c++: Let user process write to LOCAL_SYSTEM named pipe - Custom Security Descriptor
c++,windows,winapi,pipe,authorization
This is the first problem: ace.grfAccessPermissions = PIPE_ACCESS_DUPLEX; The PIPE_ACCESS_DUPLEX constant is only meant to be used as an argument to CreateNamedPipe(), it is not a valid access permission. (By coincidence, it is equal to FILE_READ_DATA|FILE_WRITE_DATA but those access rights do not by themselves allow you to connect to a...
Implemeneting IIS hosted WCF service with AzMan role provider
asp.net,web-services,wcf,iis,authorization
I have solved it. I hope it will help someone. Some fixes to the configuration (Attached). All users allowed but filtered at lower level folders. Installing missing authorization handlers at the IIS on the OS (Turn windows features on...) Use the local IIS and not IIS Express from the visual...
Azure DocumentDB - The MAC signature found in the HTTP request is not the same as the computed signature
c#,.net,azure,authorization,azure-documentdb
We have confirmed this to be an issue isolated to the North Europe region. We are applying a hotfix to known accounts effected and will be deploying a fix shortly. If you are NOT in North Europe and are experiencing this issue, or if you continue to see if within...
tacacs+ for Linux authentication/authorization using pam_tacplus
linux,security,authentication,authorization,pam
Eventually I got it working. Issue 1: The issue I faced was there is very few documentation available to configure TACACS+ server for a non CISCO device. Issue 2: The tac_plus version that I am using tac_plus -v tac_plus version F4.0.4.28 does not seem to support service = shell protocol...
CanCan Rails Authorization
ruby-on-rails,ruby-on-rails-4,authorization,cancan
rescue_from CanCan::AccessDenied do |exception| if exception.action.to_s == "create_or_update" err ={} err[:error_id] = "AUTHORIZATION_ERROR" err[:error_msg] = exception.message render json: err, status: 403 else redirect_to "/", :alert => exception.message end end ...
how to add an omnipotent user level to Pundit
ruby-on-rails,authorization,pundit
The only way to do this is to have your authorization checks return true for a user or role that has been designated a "super user." So, it would look like this: def update? *normal authorization logic* or is_superuser? end def edit? *normal authorization logic* or is_superuser? end #etc... private...
Rails + CanCan: Disallow User from Joining a Group if Already a Member
ruby-on-rails,authorization,cancan,cancancan
CanCan blocks only work on model instances (see this wiki page) and right now your can? sends the model class, not an instance. In order for this to work, you need to pass an instance of Membership. You can do something like this (assuming @group is the group the user...
Zend Framework 2 session container lifetime
session,cookies,zend-framework2,authorization
If you're using ZfcUser (and if you're doing user authentication on ZF2 you should be) check out the GoalioRememberMe(https://github.com/goalio/GoalioRememberMe) module, it does exactly what you're looking for (Caveat: I've never actually used it myself so I can't vouch for it's efficacy or security) I also suggest reading this response by...
Blocking batch_actions with ActiveAdmin and CanCan
ruby-on-rails,authorization,activeadmin,cancan
You can display conditionally the block actions: https://github.com/activeadmin/activeadmin/blob/master/docs/9-batch-actions.md#conditional-display...
Adding custom Roles to Azure Mobile Services User (Google, Twitter, Facebook, Microsoft)
.net,authorization,azure-mobile-services
I found the solution. It involves: Creating my own ServiceTokenHandler and overriding the CreateServiceUser method to add logic after the call to base.CreateServiceUser(claimsIdentity) that tries to find the roles in my UserProfile table that are linked to the user specified in the claimsIdentity. If it finds roles, it adds new...
Authorization Model: Context of Role?
security,authorization,claims-based-identity,abac,role-based-access-control
Actually, you should not attempt to implement a new authorization model. There is already a good model called attribute-based access control (or ABAC - see the SO tag abac and xacml). ABAC is an authorization model that: is defined by NIST, the National Institute of Standards and Technology, the very...
Can I submit a form with google's recaptcha in it from my app?
http,request,authorization,captcha,recaptcha
Turns out we are not supposed to do that kind of tricks with reCAPTCHA. There is no support for that in API. It seems that it was part of Google's design to prevent that kind of usage. The only walkaround I could come up with is to implement a WebView...
Setting CORS call to GET not OPTIONS
javascript,xmlhttprequest,authorization,cors
If you set an Authorization header then you are making a complex request and you have to handle the OPTIONS preflight before the browser will make the GET request. You can't set the header without handling the OPTIONS request....
python3 - can't pass through autorization
authentication,python-3.x,web-crawler,authorization
In my case problem was in 'Referer' parameter in headers, which is required but wasn't specified
IIS Authorization and Restrictions
asp.net,iis,authorization,relative-path,restriction
You can move the file either to a folder outside of the root of the site or to the App_Data folder (which is protected form direct browsing by the ASP.NET framework) and then set your ImageUrl to point to a generic handler (.ashx file) which will be responsible for delivering...
How apply granular per content rights in OAuth 2?
security,oauth-2.0,authorization
OAuth 2.0 is certainly fit to handle that use case as well. You have two options: assign a scope per calendar e.g. Calendar.1.Read (remember, scopes contents are not defined by OAuth 2.0 and can be dynamic) use a type of opaque bearer access token that requires validation/introspection at the Authorization...
User Permission - Display edit in view (express, handlebars)
node.js,express,authorization,handlebars.js
One way you could do this is by hydrating your template model with a profileOwner privilege as you suggested. Suppose you wanted to only allow users to edit their own profiles. Using connect-roles you could set up a rule like this: user.use('profile owner', function (req, action) { return req.isAuthenticated() &&...
Simultaneous authorization in advanced app
You have to set different cookies for frontend and backend in config/main.php file. For Eg.: In backend: 'components' => [ 'session' => [ 'name' => 'BACKENDID', //Set name 'savePath' => __DIR__ . '/../tmp', //create tmp folder and set path ], ], In Frontend: 'components' => [ 'session' => [ 'name'...
Token Based Authentication in ASP.NET 5 (vNext) (refreshed)
c#,authentication,authorization,web-api,asp.net-5
Generate an RSA key just for your application. A very basic example is below, but there's lots of information about how security keys are handled in the .Net Framework; I highly recommend that you go read some of it, at least. private static string GenerateRsaKeys() { RSACryptoServiceProvider myRSA =...
Where to place autorisation code
php,design-patterns,authorization
OK, So I moved the authentication code to the service layer and found that there were only a couple of instances where I still needed to do additional checks in the model. For consistency, I could pull these checks into the service layer too, at the expense of performance, but...
ASP.NET MVC: Unauthenticated User Always Redirected to Login page
asp.net-mvc,asp.net-mvc-4,authentication,authorization
The problem was in following action in the _Layout.cshtml file <li>@Html.Action("BasicInfo", "Profile")</li> which is calling ProfileController action BasicInfo, and the ProfileController is decorated with Authorize attribute which redirected action to login. Quite a stupid and misleading mistake... Once I checked if user is authenticated before this action everything was ok...
How do you access url parameters inside of $stateProvider.state's stateConfig object?
angularjs,authorization,angular-ui-router
This could be solved using the more prams of the $stateChangeStart event // instead of this $rootScope.$on('$stateChangeStart', function (event, next) { // we can use this $rootScope.$on('$stateChangeStart' , function (event, toState, toParams, fromState, fromParams) { and that means, that we now have access to all passed params inside of the...
ios how is permission/Authorization working?
In short, yes. The app will ask for the location and camera both permissions in your new app. Also, this is more complicated when it comes to location access. There are 2 cases: 1) Foreground Permission: Your app asks for permission to use the location when you app is in...
Sitecore 8 error SPEAK error after upgrade
asp.net-mvc,authorization,sitecore,sitecore8,sitecore-speak-ui
Have you compared the DLLs in your bin directory to the zip of the web root from dev.sitecore.net? Are you missing any of the SPEAK DLLs? These are the SPEAK DLL's i have in my Sitecore 8 site. Also as Kam said check your call all the SPEAK config files....
Where to apply domain level permissioning
design-patterns,permissions,authorization,onion-architecture,hexagonal-architecture
One could argue that access checking should always be as close to the code that performs the operation as possible to reduce the chance that someone can find a side-channel that bypasses access checking. That said, if you can use a wrapper class such that you guarantee that in the...
Hide ActionLinks based on user roles without exposing roles in view
asp.net-mvc,controller,authorization,actionlink
One possibility is to use MvcSiteMapProvider for your menu. It has a built-in security trimming feature that automatically hides links according to AuthorizeAttribute. If you don't like the built-in HTML helpers, you can customize the templates and/or build your own HTML helpers that hide links based on node accessibility. Or,...
Getting Location Services to work in IOS 8
ios,objective-c,authorization,cllocationmanager
You have to do it like this: 1)#import <CoreLocation/CoreLocation.h> 2)Set delegate CLLocationManagerDelegate 3)Create CLLocationManager *locationManager; Object 4)#define SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(v) ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] != NSOrderedAscending) in your .m file 5)Setup location manager if (self.locationManager==nil) { self.locationManager = [[CLLocationManager alloc]init]; } self.locationManager.delegate = self; CLAuthorizationStatus status = [CLLocationManager...
correct syntax postgresql query with two conditions, rails, eula acceptance / version test
ruby-on-rails,ruby,postgresql,devise,authorization
You seem to be going round in circles. Would this work? if current_user.contracts.find_by(eula_version: 3)...
ASP.NET Web API Authorization tokens expiring early
asp.net-mvc-4,authorization,asp.net-web-api2,bearer-token
Check the WebServer, In IIS the Machine Key can be set at the application level, every time the app pool recycles a new Machine Key is generated hence you need a new token. You can set the Machine key on the Website level or Root Server Level. Maybe this might...
django-rest-framework : restrict RelatedField queryset according to request
python,django,authorization,django-rest-framework
Well you could try overriding queryset in init of serializer. something like def __init__(self, *args, **kwargs): super(MySerializerClass, self).__init__(*args, **kwargs) if self.context.get('request', None): field = self.fields.get('b') field.queryset = field.queryset.filter(user=request.user) Current user shall be accessible through self.context....
ASP.net Web API 2 controller with multiple authentication filters
.net,web-services,authentication,authorization,asp.net-web-api2
The last Authentication filter to run successfully simply clobbers the Principal. When you look at the Principal object and the ridiculously complex Claims collections attached to it, you will think that all this complexity is surely intended to support multiple successful authentications! But you'd be wrong. Only one can succeed....
Use ALFA in standalone mode
It is not possible just yet but it will be in the near future. Stay tuned for further developments
Call java function based on name read from file [duplicate]
java,xml,authorization,function-call
You can get an instance of your target class using Class.forName(). The simplest way to instantiate an instance of your class is to do c.newInstance() but if you need to pass constructor arguments you may need to use c.getConstructors() first, followed by ctor.newInstance. You then use the Class instance to...
Using JMX with Jaas for jconsole authentication
java,authentication,authorization,jmx,jaas
This is solved by using a Jaas custom login module, then bouncing and relaunching the JMX process with the following in the command line: -Dcom.sun.management.jmxremote.login.config=Sample -Djava.security.auth.login.config=sample_jaas.config where sample_jaas.config has a setting like this: Sample { sample.module.SampleLoginModule required; }; and my SampleLoginModule implements the LoginModule interface, and in its login() method...
Access to header information by $resource in AngularJS
angularjs,http-headers,authorization,angular-resource
Documentation for $resource Success callback is called with (value, responseHeaders) arguments. Seems like you can just get the headers with function (res, headers) { console.log(headers); }...
DotNetNuke Service API Authorization throwing 401 Unauthorized code
service,authorization,dotnetnuke,dotnetnuke-module
I am not sure but working with the WebAPI you have to register the Service Framework anti forgery stuff ServicesFramework.Instance.RequestAjaxAntiForgerySupport(); This is part of asking the API to work with a specific module....
Azure AD Graph API User memberOf nested groups
c#,azure,authorization,azure-active-directory
Yes. The getMemberObjects API returns all groups (transitive) of which the user is a member: https://msdn.microsoft.com/en-us/library/azure/dn835117.aspx . Also, using the checkMemberGroups API you can check whether or not the user is member of a group (transitively): https://msdn.microsoft.com/en-us/library/azure/dn835107.aspx However for your requirement the application roles feature of Azure AD might be...
Stop Hacks to Wordpress Site - New User Added
wordpress,security,authorization
You clearly have a more serious compromise, like an uploaded malicious script or an unpatched vulnerability. You need to rebuild your site from scratch (clean install of the current versions of WP and any plugins and themes, using a known-good database export) ASAP before something really bad happens. Unfortunately, it's...
Duplication of data in explicit authorization
permissions,authorization,relational-database,rdbms
I think you're on the right track with roles. When logging in, you should request your roles as scopes. It's not a terrible idea to namespace them by API and maybe group ids, if they apply. scopes: ['forum:admin:somegroupid'] The login service could then validate that role by asking the service...
socket.io room authorisation
node.js,websocket,socket.io,authorization
Joining a room can only be done on the server. The client typically sends an application-specific message to the server that indicates to your app that they want to join a specific room and then the server carries out that operation on the user's behalf if the request is valid....
Java Google Coantacts API Access Service Account Authentication
java,google-api,authorization,google-oauth,google-api-java-client
Without calling setServiceAccountUser() my code just worked perfectly fine. But you just will have an impersonated account (service_account_mail) not your personal contacts. Another possible source for a "401 Unauthorized" exception is leaving the credential.refreshToken() away. The call is necessary to write the access-code into the reference. Below the finished class:...
Microsoft Dynamics CRM and application authentication and authorization
authentication,authorization,dynamics-crm,dynamics-crm-online,dynamics-crm-2015
There is a setting on the user called Access Mode that, when set to Non-interactive, makes it so the user doesn't consume a license. Here's an article that outlines how to set a user up for this type of access: http://www.crminnovation.com/blog/crm-online-non-interactive-user/...
Storing Google App Engine User Nicknames with PHP [closed]
php,google-app-engine,authorization
While it's very rare that the nickname will ever change is still possible, so your best option use user's ID by calling the getUserId() instead.
Security+Authentication+Authorization with Java EE 7 [closed]
java,java-ee,authentication,ejb,authorization
I strongly recommend PicketLink for your JavaEE application. It's CDI-managed (so you don't need Spring or other heavy-weight framework), has a big pack of tutorials and quite simple for beginners. UPD: It's JBoss dependent....
Rails 4.2: Role Based Auth and Separate Attributes
ruby-on-rails,authentication,devise,authorization,table-relationships
After a great deal of research into using Polymorphic Associations, a friend suggested a gem that provided an even simpler approach that simulates Multi-Table Inheritance via Modules. The gem is called Active_Record-Acts As. https://github.com/hzamani/active_record-acts_as My set up will looks something similar to this: class User < ActiveRecord::Base actable validates_presence_of :first_name,...
SonarQube LDAP authentication is not working
authentication,ldap,authorization,sonarqube
"Enable Access Control" is for authorization to access the LDAP Directory Information Tree (and not for authorization of the application). I discovered this later. For application level authorization, attributes like memberOf or isMemberOf are used. Apache Directory Server does not support the memberOf or isMemberOf attribute as on the...
Ruby on Rails Why isn't my create user working using bcyrpt gem?
ruby-on-rails,ruby,login,authorization,registration
Is there any error displayed in the console? Do check that. Are you defining user_params? ...
MVC5 ASP Identity dynamic Authorize attribute
c#,asp.net-mvc,authorization,asp.net-identity,authorize-attribute
The definition of a code attribute in C# is that it is static - hence why you cannot have a method, GetRoles(). You proposed wanting an attribute such as: [Authorize(Roles=GetRoles("UpdateProduct"))] This would mean you would have to implement GetRoles() in your code so use a custom attribute that is derived...
Paypal PHP How to check validity of refresh token for future payments
php,paypal,authorization,token
The exchange of a refresh token to an access token should fail if the account is closed. However, this won't help you out if they closed the account after that exchange but before the payment. If you are allowing the use of the service and then payment later, I'd recommend...
Custom Authentication and Authorization for different user types in asp.net mvc
asp.net,asp.net-mvc,authentication,authorization
Your solution seems to conflate two related but distinct functions: authentication and authorization. Authentication tells you who the user is. Authorization normally occurs after authentication and tells you what the user can do, typically expressed as a list of one or more roles. Under this traditional model, you would have...
WCF authentication + authorization
It feels pretty lame to query database for userId by his username for each request. I disagree. In order to provide secure WCF service I would check credentials per request. One way of doing it is to create custom UserNamePasswordValidator and override Validate method. You should also configure your...
Gitlab: Can I create a Branch visible to only certain developers?
permissions,authorization,branch,gitlab
No, it is not possible to have a read protection to certain git branches. That would also defeat how git works. What you could do is forking a repository, creating a branch here and only grant restricted permission to the entire repository. Later it would always be possible to merge...
How to Read the JSON Payload in a JAX-RS Filter
java,filter,jersey,authorization,jax-rs
request.getEntityStream() will contain an InputStream that represents the body. You can read it there.
WCF Show/Hide Methods For User Groups
Are you interested in physically hiding operations from the group? If so you'll need to host separate services which define only those operations. In this scenario, common operations will need to be replicated or refactored out into another service. If you're only interested in restricting access to certain operations based...
Restlet Authorization by Method AND User
java,authentication,authorization,restlet
In fact, I think that you should leverage the role support of Restlet. In fact, Restlet provides two additional elements regarding security: Verifier that actually authenticates the user based on provided credentials within the request Enroler that loads the roles of the authenticated user. Here is a sample for a...
How to have a rails admin and only 1 admin that can edit & create new posts
ruby-on-rails,ruby-on-rails-4,devise,authorization,pundit
If you just want to have 1 user, a single administrator, with a login and password, and no other user accounts, then I would recommend HTTP Digest Auth, which is supported by rails out-of-the-box and doesn't require any extra gems or plugins. (Or HTTP Basic Auth, but digest auth is...
Role concept in the authorization
I would strongly suggest against implementing your own logic. Just search around in SO for many failed attempts. There are plenty of frameworks that let you do just the right level of access control you are looking for. Some are even mentioned in the comments. Have a look at: Spring...
Thinktecture Authorization Server SAML Identity Provider
authorization,saml,thinktecture
Authorization Server uses WIF and WIF doesn't support SAML. Neither does identityServer. You could go the route: Authorization Server --> WS Fed --> ADFS --> SAML --> SAML IDP or add a SAML stack to Authorization Server. This is non-trivial!...
Youtube API returning Insufficient Permission when requesting comments
php,api,youtube-api,authorization
I found the solution. Using the force-ssl scope fixed it. $client->addScope(Google_Service_YouTube::YOUTUBE_FORCE_SSL); Not sure why the ssl scope works when the plain youtube scope doesn't, especially for just listing comments....
HTTPClient getting two 401s before success (sending wrong token)
c#,.net,http,authorization,.net-4.5
What you are experiencing is normal, this is how the NTLM authentication scheme works. 1: C --> S GET ... 2: C <-- S 401 Unauthorized WWW-Authenticate: NTLM 3: C --> S GET ... Authorization: NTLM <base64-encoded type-1-message> 4: C <-- S 401 Unauthorized WWW-Authenticate: NTLM <base64-encoded type-2-message> 5: C...
API Authentication Method - am I doing it correctly?
rest,authentication,authorization,privatekey,public-key
Let me start by saying I don't have any credentials in the security world. Please take everything I say with a grain of salt. A couple of general thoughts It seems like you want to roll your own which is a bad idea in any security-related area. Even more so...
How to use LDAP to implement a resource/action based authorization?
c#,ldap,authorization,rbac,abac
You can take a step back and look at the bigger access control / authorization use case. IF you want to do resource-action based authorization, you can roll out ABAC, the attribute-based access control model. ABAC is an evolution of RBAC and identity-centric authorization. It was designed by NIST, the...
tastypie obj_create and authorization
python,django,authorization,tastypie
I have not received an answer to my question, and added these lines to the top of the method RecordResource.obj_create(): if not bundle.request.user.laptop.approved: raise Unauthorized(u"Доступ планшета к данным не подтвержден администратором.") ...
IdentityServer3 with external user management
authentication,authorization,thinktecture-ident-server,thinktecture
Either connect to your "external custom service" form within your IUserService (idsrv specific) - or treat it as an external identity provider. In that case you need to write a Katana authentication middleware for it (reusable Katana component). For the UserService check the IdentityServer docs. For Katana authentication middleware -...
OnAuthorization causes Redirect Loop
c#,asp.net-mvc,redirect,authorization
A good way to solve this problem would be to check in your ExtendedAuthorize attribute whether the OnAuthorization is running at the page you want the user to redirect to. I guess your ExtendedAuthorize is something like the following: [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public class...
Paypal Payments (Authorization & Capture) not returning Authorization ID
api,paypal,authorization,capture
In the beggining, when you create the payment with intent authorize you should be getting an authorization object within the response. This object has the id you need for the capture later. Check this blog post to see if you're missing something fundamental in the picture. I followed the tutorial...
Restrict Pyramid to require login by default
Use config.set_default_permission to set a permission for views for which none is set explicitly. Thus you could do config.set_default_permission('private_view') and restrict the 'private_view' permission to authenticated users; and then explicitly allow the some views, like login, for unauthenticated users. Do also note that: If a default permission is in effect,...
Accesing internal webpage using google-map signed-in button
django,google-maps,authorization
I believe that the button you are talking about is part of the Google Maps Javascript API - see: https://developers.google.com/maps/documentation/javascript/signedin Essentially the google maps sign in does not appear to offer user authentication that can be used with python. The python version of google maps uses a server key that...
Adding authorization to routes
ruby-on-rails,rest,routes,authorization
Do you know the gems rolify and CanCanCan? I think they can help you manage authorizations on resources in a single place instead of having to do it in every controller....
undefined method `total_pages'- When use load_and_authorize_resource
ruby-on-rails,ruby-on-rails-4,authorization,cancancan
Change the object name used for pagination . def getAssignments @assignments = Assignment.all if (@assignments != nil && @assignments.length > 0) then @assignment = @assignments.paginate(:per_page => 5, :page => params[:page]) end end and in your view like this <% if @assignment != nil then%> <%= will_paginate @assignment, :class => @paginationClass.to_s,...
Should i do authorization on my Domain Services?
c#,authorization,domain-driven-design
It makes sense to do authorization in any methods that need authorization otherwise there will be a security problem, especially when these methods are entry points in your backend logic. That means if you deploy these domain services as another tier which is accessible from outside, these methods really need...
How to create log-in functionality in ASP.NET MVC?
if you want the User object in your Session you can set it easily here if (user.Password == usr.Password) { Session["current_user"]=user; return RedirectToAction("Index"); } I recommend to create a new object where the password is not available in the Session. Also you should think about how to save the password....
OnAuthorization isn't being called
asp.net-mvc,asp.net-web-api,authorization
The problem was that the authorization I implemented was from MVC. But for web api, another authorization is needed, which looks nearly the same but differs a bit. First I had to remove the reference to MVC in the custom authorization class and use web.http instead: So. I had to...
Getting HTTP 401.2 Unauthorized when porting old Web Forms to OWIN
c#,asp.net,authentication,authorization,owin
The issue was I've removed all authentication types from IIS At least Anonymous Authentication was required to be selected in IIS. The same error could be reproduced with the sample apps like WebApp-OpenIDConnect-DotNet by disabling Windows and Anonymous Authentication in the Project Properties for IIS Express....
Hadoop-2.6.0 Authorization not working for MR jobs
security,hadoop,authorization,kerberos
I found the answer in the cloudera Documentation here It seems that the property security.job.client.protocol.acl is for MR1 and for MR2 we can use security.applicationclient.protocol.acl. ...
How to enable user log in from the only one machine(by acquiring CPU Serial) to the ASP.NET-MVC web application
.net,asp.net-mvc,security,authorization
The only solution that I can think of is to issue client certificates, and use certificate authentication in your application. Managing certificates To manage certificates you need to implement a PKI, which requires: Get a Certification Authority, needed to issue the certificates (it can be a public CA or you...
How to use DatabaseCertificate login module
authentication,jboss,authorization,wildfly
I see 2 problems here. If you want to use your database only to load roles, then use the password-stacking in both login modules. It says to subsequent login modules not to check the credentials and only load roles. The DatabaseCertificate login module should be used together with SSL/TLS and...
google OAUTH2 exchange authorization code for acces token “invalid request”
php,google-api,authorization,access-token
You're sending the parameters in a GET request to the authorization endpoint (https://accounts.google.com/o/oauth2/auth), but you must send them in a POST request to the token endpoint (https://accounts.google.com/o/oauth2/token).
RESTful security authorization
java,javascript,security,rest,authorization
You want to look at the implicit flow in OAuth 2.0 which is specifically geared towards clients running JavaScript in the browser. It's not using asymmetric encryption directly in JavaScript. If you want to do that, you could look at the crypto-js library....
How to securely register users on App Engine using multiple OAUTH providers?
android,facebook,google-app-engine,oauth,authorization
When your app authenticates a user, store an object in a session which contains an oauth provider that has been used to access the app and, optionally, a token to be used for subsequent requests. Now you can check for this object in every call to the server. If the...
Allow only specific/official HTML5 Web Apps to connect to a Websocket host
html5,api,websocket,socket.io,authorization
There is really no way to do this directly because of the openness of code that runs in a browser. You can require APIkeys or some such thing, but if you're using those APIkeys from a browser, they are not a secret so anyone can discover them and use them...
Is there a way to use AutoFac Web Api Authorization Filters through Attributes instead of injection?
asp.net-web-api,filter,dependency-injection,authorization,autofac
Unfortunately, if you want DI in your filters, you can't use attributes. Per the docs: Unlike the filter provider in MVC, the one in Web API does not allow you to specify that the filter instances should not be cached. This means that all filter attributes in Web API are...
How to do simple authentication with QuickBooks Online without using OAuth?
java,authorization,quickbooks,quickbooks-online
Normally, you wouldn't have to go through the OAuth process again. You can use the app token from the other app you mentioned. But since you created a new app at developer.intuit.com you will need to generate a token from that app, which isn't a big deal. You can get...
Add Retrofit Requestinterceptor with Dagger at runtime
android,oauth-2.0,authorization,retrofit,dagger
The key is to always add the RequestInterceptor and then change whether or not it adds the header. class ApiHeaders implements RequestInterceptor { private String authValue; public void clearAuthValue() { authValue = null; } public void setAuthValue(String authValue) { this.authValue = authValue; } @Override public void intercept(RequestFacade request) { String...
Best way to prevent unauthorized user on Angular site from seeing site for a split second before being redirected to login?
javascript,angularjs,api,authorization,interceptor
If you use a ui-router for your application routing, you could use nested states and a resolve clause in a parent of your 'authenticated' states to make sure that you only get to that controller/template if your 'login' request has successfully resolved and to redirect to a 'sign-in' state if...
Authentication with OAuth and JWT but without OpenID Connect
session,authentication,oauth,authorization,openid-connect
By requiring that the access token is a JWT, agreeing on the user claims that go in to the JWT, putting expiration/issuance timestamps in there and making sure that you cryptographically verify the issuer of the token you're actually doing the very same thing that OpenID Connect is doing: "profiling"...
Google Cloud Storage: How can I grant an installed application access to only one bucket?
authorization,google-cloud-storage,google-cloud-platform
It turns out I'm using the wrong OAuth flow if I want to do this. Thanks to Euca for the inspiration to figure this out. At the time I asked the question, I was assuming there were multiple projects involved in the Google Developers Console: One project for me, the...
Openid Connect signing in through multiple providers
authentication,authorization,openid
That totally depends on what you're signing in to. Both options are feasible and the Relying Party that uses AOL/Google for login decides how the accounts are treated/connected.
PayPal - Check tickets still available before sending the money
php,paypal,authorization,stock
You can use any of PayPal's payment products. The standard thing to do when selling limited quantity goods, or other goods which have fullfillment costs/delays/challenges, is to collect a payment authorization from the buyer (so use PAYMENTACTION=AUTHORIZATION), then allocate/reserve/sell the goods to that particular buyer, then capture the funds. Personally...
How to create permisison based on user group in codeigniter?
php,mysql,codeigniter,authorization
I have created menu table and menu permission table seperately. menu table menu id menu name menu permission table id menuid usergroup_id Check whether the current logged in user group id is available in menu permission table or not public function get_menus($user_group_id) { if ($user_group_id == 1) { $query =...