Menu
  • HOME
  • TAGS

c++: Let user process write to LOCAL_SYSTEM named pipe - Custom Security Descriptor

c++,windows,winapi,pipe,authorization

This is the first problem: ace.grfAccessPermissions = PIPE_ACCESS_DUPLEX; The PIPE_ACCESS_DUPLEX constant is only meant to be used as an argument to CreateNamedPipe(), it is not a valid access permission. (By coincidence, it is equal to FILE_READ_DATA|FILE_WRITE_DATA but those access rights do not by themselves allow you to connect to a...

Implemeneting IIS hosted WCF service with AzMan role provider

asp.net,web-services,wcf,iis,authorization

I have solved it. I hope it will help someone. Some fixes to the configuration (Attached). All users allowed but filtered at lower level folders. Installing missing authorization handlers at the IIS on the OS (Turn windows features on...) Use the local IIS and not IIS Express from the visual...

Azure DocumentDB - The MAC signature found in the HTTP request is not the same as the computed signature

c#,.net,azure,authorization,azure-documentdb

We have confirmed this to be an issue isolated to the North Europe region. We are applying a hotfix to known accounts effected and will be deploying a fix shortly. If you are NOT in North Europe and are experiencing this issue, or if you continue to see if within...

tacacs+ for Linux authentication/authorization using pam_tacplus

linux,security,authentication,authorization,pam

Eventually I got it working. Issue 1: The issue I faced was there is very few documentation available to configure TACACS+ server for a non CISCO device. Issue 2: The tac_plus version that I am using tac_plus -v tac_plus version F4.0.4.28 does not seem to support service = shell protocol...

CanCan Rails Authorization

ruby-on-rails,ruby-on-rails-4,authorization,cancan

rescue_from CanCan::AccessDenied do |exception| if exception.action.to_s == "create_or_update" err ={} err[:error_id] = "AUTHORIZATION_ERROR" err[:error_msg] = exception.message render json: err, status: 403 else redirect_to "/", :alert => exception.message end end ...

how to add an omnipotent user level to Pundit

ruby-on-rails,authorization,pundit

The only way to do this is to have your authorization checks return true for a user or role that has been designated a "super user." So, it would look like this: def update? *normal authorization logic* or is_superuser? end def edit? *normal authorization logic* or is_superuser? end #etc... private...

Rails + CanCan: Disallow User from Joining a Group if Already a Member

ruby-on-rails,authorization,cancan,cancancan

CanCan blocks only work on model instances (see this wiki page) and right now your can? sends the model class, not an instance. In order for this to work, you need to pass an instance of Membership. You can do something like this (assuming @group is the group the user...

Zend Framework 2 session container lifetime

session,cookies,zend-framework2,authorization

If you're using ZfcUser (and if you're doing user authentication on ZF2 you should be) check out the GoalioRememberMe(https://github.com/goalio/GoalioRememberMe) module, it does exactly what you're looking for (Caveat: I've never actually used it myself so I can't vouch for it's efficacy or security) I also suggest reading this response by...

Blocking batch_actions with ActiveAdmin and CanCan

ruby-on-rails,authorization,activeadmin,cancan

You can display conditionally the block actions: https://github.com/activeadmin/activeadmin/blob/master/docs/9-batch-actions.md#conditional-display...

Adding custom Roles to Azure Mobile Services User (Google, Twitter, Facebook, Microsoft)

.net,authorization,azure-mobile-services

I found the solution. It involves: Creating my own ServiceTokenHandler and overriding the CreateServiceUser method to add logic after the call to base.CreateServiceUser(claimsIdentity) that tries to find the roles in my UserProfile table that are linked to the user specified in the claimsIdentity. If it finds roles, it adds new...

Authorization Model: Context of Role?

security,authorization,claims-based-identity,abac,role-based-access-control

Actually, you should not attempt to implement a new authorization model. There is already a good model called attribute-based access control (or ABAC - see the SO tag abac and xacml). ABAC is an authorization model that: is defined by NIST, the National Institute of Standards and Technology, the very...

Can I submit a form with google's recaptcha in it from my app?

http,request,authorization,captcha,recaptcha

Turns out we are not supposed to do that kind of tricks with reCAPTCHA. There is no support for that in API. It seems that it was part of Google's design to prevent that kind of usage. The only walkaround I could come up with is to implement a WebView...

Setting CORS call to GET not OPTIONS

javascript,xmlhttprequest,authorization,cors

If you set an Authorization header then you are making a complex request and you have to handle the OPTIONS preflight before the browser will make the GET request. You can't set the header without handling the OPTIONS request....

python3 - can't pass through autorization

authentication,python-3.x,web-crawler,authorization

In my case problem was in 'Referer' parameter in headers, which is required but wasn't specified

IIS Authorization and Restrictions

asp.net,iis,authorization,relative-path,restriction

You can move the file either to a folder outside of the root of the site or to the App_Data folder (which is protected form direct browsing by the ASP.NET framework) and then set your ImageUrl to point to a generic handler (.ashx file) which will be responsible for delivering...

How apply granular per content rights in OAuth 2?

security,oauth-2.0,authorization

OAuth 2.0 is certainly fit to handle that use case as well. You have two options: assign a scope per calendar e.g. Calendar.1.Read (remember, scopes contents are not defined by OAuth 2.0 and can be dynamic) use a type of opaque bearer access token that requires validation/introspection at the Authorization...

User Permission - Display edit in view (express, handlebars)

node.js,express,authorization,handlebars.js

One way you could do this is by hydrating your template model with a profileOwner privilege as you suggested. Suppose you wanted to only allow users to edit their own profiles. Using connect-roles you could set up a rule like this: user.use('profile owner', function (req, action) { return req.isAuthenticated() &&...

Simultaneous authorization in advanced app

php,authorization,yii2

You have to set different cookies for frontend and backend in config/main.php file. For Eg.: In backend: 'components' => [ 'session' => [ 'name' => 'BACKENDID', //Set name 'savePath' => __DIR__ . '/../tmp', //create tmp folder and set path ], ], In Frontend: 'components' => [ 'session' => [ 'name'...

Token Based Authentication in ASP.NET 5 (vNext) (refreshed)

c#,authentication,authorization,web-api,asp.net-5

Generate an RSA key just for your application. A very basic example is below, but there's lots of information about how security keys are handled in the .Net Framework; I highly recommend that you go read some of it, at least. private static string GenerateRsaKeys() { RSACryptoServiceProvider myRSA =...

Where to place autorisation code

php,design-patterns,authorization

OK, So I moved the authentication code to the service layer and found that there were only a couple of instances where I still needed to do additional checks in the model. For consistency, I could pull these checks into the service layer too, at the expense of performance, but...

ASP.NET MVC: Unauthenticated User Always Redirected to Login page

asp.net-mvc,asp.net-mvc-4,authentication,authorization

The problem was in following action in the _Layout.cshtml file <li>@Html.Action("BasicInfo", "Profile")</li> which is calling ProfileController action BasicInfo, and the ProfileController is decorated with Authorize attribute which redirected action to login. Quite a stupid and misleading mistake... Once I checked if user is authenticated before this action everything was ok...

How do you access url parameters inside of $stateProvider.state's stateConfig object?

angularjs,authorization,angular-ui-router

This could be solved using the more prams of the $stateChangeStart event // instead of this $rootScope.$on('$stateChangeStart', function (event, next) { // we can use this $rootScope.$on('$stateChangeStart' , function (event, toState, toParams, fromState, fromParams) { and that means, that we now have access to all passed params inside of the...

ios how is permission/Authorization working?

ios,permissions,authorization

In short, yes. The app will ask for the location and camera both permissions in your new app. Also, this is more complicated when it comes to location access. There are 2 cases: 1) Foreground Permission: Your app asks for permission to use the location when you app is in...

Sitecore 8 error SPEAK error after upgrade

asp.net-mvc,authorization,sitecore,sitecore8,sitecore-speak-ui

Have you compared the DLLs in your bin directory to the zip of the web root from dev.sitecore.net? Are you missing any of the SPEAK DLLs? These are the SPEAK DLL's i have in my Sitecore 8 site. Also as Kam said check your call all the SPEAK config files....

Where to apply domain level permissioning

design-patterns,permissions,authorization,onion-architecture,hexagonal-architecture

One could argue that access checking should always be as close to the code that performs the operation as possible to reduce the chance that someone can find a side-channel that bypasses access checking. That said, if you can use a wrapper class such that you guarantee that in the...

Hide ActionLinks based on user roles without exposing roles in view

asp.net-mvc,controller,authorization,actionlink

One possibility is to use MvcSiteMapProvider for your menu. It has a built-in security trimming feature that automatically hides links according to AuthorizeAttribute. If you don't like the built-in HTML helpers, you can customize the templates and/or build your own HTML helpers that hide links based on node accessibility. Or,...

Getting Location Services to work in IOS 8

ios,objective-c,authorization,cllocationmanager

You have to do it like this: 1)#import <CoreLocation/CoreLocation.h> 2)Set delegate CLLocationManagerDelegate 3)Create CLLocationManager *locationManager; Object 4)#define SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(v) ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] != NSOrderedAscending) in your .m file 5)Setup location manager if (self.locationManager==nil) { self.locationManager = [[CLLocationManager alloc]init]; } self.locationManager.delegate = self; CLAuthorizationStatus status = [CLLocationManager...

correct syntax postgresql query with two conditions, rails, eula acceptance / version test

ruby-on-rails,ruby,postgresql,devise,authorization

You seem to be going round in circles. Would this work? if current_user.contracts.find_by(eula_version: 3)...

ASP.NET Web API Authorization tokens expiring early

asp.net-mvc-4,authorization,asp.net-web-api2,bearer-token

Check the WebServer, In IIS the Machine Key can be set at the application level, every time the app pool recycles a new Machine Key is generated hence you need a new token. You can set the Machine key on the Website level or Root Server Level. Maybe this might...

django-rest-framework : restrict RelatedField queryset according to request

python,django,authorization,django-rest-framework

Well you could try overriding queryset in init of serializer. something like def __init__(self, *args, **kwargs): super(MySerializerClass, self).__init__(*args, **kwargs) if self.context.get('request', None): field = self.fields.get('b') field.queryset = field.queryset.filter(user=request.user) Current user shall be accessible through self.context....

ASP.net Web API 2 controller with multiple authentication filters

.net,web-services,authentication,authorization,asp.net-web-api2

The last Authentication filter to run successfully simply clobbers the Principal. When you look at the Principal object and the ridiculously complex Claims collections attached to it, you will think that all this complexity is surely intended to support multiple successful authentications! But you'd be wrong. Only one can succeed....

Use ALFA in standalone mode

authorization,xacml,alfa,abac

It is not possible just yet but it will be in the near future. Stay tuned for further developments

Call java function based on name read from file [duplicate]

java,xml,authorization,function-call

You can get an instance of your target class using Class.forName(). The simplest way to instantiate an instance of your class is to do c.newInstance() but if you need to pass constructor arguments you may need to use c.getConstructors() first, followed by ctor.newInstance. You then use the Class instance to...

Using JMX with Jaas for jconsole authentication

java,authentication,authorization,jmx,jaas

This is solved by using a Jaas custom login module, then bouncing and relaunching the JMX process with the following in the command line: -Dcom.sun.management.jmxremote.login.config=Sample -Djava.security.auth.login.config=sample_jaas.config where sample_jaas.config has a setting like this: Sample { sample.module.SampleLoginModule required; }; and my SampleLoginModule implements the LoginModule interface, and in its login() method...

Access to header information by $resource in AngularJS

angularjs,http-headers,authorization,angular-resource

Documentation for $resource Success callback is called with (value, responseHeaders) arguments. Seems like you can just get the headers with function (res, headers) { console.log(headers); }...

DotNetNuke Service API Authorization throwing 401 Unauthorized code

service,authorization,dotnetnuke,dotnetnuke-module

I am not sure but working with the WebAPI you have to register the Service Framework anti forgery stuff ServicesFramework.Instance.RequestAjaxAntiForgerySupport(); This is part of asking the API to work with a specific module....

Azure AD Graph API User memberOf nested groups

c#,azure,authorization,azure-active-directory

Yes. The getMemberObjects API returns all groups (transitive) of which the user is a member: https://msdn.microsoft.com/en-us/library/azure/dn835117.aspx . Also, using the checkMemberGroups API you can check whether or not the user is member of a group (transitively): https://msdn.microsoft.com/en-us/library/azure/dn835107.aspx However for your requirement the application roles feature of Azure AD might be...

Stop Hacks to Wordpress Site - New User Added

wordpress,security,authorization

You clearly have a more serious compromise, like an uploaded malicious script or an unpatched vulnerability. You need to rebuild your site from scratch (clean install of the current versions of WP and any plugins and themes, using a known-good database export) ASAP before something really bad happens. Unfortunately, it's...

Duplication of data in explicit authorization

permissions,authorization,relational-database,rdbms

I think you're on the right track with roles. When logging in, you should request your roles as scopes. It's not a terrible idea to namespace them by API and maybe group ids, if they apply. scopes: ['forum:admin:somegroupid'] The login service could then validate that role by asking the service...

socket.io room authorisation

node.js,websocket,socket.io,authorization

Joining a room can only be done on the server. The client typically sends an application-specific message to the server that indicates to your app that they want to join a specific room and then the server carries out that operation on the user's behalf if the request is valid....

Java Google Coantacts API Access Service Account Authentication

java,google-api,authorization,google-oauth,google-api-java-client

Without calling setServiceAccountUser() my code just worked perfectly fine. But you just will have an impersonated account (service_account_mail) not your personal contacts. Another possible source for a "401 Unauthorized" exception is leaving the credential.refreshToken() away. The call is necessary to write the access-code into the reference. Below the finished class:...

Microsoft Dynamics CRM and application authentication and authorization

authentication,authorization,dynamics-crm,dynamics-crm-online,dynamics-crm-2015

There is a setting on the user called Access Mode that, when set to Non-interactive, makes it so the user doesn't consume a license. Here's an article that outlines how to set a user up for this type of access: http://www.crminnovation.com/blog/crm-online-non-interactive-user/...

Storing Google App Engine User Nicknames with PHP [closed]

php,google-app-engine,authorization

While it's very rare that the nickname will ever change is still possible, so your best option use user's ID by calling the getUserId() instead.

Security+Authentication+Authorization with Java EE 7 [closed]

java,java-ee,authentication,ejb,authorization

I strongly recommend PicketLink for your JavaEE application. It's CDI-managed (so you don't need Spring or other heavy-weight framework), has a big pack of tutorials and quite simple for beginners. UPD: It's JBoss dependent....

Rails 4.2: Role Based Auth and Separate Attributes

ruby-on-rails,authentication,devise,authorization,table-relationships

After a great deal of research into using Polymorphic Associations, a friend suggested a gem that provided an even simpler approach that simulates Multi-Table Inheritance via Modules. The gem is called Active_Record-Acts As. https://github.com/hzamani/active_record-acts_as My set up will looks something similar to this: class User < ActiveRecord::Base actable validates_presence_of :first_name,...

SonarQube LDAP authentication is not working

authentication,ldap,authorization,sonarqube

"Enable Access Control" is for authorization to access the LDAP Directory Information Tree (and not for authorization of the application). I discovered this later. For application level authorization, attributes like memberOf or isMemberOf are used. Apache Directory Server does not support the memberOf or isMemberOf attribute as on the...

Ruby on Rails Why isn't my create user working using bcyrpt gem?

ruby-on-rails,ruby,login,authorization,registration

Is there any error displayed in the console? Do check that. Are you defining user_params? ...

MVC5 ASP Identity dynamic Authorize attribute

c#,asp.net-mvc,authorization,asp.net-identity,authorize-attribute

The definition of a code attribute in C# is that it is static - hence why you cannot have a method, GetRoles(). You proposed wanting an attribute such as: [Authorize(Roles=GetRoles("UpdateProduct"))] This would mean you would have to implement GetRoles() in your code so use a custom attribute that is derived...

Paypal PHP How to check validity of refresh token for future payments

php,paypal,authorization,token

The exchange of a refresh token to an access token should fail if the account is closed. However, this won't help you out if they closed the account after that exchange but before the payment. If you are allowing the use of the service and then payment later, I'd recommend...

Custom Authentication and Authorization for different user types in asp.net mvc

asp.net,asp.net-mvc,authentication,authorization

Your solution seems to conflate two related but distinct functions: authentication and authorization. Authentication tells you who the user is. Authorization normally occurs after authentication and tells you what the user can do, typically expressed as a list of one or more roles. Under this traditional model, you would have...

WCF authentication + authorization

c#,sql,wcf,authorization

It feels pretty lame to query database for userId by his username for each request. I disagree. In order to provide secure WCF service I would check credentials per request. One way of doing it is to create custom UserNamePasswordValidator and override Validate method. You should also configure your...

Gitlab: Can I create a Branch visible to only certain developers?

permissions,authorization,branch,gitlab

No, it is not possible to have a read protection to certain git branches. That would also defeat how git works. What you could do is forking a repository, creating a branch here and only grant restricted permission to the entire repository. Later it would always be possible to merge...

How to Read the JSON Payload in a JAX-RS Filter

java,filter,jersey,authorization,jax-rs

request.getEntityStream() will contain an InputStream that represents the body. You can read it there.

WCF Show/Hide Methods For User Groups

wcf,authorization

Are you interested in physically hiding operations from the group? If so you'll need to host separate services which define only those operations. In this scenario, common operations will need to be replicated or refactored out into another service. If you're only interested in restricting access to certain operations based...

Restlet Authorization by Method AND User

java,authentication,authorization,restlet

In fact, I think that you should leverage the role support of Restlet. In fact, Restlet provides two additional elements regarding security: Verifier that actually authenticates the user based on provided credentials within the request Enroler that loads the roles of the authenticated user. Here is a sample for a...

How to have a rails admin and only 1 admin that can edit & create new posts

ruby-on-rails,ruby-on-rails-4,devise,authorization,pundit

If you just want to have 1 user, a single administrator, with a login and password, and no other user accounts, then I would recommend HTTP Digest Auth, which is supported by rails out-of-the-box and doesn't require any extra gems or plugins. (Or HTTP Basic Auth, but digest auth is...

Role concept in the authorization

java,security,authorization

I would strongly suggest against implementing your own logic. Just search around in SO for many failed attempts. There are plenty of frameworks that let you do just the right level of access control you are looking for. Some are even mentioned in the comments. Have a look at: Spring...

Thinktecture Authorization Server SAML Identity Provider

authorization,saml,thinktecture

Authorization Server uses WIF and WIF doesn't support SAML. Neither does identityServer. You could go the route: Authorization Server --> WS Fed --> ADFS --> SAML --> SAML IDP or add a SAML stack to Authorization Server. This is non-trivial!...

Youtube API returning Insufficient Permission when requesting comments

php,api,youtube-api,authorization

I found the solution. Using the force-ssl scope fixed it. $client->addScope(Google_Service_YouTube::YOUTUBE_FORCE_SSL); Not sure why the ssl scope works when the plain youtube scope doesn't, especially for just listing comments....

HTTPClient getting two 401s before success (sending wrong token)

c#,.net,http,authorization,.net-4.5

What you are experiencing is normal, this is how the NTLM authentication scheme works. 1: C --> S GET ... 2: C <-- S 401 Unauthorized WWW-Authenticate: NTLM 3: C --> S GET ... Authorization: NTLM <base64-encoded type-1-message> 4: C <-- S 401 Unauthorized WWW-Authenticate: NTLM <base64-encoded type-2-message> 5: C...

API Authentication Method - am I doing it correctly?

rest,authentication,authorization,privatekey,public-key

Let me start by saying I don't have any credentials in the security world. Please take everything I say with a grain of salt. A couple of general thoughts It seems like you want to roll your own which is a bad idea in any security-related area. Even more so...

How to use LDAP to implement a resource/action based authorization?

c#,ldap,authorization,rbac,abac

You can take a step back and look at the bigger access control / authorization use case. IF you want to do resource-action based authorization, you can roll out ABAC, the attribute-based access control model. ABAC is an evolution of RBAC and identity-centric authorization. It was designed by NIST, the...

tastypie obj_create and authorization

python,django,authorization,tastypie

I have not received an answer to my question, and added these lines to the top of the method RecordResource.obj_create(): if not bundle.request.user.laptop.approved: raise Unauthorized(u"Доступ планшета к данным не подтвержден администратором.") ...

IdentityServer3 with external user management

authentication,authorization,thinktecture-ident-server,thinktecture

Either connect to your "external custom service" form within your IUserService (idsrv specific) - or treat it as an external identity provider. In that case you need to write a Katana authentication middleware for it (reusable Katana component). For the UserService check the IdentityServer docs. For Katana authentication middleware -...

OnAuthorization causes Redirect Loop

c#,asp.net-mvc,redirect,authorization

A good way to solve this problem would be to check in your ExtendedAuthorize attribute whether the OnAuthorization is running at the page you want the user to redirect to. I guess your ExtendedAuthorize is something like the following: [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public class...

Paypal Payments (Authorization & Capture) not returning Authorization ID

api,paypal,authorization,capture

In the beggining, when you create the payment with intent authorize you should be getting an authorization object within the response. This object has the id you need for the capture later. Check this blog post to see if you're missing something fundamental in the picture. I followed the tutorial...

Restrict Pyramid to require login by default

python,authorization,pyramid

Use config.set_default_permission to set a permission for views for which none is set explicitly. Thus you could do config.set_default_permission('private_view') and restrict the 'private_view' permission to authenticated users; and then explicitly allow the some views, like login, for unauthenticated users. Do also note that: If a default permission is in effect,...

Accesing internal webpage using google-map signed-in button

django,google-maps,authorization

I believe that the button you are talking about is part of the Google Maps Javascript API - see: https://developers.google.com/maps/documentation/javascript/signedin Essentially the google maps sign in does not appear to offer user authentication that can be used with python. The python version of google maps uses a server key that...

Adding authorization to routes

ruby-on-rails,rest,routes,authorization

Do you know the gems rolify and CanCanCan? I think they can help you manage authorizations on resources in a single place instead of having to do it in every controller....

undefined method `total_pages'- When use load_and_authorize_resource

ruby-on-rails,ruby-on-rails-4,authorization,cancancan

Change the object name used for pagination . def getAssignments @assignments = Assignment.all if (@assignments != nil && @assignments.length > 0) then @assignment = @assignments.paginate(:per_page => 5, :page => params[:page]) end end and in your view like this <% if @assignment != nil then%> <%= will_paginate @assignment, :class => @paginationClass.to_s,...

Should i do authorization on my Domain Services?

c#,authorization,domain-driven-design

It makes sense to do authorization in any methods that need authorization otherwise there will be a security problem, especially when these methods are entry points in your backend logic. That means if you deploy these domain services as another tier which is accessible from outside, these methods really need...

How to create log-in functionality in ASP.NET MVC?

c#,asp.net-mvc,authorization

if you want the User object in your Session you can set it easily here if (user.Password == usr.Password) { Session["current_user"]=user; return RedirectToAction("Index"); } I recommend to create a new object where the password is not available in the Session. Also you should think about how to save the password....

OnAuthorization isn't being called

asp.net-mvc,asp.net-web-api,authorization

The problem was that the authorization I implemented was from MVC. But for web api, another authorization is needed, which looks nearly the same but differs a bit. First I had to remove the reference to MVC in the custom authorization class and use web.http instead: So. I had to...

Getting HTTP 401.2 Unauthorized when porting old Web Forms to OWIN

c#,asp.net,authentication,authorization,owin

The issue was I've removed all authentication types from IIS At least Anonymous Authentication was required to be selected in IIS. The same error could be reproduced with the sample apps like WebApp-OpenIDConnect-DotNet by disabling Windows and Anonymous Authentication in the Project Properties for IIS Express....

Hadoop-2.6.0 Authorization not working for MR jobs

security,hadoop,authorization,kerberos

I found the answer in the cloudera Documentation here It seems that the property security.job.client.protocol.acl is for MR1 and for MR2 we can use security.applicationclient.protocol.acl. ...

How to enable user log in from the only one machine(by acquiring CPU Serial) to the ASP.NET-MVC web application

.net,asp.net-mvc,security,authorization

The only solution that I can think of is to issue client certificates, and use certificate authentication in your application. Managing certificates To manage certificates you need to implement a PKI, which requires: Get a Certification Authority, needed to issue the certificates (it can be a public CA or you...

How to use DatabaseCertificate login module

authentication,jboss,authorization,wildfly

I see 2 problems here. If you want to use your database only to load roles, then use the password-stacking in both login modules. It says to subsequent login modules not to check the credentials and only load roles. The DatabaseCertificate login module should be used together with SSL/TLS and...

google OAUTH2 exchange authorization code for acces token “invalid request”

php,google-api,authorization,access-token

You're sending the parameters in a GET request to the authorization endpoint (https://accounts.google.com/o/oauth2/auth), but you must send them in a POST request to the token endpoint (https://accounts.google.com/o/oauth2/token).

RESTful security authorization

java,javascript,security,rest,authorization

You want to look at the implicit flow in OAuth 2.0 which is specifically geared towards clients running JavaScript in the browser. It's not using asymmetric encryption directly in JavaScript. If you want to do that, you could look at the crypto-js library....

How to securely register users on App Engine using multiple OAUTH providers?

android,facebook,google-app-engine,oauth,authorization

When your app authenticates a user, store an object in a session which contains an oauth provider that has been used to access the app and, optionally, a token to be used for subsequent requests. Now you can check for this object in every call to the server. If the...

Allow only specific/official HTML5 Web Apps to connect to a Websocket host

html5,api,websocket,socket.io,authorization

There is really no way to do this directly because of the openness of code that runs in a browser. You can require APIkeys or some such thing, but if you're using those APIkeys from a browser, they are not a secret so anyone can discover them and use them...

Is there a way to use AutoFac Web Api Authorization Filters through Attributes instead of injection?

asp.net-web-api,filter,dependency-injection,authorization,autofac

Unfortunately, if you want DI in your filters, you can't use attributes. Per the docs: Unlike the filter provider in MVC, the one in Web API does not allow you to specify that the filter instances should not be cached. This means that all filter attributes in Web API are...

How to do simple authentication with QuickBooks Online without using OAuth?

java,authorization,quickbooks,quickbooks-online

Normally, you wouldn't have to go through the OAuth process again. You can use the app token from the other app you mentioned. But since you created a new app at developer.intuit.com you will need to generate a token from that app, which isn't a big deal. You can get...

Add Retrofit Requestinterceptor with Dagger at runtime

android,oauth-2.0,authorization,retrofit,dagger

The key is to always add the RequestInterceptor and then change whether or not it adds the header. class ApiHeaders implements RequestInterceptor { private String authValue; public void clearAuthValue() { authValue = null; } public void setAuthValue(String authValue) { this.authValue = authValue; } @Override public void intercept(RequestFacade request) { String...

Best way to prevent unauthorized user on Angular site from seeing site for a split second before being redirected to login?

javascript,angularjs,api,authorization,interceptor

If you use a ui-router for your application routing, you could use nested states and a resolve clause in a parent of your 'authenticated' states to make sure that you only get to that controller/template if your 'login' request has successfully resolved and to redirect to a 'sign-in' state if...

Authentication with OAuth and JWT but without OpenID Connect

session,authentication,oauth,authorization,openid-connect

By requiring that the access token is a JWT, agreeing on the user claims that go in to the JWT, putting expiration/issuance timestamps in there and making sure that you cryptographically verify the issuer of the token you're actually doing the very same thing that OpenID Connect is doing: "profiling"...

Google Cloud Storage: How can I grant an installed application access to only one bucket?

authorization,google-cloud-storage,google-cloud-platform

It turns out I'm using the wrong OAuth flow if I want to do this. Thanks to Euca for the inspiration to figure this out. At the time I asked the question, I was assuming there were multiple projects involved in the Google Developers Console: One project for me, the...

Openid Connect signing in through multiple providers

authentication,authorization,openid

That totally depends on what you're signing in to. Both options are feasible and the Relying Party that uses AOL/Google for login decides how the accounts are treated/connected.

PayPal - Check tickets still available before sending the money

php,paypal,authorization,stock

You can use any of PayPal's payment products. The standard thing to do when selling limited quantity goods, or other goods which have fullfillment costs/delays/challenges, is to collect a payment authorization from the buyer (so use PAYMENTACTION=AUTHORIZATION), then allocate/reserve/sell the goods to that particular buyer, then capture the funds. Personally...

How to create permisison based on user group in codeigniter?

php,mysql,codeigniter,authorization

I have created menu table and menu permission table seperately. menu table menu id menu name menu permission table id menuid usergroup_id Check whether the current logged in user group id is available in menu permission table or not public function get_menus($user_group_id) { if ($user_group_id == 1) { $query =...