gdata
Good evening, i've been trying to migrate my blogger python app to oauth2 since the good old Clientlogin() has been deprecated and erased. So, basically i searched through the entire web and couldn't manage to make my application to work correctly. This is the basic code im using for testing:...

AccessTokenRefreshError: invalid_scope

google-app-engine,cron,oauth-2.0
I am trying to do some things with a Cron.yaml My cron works fine, but the authentication no. In the localhost I use this : from oauth2client.appengine import AppAssertionCredentials storage_credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/storage') storage_http = storage_credentials.authorize(httplib2.Http()) storage_service = build("storage", "v1", http=storage_http) This works fine, but when I deploy it in GAE,...

Event for Chrome Google account logout or Google account user switch

javascript,google-chrome-extension,oauth-2.0,google-account
Is there an event or listener that fires when a user logs his Google account out of Chrome (or switches from account)? When this happens I want to change my Chrome Extension default_icon (from green to red)....

OAuth 2 client access and grant code

oauth-2.0
I am reading the oauth 2 protocol using different links on web and its rfc (RFC 6749). After going through the links i have the following doubts: Is it required for authorization server to maintain the grant code at its end after it has generated and passed the code to...

Revoking OAuth tokens in Mule

oauth-2.0,mule
I have configured a OAuth provider in Mule using the OAuth connector, and I give out access tokens to users as and when they login, they get a new access token for each device they login with, my question is what is the best thing to do when a user...

Is it possible to pass Facebook Graph API access token through request header?

facebook,facebook-graph-api,oauth-2.0
I am testing Facebook Graph API v2.3 with Postman. While it is possible to get response by putting access token in query string as follow: https://graph.facebook.com/v2.3/me?access_token=my_access_token I am wondering whether it's possible to do the same thing with HTTP request headers, which would be something like this: GET /v2.3/me HTTP/1.1...

How to use token obtained using GoogleAuthUtil class to get user information?

java,android,oauth-2.0,google-oauth
I am building an Android app in which I want to authenticate user using their google account. I am using GoogleAuthUtil class to obtain token from google as shown below protected String fetchToken() throws IOException{ try { return GoogleAuthUtil.getToken(act, email, scope); } catch (GoogleAuthException e) { e.printStackTrace(); } return null;...

Our OAuth2 implemention has security flaws

java,angularjs,security,oauth-2.0,hacking
I logged in as Scott who only has read permission. The oauth2 server(JAVA based) gave me a token. Then I asked my teammate to send me his non-expired token. I updated my Angular application and hardcoded the token that was given to me. I tried to make changes to the...

Vimeo API invalid token when making request

oauth-2.0,token,vimeo-api
I am trying to make a request to the Vimeo api v3 using this request URL: https://api.vimeo.com/videos?query=elvis&client_id=XXXXXXXXXXXXXXXXX&token=XXXXXXXXXXXXXXXXXXXX The token I am sending is copy and pasted from the web interface. I generated it there. I'm trying it from the browser and receiving this response: { "error": "A valid user token...

integrate login to my sites with OpenId or OAuth

login,zend-framework2,oauth-2.0,openid,integrated
i have a few site developed with zend framework 1 and zend framework 2,i wanna users register in main site and in other sites i want to have a login button ,if user click on login: 1- if user logged in in main site ago , user login without enter...

access_type=online vs offline, how to know which one to use

c#,permissions,oauth-2.0,google-oauth
I have implemented Google oauth2 server flow for web, the first time that user logins using his/her google account I have to use access_type=offline to get a refresh token and save it to database but after that access_type=online will be enough. I have read that google issues limited number of...

CAS vs. SAML vs. OAuth2

ruby-on-rails,oauth-2.0,single-sign-on,saml,cas
Before you put me down for asking too basic a question without doing any homework, I'd like to say that I have been doing a lot of reading on these topics, but I'm still confused. My needs seem simple enough. At my company, we have a bunch of Ruby on...

symfony2 rest api conception. Application authentication/ user application authentication

api,rest,symfony2,oauth-2.0
I'm working on transforming my classic website to rest API in Symfony 2 world. First of all I'm doing that because I want to a mobile version of my project (maybe phone gap) but with angularjs. my question actually is what is the difference between my angular application authentication to...

Pythons Social Auth for Spotify: redirect is missing 'state' parameter

python,django,oauth-2.0,spotify,python-social-auth
I am implementing Python Social Auth in a Django app that needs access to the user's Spotify account. The initial step in the Auth flow works: a request is sent to Spotify's '/authorize' endpoint and the user is presented with a modal explaining the scopes of the access for which...

How to identify if the OAuth token has expired?

ios,oauth-2.0
My iOS mobile app consumes services that are implemented with the OAuth2.0 protocol. The OAuth access token comes along with a refresh token and an expires_in field. I saved the refresh token and access token expiration time in my app but don't have a good idea on when to use...

How to identify provider for oauth2 redirect_uri callback?

oauth-2.0,openid-connect
Im trying to undertand how to properly identify which provider a returning authorization request was initiated by. I see three approaches: Use provider specific redirect_uri callback URIs. /oauth2/<provider-name>/callback etc. Encode provider id/name in state parameter somehow Store a pending provider id/name in the web session Try to verify response with...

OAuth call for a request token yields a 400 error

oauth-2.0,linkedin-j
I want to obtain an Access Token is for my application using the Authorization Code it just acquired. I am using this code DefaultHttpClient client = new DefaultHttpClient(); URI uri = new URIBuilder().setScheme("https") .setHost("www.linkedin.com") .setPath("/uas/oauth2/accessToken") .setParameter("grant_type", "authorization_code") .setParameter("code", code) .setParameter("redirect_uri", "http://localhost:9090/ConnectSocialMedia/callBack.jsp") .setParameter("client_id", CONSUMER_KEY_OPTION) .setParameter("client_secret",...

Google OAuth 2.0 Refresh Token

php,oauth,oauth-2.0,google-oauth,google-login
I am creating a web application that requires Google OAuth authentication. I have successfully recieved the refresh and access token, however, I cannot seem to get the refresh token again. I understand that I need to revoke access from my account in order to get the refresh token again. However...

OAuth 2.0 resource owner access token implementation

php,authentication,oauth,oauth-2.0
I've read through RFC6749 for OAuth 2.0 as well as quite a few SO questions and blog posts but I'm still unclear on how to implement some of the things. Currently, users log in through a form on a web page and use the application which makes database calls to...

How to not have consent page in OpenID Connect Authorize Endpoint for Resource Owner?

oauth-2.0,single-sign-on,openid-connect
When I had resource owner grant type, I never needed to deal with the Consent Page but now I am trying to create SSO for my systems using OpenID Connect and I am very confused. /authorize endpoint always shows consent form for public apis (Facebook, Google etc) as this used...

How to share developer account at LinkedIn

oauth,oauth-2.0,linkedin
I have a developer account at LinkedIn. My question is if it's possible to connect other developers to it? We are three developers in our company that is working on the same app but on different platforms. I want them to have full access of the app info site, but...

Why does every OAuth2 provider work differently?

oauth-2.0
This annoys me, and perhaps I'm simply getting it wrong, but it seems that just about every OAuth2 provider has it's own subtle nuances to using their services. OAuth2 is supposed to be a standard way of dealing with authentication, so why isn't it?

OAuth2 INTRIDEA gem and HTTP basic authentication header

ruby,oauth-2.0,yahoo-api,ringcentral
Using INTRIDEA's OAuth2 Ruby gem, is there a recommended way to add the HTTP basic authentication header using the password strategy? This is required by the Yahoo and RingCentral OAuth 2.0 implementations. The required header I'm working with is of the following format: Authorization: Basic <base 64 encoded "CLIENT_ID:CLIENT_SECRET"> The...

Error: redirect_uri_mismatch in google OAuth-AngularJS Full-Stack generator

oauth-2.0,google-oauth
I am using generator-angular-fullstack from AngularJS Full-Stack generator.While i am trying to use provider OAuth i am getting following error.After registering app in console.google i have downloaded json to be clear. { "web" : { "auth_uri" : "https://accounts.google.com/o/oauth2/auth", "client_secret" : "xxxxxxxxxxxxxxxxxx", "token_uri" : "https://accounts.google.com/o/oauth2/token", "client_email" : "[email protected]ccount.com", "redirect_uris" : ["http://localhost:9000"],...

Unable to authorize using existing access token with Google API node.js SDK

node.js,oauth-2.0,google-api,google-analytics-api
A bit of background first; I've got a PHP-based app which handles the Google OAuth flow and stores the resulting access token in a database. I am able to use this access token perfectly fine in another PHP script, so I don't think the token has expired. The problem comes...

The correct way to implement login with google account

oauth-2.0,google-plus,web2py,janrain
What is the correct way to implement user login with google account in web2py? I can not use janrain (for some reason there is no google option when choosing widgets in my account, but google is configured as a provider.)

ExternalLoginInfo Email is always null in Microsoft and Facebook oauth2, MVC C#?

c#,asp.net-mvc,oauth,oauth-2.0
I'm using the following code for ExternalLoginCallback In google everything is OK. but in Facebook and Microsoft loginInfo.Email is always null. What's wrong with the following code? [AllowAnonymous] public async Task<ActionResult> ExternalLoginCallback(string returnUrl) { ExternalLoginInfo loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); if (loginInfo == null) { return RedirectToAction("Login"); } // loginInfo.Email is...

How to share a public key for OAuth2 JWT validation?

validation,oauth-2.0,public-key-encryption,jwt
I am implementing an app that connects to an OAuth2 server and it gets back a Json Web Token (JWT). I am passing the token along and I want to independently validate that the token came from the issuing source. I can do this, no problem, with the public key...

oAuth 2 authorization header syntax

oauth-2.0
The oAuth 2 specification requires that authorization headers be structured as follows authorization: Bearer token_code What's the point of adding Bearer ? and I think that would mean than when I access it on the server side, I need to extract token_code from the string ? Can I choose to...

Apache Oltu Github integration example with Spring MVC

oauth,oauth-2.0,spring-security-oauth2,oltu
I'm developing an "Apache Oltu Spring MVC Github" integration example. In this example I will be sending "App ID" and "Secret" to get the "access_token" in order to access the protected resources like "Gist", "user" etc. So first step is to create / register the "App" using https://github.com/settings/applications/new. Once you...

OAuth 2.0 and OpenID Connect libraries

c#,oauth-2.0,openid-connect
What are best options for OAuth 2.0 and OpenID Connect Open Source libraries with C# (.NET) Implementation. I know few, but they are either OAuth 2.0 or other but not both...

API Authentication using HMAC

authentication,hash,oauth-2.0,slim,hmac
I am looking for a decent method of authentication to use when writing a simple API for use within our internal systems. Other questions on Stack Overflow have suggested HMAC along with links to tutorials, which I went ahead and decided to implement. After setting this up, I realized I...

Function isAssignableFrom returns false during server startup

java,spring,spring-mvc,oauth-2.0
Implementing an oauth2 system, I am having some problems with the following code: import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping; import org.springframework.web.servlet.HandlerMapping; ... HandlerMapping.class.isAssignableFrom(FrameworkEndpointHandlerMapping.class); Indeed, as the class FrameworkEndpointHandlerMapping is implementing the interface HandlerMapping, this function should always return true. It is the case when I run a unit test on this function. However, during...

Testing Web API controllers protected with [Authorize]

asp.net,.net,asp.net-web-api,oauth-2.0,integration-testing
I have just added token-based security to my Web API using ASP.net identity OWIN and OAuth 2. As a result of this I am getting 405 unauthorized error on all my tests. How can I mock the securitycontext. I've seen some samples where other have overridden the Thread.CurrentPrincipal but unsure...

OAuth2 Password Grant Type with Client_Id & Client_Secret

authentication,oauth-2.0,token
I am developing an app to access its own resources via Rest endpoints. Users are required to acquire access token via email/password. After completed Authentication server configuration, I had this observation: With: curl client:[email protected]:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password I am getting the correct response: {"access_token":"7541a4f6-e841-41a0-8a54-abf8e0666ed1","token_type":"bearer","refresh_token":"d3fdd7e3-53eb-4e7b-aa45-b524a9e7b316","expires_in":43199,"scope":"openid"} However With:...

Adding ActionBuilders to a project to check permissions after identification

playframework,oauth-2.0,actionbuilder
First of all, I'm a newbie in Play Framework, so maybe this is very basic, but I couldn't find enough documentation to clarify. Currently I have a project that use Oauth2 to identify and authorize the users. This is being done with an ActionBuilder and working well. What I do...

Automatically login local user after registration with IdentityServer3

c#,oauth-2.0,identityserver3,owin-security
Using IdentityServer3 I need to automatically login and redirect a local user back to the client application after the user has completed a registration process. Is there an elegant way to do this? From my digging I suspect not, in which case is there a hack I can use to...

Pull Youtube account info via access token?

php,oauth-2.0,youtube-api
I am working with OAuth for the first time and playing around with the Youtube one. I got the following code: if(isset($_GET['code'])) { $code = $_GET['code']; $url = 'https://accounts.google.com/o/oauth2/token'; $params = array( "code" => $code, "client_id" => "XXX", "client_secret" => "YYY", "redirect_uri" => "URL", "grant_type" => "authorization_code" ); $curl =...

OAuth JWT access token expiration depending on type of client

asp.net-web-api,oauth-2.0,jwt
I created a JWT token implementation based on Taiseer's tutorial. The following code was added to my Owin startup class: OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = HttpContext.Current.IsDebuggingEnabled, TokenEndpointPath = new PathString("/oauth2/token"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(90), Provider = new CustomOAuthProvider(), AccessTokenFormat = new CustomJwtFormat("http://example.com/") }; Now there are different types...

Oath2 redirect call is missing parameters

php,oauth-2.0
I am trying to authenticate with a family history web service that authenticates using OAuth2. The basic workflow of the authentication is that I submit a get request against the web service requesting an authentication session. It returns in the body of the response HTML Code with some login components...

OAuth2 redirection fails with CORS error

redirect,spring-security,oauth-2.0,cors,restful-authentication
I have a RESTful service which I have secured using Spring Security and pac4j-oauth. An important detail is that Google is acting as the OAuth2 server-- we need the user's Gmail address to know if they are a legal user of our system, and eventually the service will also need...

Packages/libraries to build a Laravel 5 REST API [closed]

php,ios,rest,oauth-2.0,laravel-5
I'm going to build a back-end API REST using Laravel 5 for an iOS application (perhaps for Android in the future) so I found a couple of packages on github for the API authentication: https://github.com/chrisbjr/api-guard https://github.com/lucadegasperi/oauth2-server-laravel And I want to know what's the different between them and what package could...

OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN

spring-security,oauth-2.0,cors,single-page-application,restful-authentication
Our stack uses Backbone as our client-side app and Spring Boot as a RESTful API. We're trying to make basic authentication using OAuth2 with user providing username and password. We use Spring Security for authentication and jQuery $.ajax method for making requests. However the response we get is 401(unauthorized) status...

Open ID Connect Provider - Persist ID Tokens?

ruby-on-rails,oauth-2.0,openid-connect
I'm writing an Open ID Connect Provider in Rails, basically refactoring this example Here. My question is - do ID Tokens need to be persisted on the server at all? If I'm just signing the ID Token and sending it to the RP, can't I just generate the ID Token...

Chrome identity launchWebAuthFlow only opens empty callback page

javascript,google-chrome-extension,callback,oauth-2.0,identity
Sorry for yet another probably noob question, normally I don't give in until I find a solution myself but this one has me going for 3 days and it is time to admit I'm stuck... I'm trying to authenicate a Chrome extension to use PushBullet user data via OAuth2: background.js...

OpenID Connect Signin Page separate endpoint or authorize endpoint

oauth-2.0,single-sign-on,openid-connect
How does OpenID Connect Authorization Code Flow work? Let's say a user made a request to app.example.com didn't have an access token or had an access token that is invalid. When the app redirected the user to authorization server: auth.example.com/authorize?response_type=code&client_id=CLIENT_ID&scope=openid&state=STATE&nonce=NONCE Does the endpoint above have the signin screen? Or does...

Getting error 'No authorization header passed' with PHP's POST CURL request - envato api

php,curl,oauth-2.0
I'm getting started with the Enavato API So far I've created an app, got client_id & client_secret and managed to get the code access_key from the https://api.envato.com/authorization after that I'm using the below php code to make POST curl request $client_id = '***********'; $client_secret = '***********'; $redirect_uri = urlencode('http://localhost:3000'); if(isset($_GET["code"]))...

'redirect url' for an oAuth2.0 client

android,rest,oauth-2.0,client
I am extremely new to the OAuth framework and am currently working on writing a client on the android platform. When trying to register my application with the api provider, it asks for a redirect url. I searched around bit and found some literature that says that it is a...

Spring OAuth: Resource Server with Authorization Server backend

spring-security,oauth-2.0,spring-security-oauth2,spring-cloud
I want to develop two independent services, one for the business stuff and one for the user authentication using Spring OAuth 2 Let's call them Business-Service and OAuth-Service. Now I want the Business-Service delegate to the OAuth-Service if a request is not authenticated. The client application (an Android app) should...

Not getting refresh token with google oauth2

oauth-2.0,google-login,google-oauth2
I have the set the scope to 'https://mail.google.com/' and the extra params like 'access-type=offline' and 'approval-prompt=force' are also set. After the process is complete, I'm not getting the refresh token. I only get the access_token, expires_in and token_type fields. I even revoked the access to the app from the account...

OAUTH2 flow for authentication across clients

web-services,rest,oauth-2.0,openid-connect,google-oauth2
I seem to be royally confused, somehow OAUTH2 or it's newer more stringent subset OpenID Connect just don't click in my head... My application is a RESTFUL service that has no Web UI whatsoever. Several clients are using it ( from both web and mobile apps ) My service should...

How to Identify Client uniqueness?

api,rest,oauth-2.0,web-api,api-design
TL;DR; Is there any way to bind a (Bearer?) token to a unique client, and represent that in the HTTP REQ Headers? In the scenario that a user has an account to a service. The same user should be able to consume the services using different client applications (different Browsers,...

Bearer token in MVC controller to access Web API

asp.net-web-api,oauth,oauth-2.0,bearer-token
I have two projects: MVC, Web Api In the Web API project I am using bearer token authentication. This token expires after 24 hours. In my MVC project I'd like to call the Web api project via MVC controller (server to server). What's the best way to: Get a token...

I cannot get user details from Google Plus

android,oauth-2.0,google-plus
The line Plus.PeopleApi.getCurrentPerson(mGoogleApiClient) returns null even though I have already signed in and my app is already connected to the account. Here is my code: @Override public void onConnected(Bundle connectionHint) { mSignInClicked = false; Toast.makeText(this, "User is connected!", Toast.LENGTH_LONG).show(); Plus.PeopleApi.loadVisible(mGoogleApiClient, null).setResultCallback(this); String personName = "No one!"; if (Plus.PeopleApi.getCurrentPerson(mGoogleApiClient) != null)...

[OAuth2 authorization server]refresh token's expire time need different with access token?

asp.net,oauth,oauth-2.0,owin
I'm learning OAuth2 via this tutorial, then I found refresh token's expire time is the same as access token, is this correct?

Facebook Access Token doesnt expire, but new documentation says the max is 60 days

facebook,oauth-2.0,facebook-access-token
From reading the Facebook documentation on access tokens, the maximum lifetime is 60 days. However, I tested the one below I got through a TEST application of my real application and it says Never, meaning it doesnt expire. Is that correct? Shouldnt it have an expiration date? This token gives...

Spring-boot oauth2 splitting authorization server and resource server

java,oauth-2.0,spring-boot,spring-security-oauth2
Im trying to split the resource server from the authorization server in spring-boot. I have two different applications that i'm running separately. In the authorization server i can get the bearer token from oauth/token but when i'm trying to get access to the resource(sending the token in header) i'm getting...

Google+ Sign In / Access Control List (Limit Who Can Sign In)

oauth-2.0,google-plus,google-oauth,google-plus-signin
I would like to use G+ sign-in to allow access to a secure area of a website. However, I would like to only authenticate certain users. Either by Approving them after they request, or pre-defining a list. Is this even viable? ...

OAuth2 : redirect_uri post LinkedIn & Facebook

facebook,oauth-2.0,google-plus,linkedin
I'm performing the server side oAuth2 flow. I noticed that google has added a cool feature for their oAuth2 signin API which is redirect_uri=postmessage so we don't show the real redirect_uri on the browser url bar and the authorization code won't be included in the redirect url. For linkedin, when...

Redirection URL for Microsoft Live OAuth2 API

oauth-2.0,onedrive,onedrive-api
I have multiple domain names, but all of that resolves to the same IP. eg. x.mysite.com and y.mysite.com for my different customers. at the same time app.mysite.com also points to the same IP, server etc. With Google OAuth2 API, in the redirect_url I am able to specify "app.mysite.com" and everything...

Coinbase Oauth2 - token request URL - “404 Not found”

url,oauth-2.0,coinbase
First steps of the Coinbase Oauth Authorization seem to work fine. I request the customer code via the following URL: "https://www.coinbase.com/oauth/authorize?response_type=code&client_id=XXXXXXXXXXXXXXXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=user+balance" I get back the code via URL.. Then trying to request the token with given CODE and CLIENT SECRET and CLIENT ID:...

How to make Ember Cli Mirage to work with Ember Simple auth

javascript,ember.js,oauth-2.0,ember-simple-auth,ember-cli-mirage
For development and testing I want to use Ember CLi Mirage. I'm trying to get it to work with simple auth and oauth2. How do I have to set up Mirage to work with a session token? This is what I'm doing so far: import Ember from 'ember'; export default...

invalid_grant error while getting access token via OAuth 2.0

python,python-2.7,oauth,oauth-2.0
There is a python app uses Health Graph API # -*- coding: utf-8 -*- from django.shortcuts import render_to_response, redirect from main.settings import CLIENT_ID, CLIENT_SECRET, RUNKEEPER_LOGIN_URL, ACCESS_TOKEN_URL import requests def index(request): return render_to_response('index.html') def login(request): code = request.GET['code'] post_data = {'grant_type': 'authorization_code', 'code': code, 'client_id': CLIENT_ID, 'client_secret': CLIENT_SECRET, 'redirect_uri': 'http://127.0.0.1:8000/welcome/'} req...

Authentication after migrating to App Services Mobile App: uid vs sid

azure,oauth-2.0,azure-mobile-services,azure-web-sites
I've migrated form Azure Mobile Services to the new App Services Mobile App, and I'm using the new AMS 2.0.0-beta on the client-side. I have two providers (currently) implemented for OAuth 2.0: Google and Twitter. Previously, I was able to get the provider token via a claim in the principal...

How to solve UnsupportedMediatType when using RestSharp and OAuth2

c#,rest,oauth-2.0,restsharp
Just a few minutes ago I managed to make my code work with RestSharp and OAuth2, retrieving an access token. I now want to use that token on every call that I make to my REST API. Unfortunately I keep getting an UnsupportedMediaType StatusCode although the response status is completed....

Django OAuth2 invalid grant_type

python,django,oauth-2.0
I am using Django OAuth Toolkit and I successfully create sign_up call - which in return gives me this response: { "username": "boban16", "client_id": "sxFB8WOd5qupdyp5c4pjJHXAQQFPVCW7FKA3SUmy", "client_secret": "3nUreBDpx9cCSEeVyOhpXZ76Om0keOxFwK2rRQJNK5wvYuA1tUF37sH0Of473wCgeJ3tCmflN9kPnP9VkgepWxrARC6iimqI6y34pyVU7otlcXHjS2SSOmsP2c0XNxrA" } So, I am now trying to make a call to generate token using Postman application - request looks like this: And this...

OAuth2 Token Validation and confidential clients

security,authentication,oauth-2.0,bearer-token
I have a question about OAuth2 and validating the client that a token has been assigned to. The spec says that for confidential clients a client must authenticate when requesting tokens etc, for example with a basic auth header. This means we can verify that a client has been registered...

Is using a SSO Assertion (JWT or SAML) For OAuth Assertion Flow Common?

oauth,oauth-2.0,single-sign-on,saml,jwt
I'm working on a set of systems that are exposing REST APIs that are authenticated using OAuth 2. Various of these systems have their own indpendant sets of user accounts, there is no common notion of a user identifier across all the systems. For interactive usage we already have a...

Why isn't client secret encrypted in OAuth?

oauth-2.0,secret-key
I've been researching on OAuth server implementation recently. One thing I noticed is that all the server implementations do not encrypt client secret on the server side. I do understand that it's not supposed to be a password, but it's being used as a password. If that the case, why...

No Such Client Exception Spring Oauth2

java,spring,oauth,spring-security,oauth-2.0
I am trying to implement Spring Security OAuth2 using Java config. My usecase requires the use of password grant_type. I have configured this so far without the need for a web.xml and would prefer to keep it that way Versions I am using: Spring Framework: 4.1.6 Spring Security: 4.0.1 Spring...

What is the simplest example of Spring OAuth2 with Java configuration?

java,spring,oauth,spring-security,oauth-2.0
I have recently built a REST API in Spring which I am consuming with a .Net C# client. At the moment there is no security so I would like to implement OAuth2. I am going to be the only user of my REST API so I don't need something complicated....

Setting a valid Azure AD uri for PhoneGap

cordova,mobile,oauth-2.0,uri,azure-active-directory
I am working on a mobile app, using the PhoneGap framework. For the next part of the project, I need to allow users to authenticate themselves through their Windows 365 account of the company. For this I'm using Azure AD, with the following AngularJS based library. I have already succeeded...

Does “authenticate with facebook” require a facebook-server to send data directly to my server?

facebook,facebook-graph-api,oauth,oauth-2.0
I am building a "authenticate with facebook" or "login with facebook" function for a website on my development server. The development-server is a VM running on my computer. I have set up my own DNS-server so that i can access the website with: anydomainname.de - which of course only works...

Get access token for more than one scope from GoogleAPI's in Android

android,oauth-2.0,google-api,youtube-api,android-youtube-api
I have an application which requests youtube data api's. I need to have access token for some request like to get video's, playlist etc. For this I can simply use GoogleAuthUtil class to get Token by calling: String access_token = GoogleAuthUtil.getToken(Context, userEmail, "oauth2:https://www.googleapis.com/auth/youtube"); Where third parameter is a Scope to...

can I implement both SAML and basic spring security within an application?

java,spring,spring-security,oauth-2.0,spring-saml
I have requirement for our application where we need to implement Spring SAML within our app to enable federated SSO for one customer. However we need to maintain existing login flow using spring-security for other customer. So my question is can we have two security mechanism for an web application...

What is the preferred method of using Google for sign-in?

authentication,oauth-2.0,google-plus,google-oauth
Google has a habit of providing multiple means to achieve a goal. And of ditching services when they feel like it. If I would need to implement a "sign-in with Google" authentication feature today, which one should I pick? Google Sign-In or Google+ Sign-In? Or to put it differently: which...

gspread/OAuth2: authenticated default gmail account (used early in ClientLogin)

oauth,oauth-2.0,google-oauth,google-spreadsheet-api,gspread
I have been using gspread (authenticated via ClientLogin) for a last year. Now I would like to use OAuth2. I've followed tutorial from gspread site: http://gspread.readthedocs.org/en/latest/oauth2.html The problem is that this method creates new "Email address" (in console.developers.google) which doesn't have an access to spreadsheets - all spreadsheets should be...

OAuth2 “client credentials” grant: remote IP check?

oauth,oauth-2.0
I'm developing an API which only needs to be accessed by servers, as opposed to specific, human users. I've been using the client credentials grant which, if I'm not mistaken, is appropriate for this use case. So the remote websites/apps, after registering their corresponding OAuth2 clients, are simply requesting an...

Google SignIn State

login,oauth-2.0,google-oauth
I'm trying to build a Google signin button into my website. I'm trying to avoid using their built-in button. The code below works to sign in a user, but I can't figure out how to make my webpage remember that they're signed in when the user refreshes the page, or...

Issues using OAuth2 to authorize in gspread using python

python,authentication,oauth-2.0,google-oauth,gspread
I am very new with python so please excuse my ignorance. I am trying to send data to Google spreadsheets and have decided to use gspread. However gspread requires me to use OAuth-2.0 to authorize access to the spreadsheets. I have used the tutorial on their documentation page to do...

Dropbox API Token flow - no token in response

c#,oauth-2.0,dropbox-api
I'm trying to work with the Dropbox API in my current C# application. At the moment I'm struggling with the OAuth2 authentication (implicit flow). First of all I chose the implicit flow because I develop a pure client-side app and regarding to the API's documentation this flow is made for...

Get access token from JHipster with OAuth2

android,oauth-2.0,jhipster
I'm reading about this OAuth2 but I can't find anything to get my token from JHipster I saw an api to connect to google , facebook... but nothing to JHipster. My JHipster is already set up and running but i can't find this url/methods. Does JHipster come with default url...

Oauth2 for Authorization and Authentication?

django,oauth-2.0,google-oauth,openid-connect
Can Oauth2 be used for authorization and authentication? As I understand it, Oauth2 authorizes a consumer application to access user information from providers (e.g. Facebook, Google, Twitter, etc). But can Oauth2 be used to authenticate a user? For example, suppose we have an app comprised of native mobile frontends and...

Linkedin Rest API suddenly stopped working

ruby,oauth-2.0,linkedin,third-party-api,linkedin-api
I'm developing a Rails app, which contains importing of profile information from LinkedIn to a Rails DB. It works fine a lot of the time, but over the last 2 weeks it suddenly stopped working... Default Application Permissions on LinkedIn is only r_fullprofile I use linkedin gem as a wrapper...

Symfony - OAuth and basic auth together

symfony2,oauth-2.0,fosuserbundle,hwioauthbundle
So, I have this security: providers: fos_userbundle: id: hwi_oauth.user.provider.fosub_bridge firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: pattern: ^/ anonymous: true logout: true form_login: provider: fos_userbundle csrf_provider: form.csrf_provider login_path: /login check_path: /login_check oauth: resource_owners: battlenet: "/login/check-battle-net" login_path: /login use_forward: false failure_path: /login oauth_user_provider: service: hwi_oauth.user.provider.fosub_bridge logout: path: /logout...

Moxtra authorization to generate acces_token fails

oauth-2.0
I am trying to embedded Moxtra chat functionality into my App. For this I followed the steps mentioned into OAuth 2 Authentication for Moxtra developer site I was able to successfully registered my App in Moxtra and in response I got clientId and Secret key for it. But when I...