FAQ Database Discussion Community
facebook-graph-api,oauth-2.0,paw-app
How can I setup PAW to work with Facebook locally for development? Or even at all for that matter? I have a node.js backend that I'm setting up with Facebook Auth. Every one of my routes needs the user to be logged in. I have two endpoints related to FB...
c#,permissions,oauth-2.0,google-oauth
I have implemented Google oauth2 server flow for web, the first time that user logins using his/her google account I have to use access_type=offline to get a refresh token and save it to database but after that access_type=online will be enough. I have read that google issues limited number of...
validation,oauth-2.0,public-key-encryption,jwt
I am implementing an app that connects to an OAuth2 server and it gets back a Json Web Token (JWT). I am passing the token along and I want to independently validate that the token came from the issuing source. I can do this, no problem, with the public key...
authentication,oauth-2.0,google-plus,google-oauth
Google has a habit of providing multiple means to achieve a goal. And of ditching services when they feel like it. If I would need to implement a "sign-in with Google" authentication feature today, which one should I pick? Google Sign-In or Google+ Sign-In? Or to put it differently: which...
facebook,oauth-2.0,google-plus,linkedin
I'm performing the server side oAuth2 flow. I noticed that google has added a cool feature for their oAuth2 signin API which is redirect_uri=postmessage so we don't show the real redirect_uri on the browser url bar and the authorization code won't be included in the redirect url. For linkedin, when...
cordova,mobile,oauth-2.0,uri,azure-active-directory
I am working on a mobile app, using the PhoneGap framework. For the next part of the project, I need to allow users to authenticate themselves through their Windows 365 account of the company. For this I'm using Azure AD, with the following AngularJS based library. I have already succeeded...
angularjs,http,oauth-2.0,http-post
The OAuth service I am trying to get the response from is working but something wrong in my code which does not make the request. $http.post(myURL, 'grant_type=password&username=' + userName + '&password=' + passWord, headers: { 'Content-Type: application/x-www-form-urlencoded', 'Authorization Basic ' + btoa(secretWord) }). success(function (response) { console.log(response); }). error(function (response)...
asp.net,oauth,oauth-2.0,owin
I'm learning OAuth2 via this tutorial, then I found refresh token's expire time is the same as access token, is this correct?
java,spring,oauth,spring-security,oauth-2.0
I am trying to implement Spring Security OAuth2 using Java config. My usecase requires the use of password grant_type. I have configured this so far without the need for a web.xml and would prefer to keep it that way Versions I am using: Spring Framework: 4.1.6 Spring Security: 4.0.1 Spring...
url,oauth-2.0,coinbase
First steps of the Coinbase Oauth Authorization seem to work fine. I request the customer code via the following URL: "https://www.coinbase.com/oauth/authorize?response_type=code&client_id=XXXXXXXXXXXXXXXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=user+balance" I get back the code via URL.. Then trying to request the token with given CODE and CLIENT SECRET and CLIENT ID:...
facebook,facebook-graph-api,oauth,oauth-2.0
I am building a "authenticate with facebook" or "login with facebook" function for a website on my development server. The development-server is a VM running on my computer. I have set up my own DNS-server so that i can access the website with: anydomainname.de - which of course only works...
oauth-2.0,google-plus,google-oauth,google-plus-signin
I would like to use G+ sign-in to allow access to a secure area of a website. However, I would like to only authenticate certain users. Either by Approving them after they request, or pre-defining a list. Is this even viable? ...
oauth-2.0,office365,outlook-restapi
I am following this entry at Exchange dev blog (MSDN). For the sample project published on GITHub, I'm getting following build errors, wondering which step I missed... Could not copy the file "AccessMailboxAsApp\Content\myappcert.pfx" because it was not found. Could not copy the file "AccessMailboxAsApp\Content\encryptionCert.pfx" because it was not found. ...
java,spring,oauth,spring-security,oauth-2.0
I have recently built a REST API in Spring which I am consuming with a .Net C# client. At the moment there is no security so I would like to implement OAuth2. I am going to be the only user of my REST API so I don't need something complicated....
asp.net-web-api,oauth-2.0,jwt
I created a JWT token implementation based on Taiseer's tutorial. The following code was added to my Owin startup class: OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = HttpContext.Current.IsDebuggingEnabled, TokenEndpointPath = new PathString("/oauth2/token"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(90), Provider = new CustomOAuthProvider(), AccessTokenFormat = new CustomJwtFormat("http://example.com/") }; Now there are different types...
android,oauth-2.0,google-api,youtube-api,android-youtube-api
I have an application which requests youtube data api's. I need to have access token for some request like to get video's, playlist etc. For this I can simply use GoogleAuthUtil class to get Token by calling: String access_token = GoogleAuthUtil.getToken(Context, userEmail, "oauth2:https://www.googleapis.com/auth/youtube"); Where third parameter is a Scope to...
spring-security,oauth-2.0,spring-security-oauth2,spring-cloud
I want to develop two independent services, one for the business stuff and one for the user authentication using Spring OAuth 2 Let's call them Business-Service and OAuth-Service. Now I want the Business-Service delegate to the OAuth-Service if a request is not authenticated. The client application (an Android app) should...
security,authentication,oauth-2.0,bearer-token
I have a question about OAuth2 and validating the client that a token has been assigned to. The spec says that for confidential clients a client must authenticate when requesting tokens etc, for example with a basic auth header. This means we can verify that a client has been registered...
authentication,oauth-2.0,token
I am developing an app to access its own resources via Rest endpoints. Users are required to acquire access token via email/password. After completed Authentication server configuration, I had this observation: With: curl client:[email protected]:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password I am getting the correct response: {"access_token":"7541a4f6-e841-41a0-8a54-abf8e0666ed1","token_type":"bearer","refresh_token":"d3fdd7e3-53eb-4e7b-aa45-b524a9e7b316","expires_in":43199,"scope":"openid"} However With:...
c#,oauth-2.0,identityserver3,owin-security
Using IdentityServer3 I need to automatically login and redirect a local user back to the client application after the user has completed a registration process. Is there an elegant way to do this? From my digging I suspect not, in which case is there a hack I can use to...
oauth-2.0,single-sign-on,openid-connect
When I had resource owner grant type, I never needed to deal with the Consent Page but now I am trying to create SSO for my systems using OpenID Connect and I am very confused. /authorize endpoint always shows consent form for public apis (Facebook, Google etc) as this used...
android,rest,oauth-2.0,client
I am extremely new to the OAuth framework and am currently working on writing a client on the android platform. When trying to register my application with the api provider, it asks for a redirect url. I searched around bit and found some literature that says that it is a...
oauth,oauth-2.0
I'm developing an API which only needs to be accessed by servers, as opposed to specific, human users. I've been using the client credentials grant which, if I'm not mistaken, is appropriate for this use case. So the remote websites/apps, after registering their corresponding OAuth2 clients, are simply requesting an...
c#,asp.net-mvc,oauth,oauth-2.0
I'm using the following code for ExternalLoginCallback In google everything is OK. but in Facebook and Microsoft loginInfo.Email is always null. What's wrong with the following code? [AllowAnonymous] public async Task<ActionResult> ExternalLoginCallback(string returnUrl) { ExternalLoginInfo loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); if (loginInfo == null) { return RedirectToAction("Login"); } // loginInfo.Email is...
oauth-2.0,google-plus,web2py,janrain
What is the correct way to implement user login with google account in web2py? I can not use janrain (for some reason there is no google option when choosing widgets in my account, but google is configured as a provider.)
javascript,google-chrome-extension,oauth-2.0,google-account
Is there an event or listener that fires when a user logs his Google account out of Chrome (or switches from account)? When this happens I want to change my Chrome Extension default_icon (from green to red)....
java,spring,spring-security,oauth-2.0,spring-saml
I have requirement for our application where we need to implement Spring SAML within our app to enable federated SSO for one customer. However we need to maintain existing login flow using spring-security for other customer. So my question is can we have two security mechanism for an web application...
playframework,oauth-2.0,actionbuilder
First of all, I'm a newbie in Play Framework, so maybe this is very basic, but I couldn't find enough documentation to clarify. Currently I have a project that use Oauth2 to identify and authorize the users. This is being done with an ActionBuilder and working well. What I do...
authentication,hash,oauth-2.0,slim,hmac
I am looking for a decent method of authentication to use when writing a simple API for use within our internal systems. Other questions on Stack Overflow have suggested HMAC along with links to tutorials, which I went ahead and decided to implement. After setting this up, I realized I...
azure,oauth-2.0,azure-mobile-services,azure-web-sites
I've migrated form Azure Mobile Services to the new App Services Mobile App, and I'm using the new AMS 2.0.0-beta on the client-side. I have two providers (currently) implemented for OAuth 2.0: Google and Twitter. Previously, I was able to get the provider token via a claim in the principal...
oauth-2.0
When a user needs to approve a request to authenticate using OAuth2, they are typically given "Approve" and "Cancel" buttons. What should I send when a users clicks "Cancel" ? As a developer, what do I send to the OAuth server to make it deny the request when a user...
oauth,oauth-2.0,linkedin
I have a developer account at LinkedIn. My question is if it's possible to connect other developers to it? We are three developers in our company that is working on the same app but on different platforms. I want them to have full access of the app info site, but...
python,authentication,oauth-2.0,google-oauth,gspread
I am very new with python so please excuse my ignorance. I am trying to send data to Google spreadsheets and have decided to use gspread. However gspread requires me to use OAuth-2.0 to authorize access to the spreadsheets. I have used the tutorial on their documentation page to do...
c#,oauth-2.0,asp.net-web-api2
Hi I am using Bearer authentication in my web api 2. After user login i generate access token to the user. Further when they request my web api, they have to send access token in request header. All valid access tokens are requesting web api with out any problem. But...
oauth-2.0
This annoys me, and perhaps I'm simply getting it wrong, but it seems that just about every OAuth2 provider has it's own subtle nuances to using their services. OAuth2 is supposed to be a standard way of dealing with authentication, so why isn't it?
node.js,oauth-2.0,google-api,google-analytics-api
A bit of background first; I've got a PHP-based app which handles the Google OAuth flow and stores the resulting access token in a database. I am able to use this access token perfectly fine in another PHP script, so I don't think the token has expired. The problem comes...
c#,rest,oauth-2.0,restsharp
Just a few minutes ago I managed to make my code work with RestSharp and OAuth2, retrieving an access token. I now want to use that token on every call that I make to my REST API. Unfortunately I keep getting an UnsupportedMediaType StatusCode although the response status is completed....
oauth-2.0
I am trying to embedded Moxtra chat functionality into my App. For this I followed the steps mentioned into OAuth 2 Authentication for Moxtra developer site I was able to successfully registered my App in Moxtra and in response I got clientId and Secret key for it. But when I...
php,curl,oauth-2.0
I'm getting started with the Enavato API So far I've created an app, got client_id & client_secret and managed to get the code access_key from the https://api.envato.com/authorization after that I'm using the below php code to make POST curl request $client_id = '***********'; $client_secret = '***********'; $redirect_uri = urlencode('http://localhost:3000'); if(isset($_GET["code"]))...
oauth-2.0,mule
I have configured a OAuth provider in Mule using the OAuth connector, and I give out access tokens to users as and when they login, they get a new access token for each device they login with, my question is what is the best thing to do when a user...
java,angularjs,security,oauth-2.0,hacking
I logged in as Scott who only has read permission. The oauth2 server(JAVA based) gave me a token. Then I asked my teammate to send me his non-expired token. I updated my Angular application and hardcoded the token that was given to me. I tried to make changes to the...
google-chrome,google-chrome-extension,oauth-2.0
I'm attempting to offer a free trial period for my Chrome extension and have been following the Chrome documentation about how this can be accomplished. When my extension loads, though, the background script is logging the following error to the console: Unchecked runtime.lastError while running identity.getAuthToken: OAuth2 not granted or...
oauth,oauth-2.0,single-sign-on,saml,jwt
I'm working on a set of systems that are exposing REST APIs that are authenticated using OAuth 2. Various of these systems have their own indpendant sets of user accounts, there is no common notion of a user identifier across all the systems. For interactive usage we already have a...
oauth-2.0,openid-connect
Im trying to undertand how to properly identify which provider a returning authorization request was initiated by. I see three approaches: Use provider specific redirect_uri callback URIs. /oauth2/<provider-name>/callback etc. Encode provider id/name in state parameter somehow Store a pending provider id/name in the web session Try to verify response with...
spring,spring-security,oauth-2.0,spring-security-oauth2
I am using Spring Security with OAuth2 for authentication/authorization using following project. http://projects.spring.io/spring-security-oauth/ I have a requirement to add parameter to OAuth2 authorization url. I am not sure how should I add it to AuthorizationCodeResourceDetails bean? The problem is I want to start the user journey by login or registration...
django,oauth-2.0,google-oauth,openid-connect
Can Oauth2 be used for authorization and authentication? As I understand it, Oauth2 authorizes a consumer application to access user information from providers (e.g. Facebook, Google, Twitter, etc). But can Oauth2 be used to authenticate a user? For example, suppose we have an app comprised of native mobile frontends and...
oauth-2.0,salesforce,mule
I am connecting to SFDC with mule connector by oauth, trying to authorize but getting following error message. <flow name="sfdcFlow1" doc:name="sfdcFlow1"> <http:inbound-endpoint exchange-pattern="request-response" host="${hostname}" port="${port}" path="sfdc" doc:name="HTTP"/> <sfdc:authorize config-ref="Salesforce__OAuth_v2_0" display="POPUP" accessTokenUrl="https://na1.salesforce.com/services/oauth2/token" authorizationUrl="https://na1.salesforce.com/services/oauth2/authorize" doc:name="Salesforce"/>...
javascript,ember.js,oauth-2.0,ember-simple-auth,ember-cli-mirage
For development and testing I want to use Ember CLi Mirage. I'm trying to get it to work with simple auth and oauth2. How do I have to set up Mirage to work with a session token? This is what I'm doing so far: import Ember from 'ember'; export default...
php,http,curl,oauth-2.0
I get my bearer token from an API end point and set the following: $authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274" Next I want to use CURL to access the secure endpoint however I am unsure on how or where to set the Bearer token. I have tried this but but it does...
java,spring,exception,oauth-2.0,spring-security-oauth2
i am currently working on a project involving spring security (for OAuth2). We are using the authorization_code flow. However when the client hits the AuthorizationEndpoint (/oauth/authorize) we get an "InsufficientAuthenticationException". This may be due to an external system which is also involved in this flow which performs a redirect for...
python,django,oauth-2.0
I am using Django OAuth Toolkit and I successfully create sign_up call - which in return gives me this response: { "username": "boban16", "client_id": "sxFB8WOd5qupdyp5c4pjJHXAQQFPVCW7FKA3SUmy", "client_secret": "3nUreBDpx9cCSEeVyOhpXZ76Om0keOxFwK2rRQJNK5wvYuA1tUF37sH0Of473wCgeJ3tCmflN9kPnP9VkgepWxrARC6iimqI6y34pyVU7otlcXHjS2SSOmsP2c0XNxrA" } So, I am now trying to make a call to generate token using Postman application - request looks like this: And this...
java,android,oauth-2.0,google-oauth
I am building an Android app in which I want to authenticate user using their google account. I am using GoogleAuthUtil class to obtain token from google as shown below protected String fetchToken() throws IOException{ try { return GoogleAuthUtil.getToken(act, email, scope); } catch (GoogleAuthException e) { e.printStackTrace(); } return null;...
facebook,facebook-graph-api,oauth-2.0
I am testing Facebook Graph API v2.3 with Postman. While it is possible to get response by putting access token in query string as follow: https://graph.facebook.com/v2.3/me?access_token=my_access_token I am wondering whether it's possible to do the same thing with HTTP request headers, which would be something like this: GET /v2.3/me HTTP/1.1...
oauth,oauth-2.0,cas
Does CAS currently (4.0.x) support any other grant type than "Authorization Code"?
ios,oauth-2.0
My iOS mobile app consumes services that are implemented with the OAuth2.0 protocol. The OAuth access token comes along with a refresh token and an expires_in field. I saved the refresh token and access token expiration time in my app but don't have a good idea on when to use...
google-app-engine,cron,oauth-2.0
I am trying to do some things with a Cron.yaml My cron works fine, but the authentication no. In the localhost I use this : from oauth2client.appengine import AppAssertionCredentials storage_credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/storage') storage_http = storage_credentials.authorize(httplib2.Http()) storage_service = build("storage", "v1", http=storage_http) This works fine, but when I deploy it in GAE,...
web-services,rest,oauth-2.0,openid-connect,google-oauth2
I seem to be royally confused, somehow OAUTH2 or it's newer more stringent subset OpenID Connect just don't click in my head... My application is a RESTFUL service that has no Web UI whatsoever. Several clients are using it ( from both web and mobile apps ) My service should...
asp.net-web-api,oauth,oauth-2.0,bearer-token
I have two projects: MVC, Web Api In the Web API project I am using bearer token authentication. This token expires after 24 hours. In my MVC project I'd like to call the Web api project via MVC controller (server to server). What's the best way to: Get a token...
redirect,spring-security,oauth-2.0,cors,restful-authentication
I have a RESTful service which I have secured using Spring Security and pac4j-oauth. An important detail is that Google is acting as the OAuth2 server-- we need the user's Gmail address to know if they are a legal user of our system, and eventually the service will also need...
oauth-2.0,onedrive,onedrive-api
I have multiple domain names, but all of that resolves to the same IP. eg. x.mysite.com and y.mysite.com for my different customers. at the same time app.mysite.com also points to the same IP, server etc. With Google OAuth2 API, in the redirect_url I am able to specify "app.mysite.com" and everything...
ruby,oauth-2.0,linkedin,third-party-api,linkedin-api
I'm developing a Rails app, which contains importing of profile information from LinkedIn to a Rails DB. It works fine a lot of the time, but over the last 2 weeks it suddenly stopped working... Default Application Permissions on LinkedIn is only r_fullprofile I use linkedin gem as a wrapper...
javascript,google-chrome-extension,callback,oauth-2.0,identity
Sorry for yet another probably noob question, normally I don't give in until I find a solution myself but this one has me going for 3 days and it is time to admit I'm stuck... I'm trying to authenicate a Chrome extension to use PushBullet user data via OAuth2: background.js...
ruby-on-rails,oauth-2.0,openid-connect
I'm writing an Open ID Connect Provider in Rails, basically refactoring this example Here. My question is - do ID Tokens need to be persisted on the server at all? If I'm just signing the ID Token and sending it to the RP, can't I just generate the ID Token...
python,python-2.7,oauth,oauth-2.0
There is a python app uses Health Graph API # -*- coding: utf-8 -*- from django.shortcuts import render_to_response, redirect from main.settings import CLIENT_ID, CLIENT_SECRET, RUNKEEPER_LOGIN_URL, ACCESS_TOKEN_URL import requests def index(request): return render_to_response('index.html') def login(request): code = request.GET['code'] post_data = {'grant_type': 'authorization_code', 'code': code, 'client_id': CLIENT_ID, 'client_secret': CLIENT_SECRET, 'redirect_uri': 'http://127.0.0.1:8000/welcome/'} req...
oauth-2.0,google-oauth
I am using generator-angular-fullstack from AngularJS Full-Stack generator.While i am trying to use provider OAuth i am getting following error.After registering app in console.google i have downloaded json to be clear. { "web" : { "auth_uri" : "https://accounts.google.com/o/oauth2/auth", "client_secret" : "xxxxxxxxxxxxxxxxxx", "token_uri" : "https://accounts.google.com/o/oauth2/token", "client_email" : "[email protected]account.com", "redirect_uris" : ["http://localhost:9000"],...
php,oauth,oauth-2.0,google-oauth,google-login
I am creating a web application that requires Google OAuth authentication. I have successfully recieved the refresh and access token, however, I cannot seem to get the refresh token again. I understand that I need to revoke access from my account in order to get the refresh token again. However...
java,oauth-2.0,spring-boot,spring-security-oauth2
Im trying to split the resource server from the authorization server in spring-boot. I have two different applications that i'm running separately. In the authorization server i can get the bearer token from oauth/token but when i'm trying to get access to the resource(sending the token in header) i'm getting...
python,rest,flask,oauth-2.0,salesforce
I am building out a REST service using Flask-RESTful that will allow users to connect to their salesforce Environment and pull data. Is it possible to secure a restful API with oauth2?! I cannot seem to find any documentation this....
asp.net,.net,asp.net-web-api,oauth-2.0,integration-testing
I have just added token-based security to my Web API using ASP.net identity OWIN and OAuth 2. As a result of this I am getting 405 unauthorized error on all my tests. How can I mock the securitycontext. I've seen some samples where other have overridden the Thread.CurrentPrincipal but unsure...
ruby-on-rails,oauth-2.0,single-sign-on,saml,cas
Before you put me down for asking too basic a question without doing any homework, I'd like to say that I have been doing a lot of reading on these topics, but I'm still confused. My needs seem simple enough. At my company, we have a bunch of Ruby on...
php,ios,rest,oauth-2.0,laravel-5
I'm going to build a back-end API REST using Laravel 5 for an iOS application (perhaps for Android in the future) so I found a couple of packages on github for the API authentication: https://github.com/chrisbjr/api-guard https://github.com/lucadegasperi/oauth2-server-laravel And I want to know what's the different between them and what package could...
php,oauth-2.0
I am trying to authenticate with a family history web service that authenticates using OAuth2. The basic workflow of the authentication is that I submit a get request against the web service requesting an authentication session. It returns in the body of the response HTML Code with some login components...
ruby,oauth-2.0,yahoo-api,ringcentral
Using INTRIDEA's OAuth2 Ruby gem, is there a recommended way to add the HTTP basic authentication header using the password strategy? This is required by the Yahoo and RingCentral OAuth 2.0 implementations. The required header I'm working with is of the following format: Authorization: Basic <base 64 encoded "CLIENT_ID:CLIENT_SECRET"> The...
oauth-2.0,linkedin-j
I want to obtain an Access Token is for my application using the Authorization Code it just acquired. I am using this code DefaultHttpClient client = new DefaultHttpClient(); URI uri = new URIBuilder().setScheme("https") .setHost("www.linkedin.com") .setPath("/uas/oauth2/accessToken") .setParameter("grant_type", "authorization_code") .setParameter("code", code) .setParameter("redirect_uri", "http://localhost:9090/ConnectSocialMedia/callBack.jsp") .setParameter("client_id", CONSUMER_KEY_OPTION) .setParameter("client_secret",...
api,rest,oauth-2.0,web-api,api-design
TL;DR; Is there any way to bind a (Bearer?) token to a unique client, and represent that in the HTTP REQ Headers? In the scenario that a user has an account to a service. The same user should be able to consume the services using different client applications (different Browsers,...
symfony2,oauth-2.0,fosuserbundle,hwioauthbundle
So, I have this security: providers: fos_userbundle: id: hwi_oauth.user.provider.fosub_bridge firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: pattern: ^/ anonymous: true logout: true form_login: provider: fos_userbundle csrf_provider: form.csrf_provider login_path: /login check_path: /login_check oauth: resource_owners: battlenet: "/login/check-battle-net" login_path: /login use_forward: false failure_path: /login oauth_user_provider: service: hwi_oauth.user.provider.fosub_bridge logout: path: /logout...
android,oauth-2.0,jhipster
I'm reading about this OAuth2 but I can't find anything to get my token from JHipster I saw an api to connect to google , facebook... but nothing to JHipster. My JHipster is already set up and running but i can't find this url/methods. Does JHipster come with default url...
oauth,oauth-2.0,spring-security-oauth2,oltu
I'm developing an "Apache Oltu Spring MVC Github" integration example. In this example I will be sending "App ID" and "Secret" to get the "access_token" in order to access the protected resources like "Gist", "user" etc. So first step is to create / register the "App" using https://github.com/settings/applications/new. Once you...
c#,oauth-2.0,dropbox-api
I'm trying to work with the Dropbox API in my current C# application. At the moment I'm struggling with the OAuth2 authentication (implicit flow). First of all I chose the implicit flow because I develop a pure client-side app and regarding to the API's documentation this flow is made for...
java,spring,spring-mvc,oauth-2.0
Implementing an oauth2 system, I am having some problems with the following code: import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping; import org.springframework.web.servlet.HandlerMapping; ... HandlerMapping.class.isAssignableFrom(FrameworkEndpointHandlerMapping.class); Indeed, as the class FrameworkEndpointHandlerMapping is implementing the interface HandlerMapping, this function should always return true. It is the case when I run a unit test on this function. However, during...
c#,asp.net-mvc-4,oauth-2.0,openid,identityserver3
I am trying to use both OpenId and Bearer token authentication on my application through Identity Server. The problem currently is that once I have authenticated the user, I still need to get a bearer token to be able to call any action methods for my Asp.Net MVC application. Here...
c#,oauth-2.0,openid-connect
What are best options for OAuth 2.0 and OpenID Connect Open Source libraries with C# (.NET) Implementation. I know few, but they are either OAuth 2.0 or other but not both...
oauth-2.0
The oAuth 2 specification requires that authorization headers be structured as follows authorization: Bearer token_code What's the point of adding Bearer ? and I think that would mean than when I access it on the server side, I need to extract token_code from the string ? Can I choose to...
android,oauth-2.0,google-plus
The line Plus.PeopleApi.getCurrentPerson(mGoogleApiClient) returns null even though I have already signed in and my app is already connected to the account. Here is my code: @Override public void onConnected(Bundle connectionHint) { mSignInClicked = false; Toast.makeText(this, "User is connected!", Toast.LENGTH_LONG).show(); Plus.PeopleApi.loadVisible(mGoogleApiClient, null).setResultCallback(this); String personName = "No one!"; if (Plus.PeopleApi.getCurrentPerson(mGoogleApiClient) != null)...
oauth-2.0,single-sign-on,openid-connect
How does OpenID Connect Authorization Code Flow work? Let's say a user made a request to app.example.com didn't have an access token or had an access token that is invalid. When the app redirected the user to authorization server: auth.example.com/authorize?response_type=code&client_id=CLIENT_ID&scope=openid&state=STATE&nonce=NONCE Does the endpoint above have the signin screen? Or does...
oauth-2.0
I am reading the oauth 2 protocol using different links on web and its rfc (RFC 6749). After going through the links i have the following doubts: Is it required for authorization server to maintain the grant code at its end after it has generated and passed the code to...
php,oauth-2.0,youtube-api
I am working with OAuth for the first time and playing around with the Youtube one. I got the following code: if(isset($_GET['code'])) { $code = $_GET['code']; $url = 'https://accounts.google.com/o/oauth2/token'; $params = array( "code" => $code, "client_id" => "XXX", "client_secret" => "YYY", "redirect_uri" => "URL", "grant_type" => "authorization_code" ); $curl =...
oauth-2.0,token,vimeo-api
I am trying to make a request to the Vimeo api v3 using this request URL: https://api.vimeo.com/videos?query=elvis&client_id=XXXXXXXXXXXXXXXXX&token=XXXXXXXXXXXXXXXXXXXX The token I am sending is copy and pasted from the web interface. I generated it there. I'm trying it from the browser and receiving this response: { "error": "A valid user token...
spring-security,oauth-2.0,cors,single-page-application,restful-authentication
Our stack uses Backbone as our client-side app and Spring Boot as a RESTful API. We're trying to make basic authentication using OAuth2 with user providing username and password. We use Spring Security for authentication and jQuery $.ajax method for making requests. However the response we get is 401(unauthorized) status...
php,authentication,oauth,oauth-2.0
I've read through RFC6749 for OAuth 2.0 as well as quite a few SO questions and blog posts but I'm still unclear on how to implement some of the things. Currently, users log in through a form on a web page and use the application which makes database calls to...
authentication,oauth-2.0,saml-2.0
SAML supports just in time provisioning with custom user attributes to be passed as part of SAML assertion after successful login, wondering OAuth2 supports anything similar ? Thanks...
login,zend-framework2,oauth-2.0,openid,integrated
i have a few site developed with zend framework 1 and zend framework 2,i wanna users register in main site and in other sites i want to have a login button ,if user click on login: 1- if user logged in in main site ago , user login without enter...
facebook,oauth-2.0,facebook-access-token
From reading the Facebook documentation on access tokens, the maximum lifetime is 60 days. However, I tested the one below I got through a TEST application of my real application and it says Never, meaning it doesnt expire. Is that correct? Shouldnt it have an expiration date? This token gives...
api,rest,symfony2,oauth-2.0
I'm working on transforming my classic website to rest API in Symfony 2 world. First of all I'm doing that because I want to a mobile version of my project (maybe phone gap) but with angularjs. my question actually is what is the difference between my angular application authentication to...
python,eclipse,oauth-2.0,gdata
Good evening, i've been trying to migrate my blogger python app to oauth2 since the good old Clientlogin() has been deprecated and erased. So, basically i searched through the entire web and couldn't manage to make my application to work correctly. This is the basic code im using for testing:...
python,django,oauth-2.0,spotify,python-social-auth
I am implementing Python Social Auth in a Django app that needs access to the user's Spotify account. The initial step in the Auth flow works: a request is sent to Spotify's '/authorize' endpoint and the user is presented with a modal explaining the scopes of the access for which...
oauth-2.0,secret-key
I've been researching on OAuth server implementation recently. One thing I noticed is that all the server implementations do not encrypt client secret on the server side. I do understand that it's not supposed to be a password, but it's being used as a password. If that the case, why...
oauth,oauth-2.0,google-oauth,google-spreadsheet-api,gspread
I have been using gspread (authenticated via ClientLogin) for a last year. Now I would like to use OAuth2. I've followed tutorial from gspread site: http://gspread.readthedocs.org/en/latest/oauth2.html The problem is that this method creates new "Email address" (in console.developers.google) which doesn't have an access to spreadsheets - all spreadsheets should be...
login,oauth-2.0,google-oauth
I'm trying to build a Google signin button into my website. I'm trying to avoid using their built-in button. The code below works to sign in a user, but I can't figure out how to make my webpage remember that they're signed in when the user refreshes the page, or...
oauth-2.0,google-login,google-oauth2
I have the set the scope to 'https://mail.google.com/' and the extra params like 'access-type=offline' and 'approval-prompt=force' are also set. After the process is complete, I'm not getting the refresh token. I only get the access_token, expires_in and token_type fields. I even revoked the access to the app from the account...