getting 401 to access http://localhost:8080/oauth/token
java,javascript,angularjs,oauth,spring-boot
In case of OPTIONS request, you should not do further processing, i.e. skip the call to chain.doFilter(req, res), e.g.: HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; response.addHeader("Access-Control-Allow-Origin", "*"); if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers",...
Can I associate a user's account with an action to the drive API?
javascript,oauth,google-drive-sdk,google-spreadsheet,google-oauth
The short answer is no. You'll be using the spreadsheets API (NOT the Drive API) to update the sheet.As far as Google is concerned, the "user" is your application, regardless of which human was driving the application at the time. Your application knows who the human is, and so it...
Spring Oauth2 RemoteTokenServices error on extractAuthentication
java,spring,oauth,spring-security,spring-security-oauth2
I found the "solution". There was a version mismatch in my pom files. While my auth server was running spring-security-oauth2-2.0.5.RELEASE my resource server was running spring-security-oauth2-2.0.7.RELEASE . The versions declare the response differently. ...
Twitter OAuth : Invalid or expired token [its NOT duplicate]
php,twitter,oauth,twitter-oauth
Finally, I found a solution. All you need to do is, once you get the callback, initialize the class again with new access token. $connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier'])); $connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $access_token['oauth_token'], $access_token['oauth_token_secret']); I don't know why that works,...
POSTing with JSON using npm request
var formData = { client_id: '0123456789abcdef', client_secret: 'secret', code: 'abcdef' }; request.post({ url: 'https://todoist.com/oauth/access_token', form: formData }, function (err, httpResponse, body) { console.log(err, body); }); Please try this code....
Authentication with OAuth and JWT but without OpenID Connect
session,authentication,oauth,authorization,openid-connect
By requiring that the access token is a JWT, agreeing on the user claims that go in to the JWT, putting expiration/issuance timestamps in there and making sure that you cryptographically verify the issuer of the token you're actually doing the very same thing that OpenID Connect is doing: "profiling"...
When to refresh token?
rest,authentication,oauth,lync,ucwa
The response from ticket service will provide the user with the OAuth token, type of token, and an expiration value. This value is measured in seconds which means you can divide out minutes (60) or hours (3600) to get a value that you can expect requests to start failing with...
How do i retrieve values (Message) and (Code) from the reply of twitter api?
Try foreach($reply->errors AS $error){ echo 'error code:'. $error->code; echo 'error message:'. $error->message; } As you can see, errors property is an array, so you must itarate...
How can I instantiate Ruby's RestClient?
I would go with preparing a hash url_regexp ⇒ access_token and generic add_before_execution_proc: @access_tokens = { /google/ => ..., /msoft/ => ... } RestClient.add_before_execution_proc do |req, params| token = @access_tokens.detect { |req_rex, token| req_rex =~ req }.last token.sign!(req) unless token.nil? end Of course the check should be done carefully, probably...
How to wrap oAuth headers in clj-http?
oauth,clojure,twitter-oauth,clj-http
I've had difficulty in the past trying to use clj-oauth (mostly because of my own understanding of clojure) but I found twitter-api pretty straightforward to use. It makes use of clj-oauth internally.
[OAuth2 authorization server]refresh token's expire time need different with access token?
That's true: refresh tokens issued by the OAuth2 authorization server built in OWIN/Katana always have the same expiration date as access tokens ; even if you specify an explicit ExpiresUtc property in AuthenticationProperties when you call IOwinContext.Authentication.SignIn(identity, properties) https://github.com/yreynhout/katana-clone/blob/master/src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs#L333 That's not really convenient for the reasons @Hans mentioned but you...
How to share developer account at LinkedIn
As I understand your question, I hope you're looking for following. Goto https://www.linkedin.com/developer/apps and select the app you want to make them administrator. Then select 'Roles' from the left menu and set them as administrator....
invalid_grant error while getting access token via OAuth 2.0
python,python-2.7,oauth,oauth-2.0
The redirect_uri used in the redirect to the authorization endpoint differs from the one that you use in the login function that exchanges the code at the token endpoint. As the docs at http://developer.runkeeper.com/healthgraph/getting-started ("Connect your Application to a User's Health Graph Account", bullet 3.) stipulate, it should match exactly:...
jshint and variable names out of my control
javascript,angularjs,oauth,jshint
var OAUTH_TOKEN = 'oauth_token'; var oauthToken = $location.search()[OAUTH_TOKEN]; Ofc choose a more appropriate name for the variables...
Dotnet open auth with Facebook and Email/Password login with aspnet_membership tables
oauth,asp.net-membership,dotnetopenauth
First of all, you should not alter aspnet_membership table. If so, underlying store procedures will stop working. Instead, you want to create a new table with UserId as primary key, and make one-to-one relationship with aspnet_membership table. FYI: the ASP .Net Membership Provider you are using is more than 10...
Accessing Calendar, Mail and Contacts of an OAuthenticated user
oauth,ews,azure-active-directory
You have a choice: Call the separate service apis - Your problem is that you acquired a token to call AAD, and then tried to use that to call Outlook - you need to make a separate call to acquire a token for outlook.office365.com through ADAL or through the token...
Authentication Issue with WP-API and Net::Http
ruby,wordpress,oauth,wordpress-plugin,net-http
I simply install this basic_auth plugin in my Wordpress site. First, I download the zip file from this link Now extract it to /content/plugins folder in your project directory Activate this plugin from your wp-admin interface. Now I use the following code snippet for authentication uri = URI.parse("http://vagrant.local/wp-json/wp/v2/posts") http =...
Google API OAuth 2.0 Service Account C# First time vs every day use
c#,oauth,google-api,service-accounts
As I've commented, the article "Using Google Drive API with C#" part 1 and part 2, shows how to store the refresh token and use it to authenticate in the name of app. It's also warning about the limitations of the service account, in many cases "useless" as you said....
ASP.NET Web API social authentication for Web and Mobile
c#,android,asp.net,asp.net-web-api,oauth
I've successfully done this very task within my own ASP.NET MVC application using ASP.NET Identity, but then hit the issue you mention: I need this to work using Web API as well so that my mobile app can interact natively. I was unfamiliar with the article you linked, but after...
Unable to obtain token using Abraham's TwitterOAuth for PHP; HTTP 500 returned
php,twitter,oauth,twitter-oauth
It turns out that a response was never obtained. As a result, attempting to process a response, when there was none resulted in errors on the server side. One of the PHP functions that Twitter OAuth relies upon is curl. I had tested to see if curl_init existed: print function_exists('curl_init')...
Access a Google Drive spreadsheet in Ruby on Rails
ruby-on-rails,ruby,oauth,google-api
I managed to get an answer on Reddit. You need a Service Account and to share the document with your service app's email. The p12 key has to be stored somewhere as well. @email = "[email protected]" @key = "path/to/key.p12" key = Google::APIClient::KeyUtils.load_from_pkcs12(@key, 'notasecret') auth = Signet::OAuth2::Client.new( token_credential_uri: 'https://accounts.google.com/o/oauth2/token', audience: 'https://accounts.google.com/o/oauth2/token',...
How to debug a script put in module's config?
Use your browser's built-in debugger. Chrome: https://developer.chrome.com/devtools/docs/javascript-debugging Firefox: https://developer.mozilla.org/en-US/docs/Tools/Debugger Firebug: http://getfirebug.com/javascript IE: https://msdn.microsoft.com/en-us/library/gg699336%28v=vs.85%29.aspx ...
Google API Exception “invalid_grant” in DEVs GlassFish but not in Local
java,oauth,google-api,glassfish
Solved it by the answer on this post: Invalid grant when accessing Google API The problem was that the server's clock was not synchronized with NTP. That was it......
OAuthException: No token available when using Gunicorn and Flask
python,oauth,flask,gunicorn,digital-ocean
Turns out that requesting the access token before requesting data from Facebook solved the problem. So my authorized method should look like this: @app.route('/login/authorized') @facebook.authorized_handler def authorized(resp): if resp is None: return 'Access denied: reason=%s error=%s' % (request.args['error_reason'], request.args['error_description']) session['oauth_token'] = (resp['access_token'], '') me = facebook.get('/me') picture =...
OVH API Authentication with powershell
I think you 've forgoten to prepend $1$ to the signature. "$1$" + SHA1_HEX(AS+"+"+CK+"+"+METHOD+"+"+QUERY+"+"+BODY+"+"+TSTAMP) ...
authorization code for Github API used in R
The authorisation code is the code that github supplies after a correct OAuth 2.0 'dance' (to use Hadley Wickham's term). The easiest way of doing this is to use httpuv (install.packages("httpuv")). With that installed, a local webserver is setup on port 1410 and provided you've setup your github application appropriately...
Linkedin Oauth Javascript authorization “uh oh!”
You need to go to your applications permissions immediately and uncheck all boxes except the 4 that appear in this screenshot. I was able to get my integration working again after that. They seem to not be handling people who had permissions enabled they no longer have very gracefully. You,...
Providing login_hint option for Google Oauth2 redirect
You should pass the variable to state. In the callback argument, you can parse your variable from state argument. For example, https://accounts.google.com/o/oauth2/auth?scope=email profile&state={"user_id": 1}&redirect_uri=http://localhost&response_type=code&client_id=xxxxxxxx.apps.googleusercontent.com&approval_prompt=force The callback url will be http://localhost/code?state={"user_id": 1}&code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7...
Bearer token in MVC controller to access Web API
asp.net-web-api,oauth,oauth-2.0,bearer-token
OAuth flow for server to server: your web server connects to your Authorization server (AS, included in the Web API host, in this case) with a shared secret the AS (web API) returns the token to your web server the web server stores the token to use it on the...
Laravel 5 Session variables not persisting after redirects Twitter OAuth
php,session,laravel,twitter,oauth
Issue was in config/session 'driver' => env('SESSION_DRIVER', 'file') env 'SESSION_DRIVER' was empty, changing the line to: 'driver' => 'file' Solves the problem and now session variables persist on redirects....
Using 3scale with shared OAuth authorisation server
api,oauth,openid-connect,3scale
TL;DR: Use the 3scale API call to store access_tokens so they will be honoured by 3scale: https://github.com/3scale/nginx-oauth-templates/tree/master/oauth2 curl -X POST "http://su1.3scale.net/services/<SERVICE_ID>/oauth_access_tokens.xml?provider_key=<PROVIDER_KEY>&app_id=<CLIENT_ID>&token=<TOKEN>&ttl=<TTL>" 3scale provides a number of API calls to manage access tokens, this includes storing as well as deleting access tokens. You can find a list of these API calls...
Using Promise.all() for multiple http/oauth queries
Promise.all() only works properly with asynchronous functions when those functions return a promise and when the result of that async operation becomes the resolved (or rejected) value of the promise. There is no magic in Promise.all() that could somehow know when the fitbit functions are done if they don't return...
Why isn't my Azure Website accepting OAuth tokens?
azure,oauth,claims-based-identity,azure-active-directory
So it turns out that I was using the Uri class to validate the App ID URI. Problem is, it adds a trailing slash onto to the end, which causes problems. As soon as I started using the string class to store the App ID URI, it was fine. So...
Authentication in ASP.NET 5 (vNext)
asp.net,oauth,asp.net-5,asp.net-mvc-6
Microsoft.AspNet.Authentication.OAuth Allows 3rd party Identifiers (e.g. Google, Facebook) to authenticate users for you, saving your users the annoyance of registering. Allows other apps to use your application for Authentication Once your users are Authenticated by a 3rd party, the OWIN middle-ware reads their OAuth cookie and creates a domain specific...
Deploy to heroku without redirecting to localhost with passport callback
facebook,heroku,oauth,callback,passport-facebook
Did you add the callback URL to the app's settings? You have to add the site URL as that in the facebook developer app settings for it to allow facebook to make callbacks to any particular website. Should be under either basic settings on site URL or advanced settings on...
how to specify the redirect url for the google sign-in button
Param name is data-redirecturi. Example: <div class="g-signin2" data-onsuccess="onSignIn" data-scope="https://www.googleapis.com/auth/plus.login" data-accesstype="offline" data-redirecturi="https://www.example.com/redirect_uri"></div> Note that you don't have to set data-cookiepolicy, it's single_host_origin by default....
Python gdata API returning empty data with oauth2
python,google-app-engine,oauth
I sorted this out. There were a few things I had to do differently: Download the private key from Google as a p12 file. Convert the .p12 file I downloaded from Google into a pem file with the following command. The default password is 'notasecret'. openssl pkcs12 -in key.p12 -nodes...
Using an OpenID Connect server to authenticate between two applications [closed]
You have to validate that token somehow and protect your REST service with it. You can do this by adding a filter to your application: https://jersey.java.net/documentation/latest/filters-and-interceptors.html With this filter, you can check the Authorization HTTP Header, get the token that's inside it and validate it. If it validates, you can...
Twitter iOS User Login
There is a method Twitter.sharedInstance.logOut to delete the local Twitter user session. And you also should clear Twitter-related cookies in NSHTTPCookieStorage to prevent using of old credentials in further UIWebView-based login sequence.
Twitter's live streaming API unauthorized(android)
android,twitter,oauth,twitter-streaming-api
Problem solved. Here is the modified code: protected Integer doInBackground(Integer... params) { try { DefaultHttpClient client = new DefaultHttpClient(); OAuthConsumer consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET); consumer.setTokenWithSecret(ACCESS_TOKEN, ACCESS_TOKEN_SECRET); HttpGet request = new HttpGet(); request.setURI(new URI("https://stream.twitter.com/1/statuses/filter.json?track=" + mSearchTerm)); consumer.sign(request); HttpResponse response = client.execute(request); InputStream in =...
why android g+ revokeAccessAndDisconnect still keep my g+ permission
I found my answer buildGoogleApiClient should be private GoogleApiClient buildGoogleApiClient() { return new GoogleApiClient.Builder(this) .addConnectionCallbacks(this) .addOnConnectionFailedListener(this) .addApi(Plus.API, Plus.PlusOptions.builder().build()) .addScope(Plus.SCOPE_PLUS_LOGIN) .addScope(new Scope("email")) .build(); } ...
RESTful API: how to securely store bearer API tokens?
I don't see the problem here, so I think I am misunderstanding something in your question. Here is what I think you are asking, please correct me where I am wrong: Your only requirement for the authentication is that it is stateless. Specifically, using OAuth is not a requirement. The...
TypeError: __repr__ returned non-string (type bytes)
python,python-3.x,oauth,ipython
This is a bug in the library; the User.__repr__ method returns bytes on Python 3: def __repr__(self): return '<User {0!r} {1!r}>'.format(self.id, self.username).encode('utf-8') You already filed a bug report with the project, which is great! You can avoid the issue you see in IPython or any other interactive Python console by...
How to implement android RESTful client with Robospice (or something like this) + OAuth?
It depends. Are you talking about OAuth 1 or OAuth 2? For the former, you could use signpost. For the latter, you could use RoboSpice + Google Http Client + Google OAuth Client Library. If you use Google Http Client as your network library, what you need to do is...
Microsoft Graph API Accessing basic info of a user that is outside tenancy
oauth,ms-office,ews,multi-tenant,azure-active-directory
Ah-ah! Forget the use of your tenant ID when talking with the Graph API if you develop a multi-tenant app with OAuth! The equivalent to "common" when requesting a token for a user in or outside your tenancy is... "myorganization"! This will work: https://graph.windows.net/myorganisation/me?api-version=2013-11-08 Oh, it was clearly written in...
PingFederate OAuth validate access token using Apache Integration Kit
You cannot use the Apache Integration Kit (OpenToken) to validate Oauth Tokens. They are completely different token types and formats. However, Hans Zandbelt (from Ping Identity) actually wrote the mod_auth_openidc you link to and per its description, it does the following: "It can also function as an OAuth 2.0 Resource...
Is it possible to use service account with google cloud print [duplicate]
c#,oauth,google-api,google-cloud-print
I had the same problem and I came to the same conclusion as you: the service account does not own the printers. I found a solution here: http://stackoverflow.com/a/19951913/3122797 Basically, what you have to do is share your printers account with your service account. The problem is that the service account...
What is the simplest example of Spring OAuth2 with Java configuration?
java,spring,oauth,spring-security,oauth-2.0
This one the best I ever found https://github.com/spring-projects/spring-security-oauth/tree/master/tests/annotation
Facebook not always asking user for extended permissions
facebook,facebook-graph-api,oauth,permissions
You cannot ask other users than the app's admins/testers/developers for extended permissions until these have been granted to your app during the Login Review process. I suspect that you didn't received the permissions yet. See https://developers.facebook.com/docs/facebook-login/review/what-is-login-review ...
Electron & ReactJS, Use BrowserWindow for GitHub oAuth authentication
oauth,callback,github-api,electron
So what I was missing was the right event. The correct approach is: // Build the OAuth consent page URL var authWindow = new BrowserWindow({ width: 800, height: 600, show: false, 'node-integration': false }); var githubUrl = 'https://github.com/login/oauth/authorize?'; var authUrl = githubUrl + 'client_id=' + options.client_id + '&scope=' + options.scopes;...
What does “offline” access in OAuth mean?
oauth,google-oauth,google-oauth2
Offline access is IMO a really bad name for it, and I think its a term only Google uses its not in the RFC for Oauth as far as I remember. What is Google off line access? When you request Offline Access the Google Authentication server returns a Refresh-Token. Refresh...
Is using a SSO Assertion (JWT or SAML) For OAuth Assertion Flow Common?
oauth,oauth-2.0,single-sign-on,saml,jwt
We use the Salesforce endpoints extensively for token exchange and do exactly what you are trying to do. Other systems have conceptually similar, but slightly different implementations, returning different forms of access_token (e.g. SAP, AWS are 2 good examples). All these are following a model in which they are the...
Retrieve access token for Yahoo API using OAuth 2.0 and Python requests
python,api,oauth,python-requests,yahoo-api
Change your body variable to a dict, i.e., body = { 'grant_type': 'authorization_code', 'redirect_uri': 'oob', 'code': '************', } No other changes are needed. Hope it helps....
Github OAuth flow with Express and Ember.js
node.js,ember.js,express,oauth,github-api
Don't do the second redirect. Instead you want to do a GET request for the token exchange. You're redirect url param must match the original redirect url(make sure it is url encoded): http%3A%2F%2Flocalhost%3A8080%2Fcallback var https = require('https'); var options = { hostname: 'github.com', port: 443, path: '/login/oauth/access_token?client_id=XXXX&client_secret=YYYY&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback&code=' + code', method:...
No Such Client Exception Spring Oauth2
java,spring,oauth,spring-security,oauth-2.0
I'm not sure where the 500 comes from in your case. I see a 406 because there is no JSON converter for the access token (Spring used to register one by default for Jackson 1.* but now it only does it for Jackson 2.*). You token endpoint works for me...
OAuth 2.0 resource owner access token implementation
php,authentication,oauth,oauth-2.0
My overall comment would be that you should not use the Resource Owner Password Credentials grant to achieve what you want but the Authorization Code grant. That would allow you to upgrade your means of authentication independently of the Clients (applications) and achieve SSO as well. It is not the...
Linkedin API - get full data
LinkedIn provided all these fields before May 12th 2015. https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,picture-url,industry,associations,interests,num-recommenders,date-of-birth,honors-awards,three-current-positions,three-past-positions,volunteer,location," + "positions:(id,title,summary,start-date,end-date,is-current,company:(id,name,type,size,industry,ticker))," + "educations:(id,school-name,field-of-study,start-date,end-date,degree,activities,notes)," +...
trouble using AFOAuth2manager to generate HTTPSOauthToken
ios,oauth,woocommerce,afoauth2client
try this NSURL *baseURL = [NSURL URLWithString:urlString]; AFOAuth2Manager *oAuthManager = [[AFOAuth2Manager alloc] initWithBaseURL:baseURL clientID: keyClientID secret:keyClientSecret]; [oAuthManager authenticateUsingOAuthWithURLString:@"/oauth/token" username:myUserName password:myPassword scope:@"email" success:^(AFOAuthCredential *credential) { NSLog(@"Token: %@",credential.accessToken); //Authorizing requests AFHTTPRequestOperationManager *manager = [[AFHTTPRequestOperationManager alloc] initWithBaseURL:baseURL];...
Android OAuth implementation makes receiving share activity stop
android,android-activity,oauth,android-sharing
Good news! I was able to solve this issue. All this time I thought that it had to do with passing the correct Intent flags when starting the receiveSharedDataActivity. Silly me... The problem was that my receiveSharedDataActivity had the noHistory:true parameter set in the AndroidManifest.xml. I needed this because obviously...
Securing Symfony RESTful API consumed by angular front?
angularjs,api,symfony2,oauth,wsse
It all depends on what your requirements are. First of all, OAuth 2 is an authentication mechanism/spec which you can use in combination with sessions/bearer tokens/... This also applies for local accounts (since you want to do user registration). FOSAuthServerBundle is a bundle to implement the server-side of the OAuth2...
Google Sign In issue asking to update to latest
oauth,google-plus-signin,google-signin
A new version 2.0.1 (as of 06.12.2015) has been released. If you run pod update in your project folder, it should get the latest library and update your project to use it.
How do I customize and use Phirehose functions?
php,twitter,oauth,stream,phirehose
To stop after 100 tweets, have a counter in that function receiving the tweets, and call exit when done: class FilterTrackConsumer extends OauthPhirehose { private $tweetCount = 0; public function enqueueStatus($status) { //Process $status here if(++$this->tweetCount >= 100)exit; } ... (Instead of exit you could throw an exception, and put...
Mule OAuth Provider Accesstoken expiry time
I have found the answer it is 86400 seconds which is 24 hours. Link to the documentation is here, however the description for Token Ttl Seconds is misleading, It should be seconds instead of milliseconds. I have logged a jira for the same here
Sequelizejs error when authenticating with passportjs(facebook)
node.js,facebook,oauth,passport.js,sequelize.js
Profile is an array of { value, type } objects http://passportjs.org/docs/profile So you should pass profile.emails[0].value or profile.emails.map(p => p.value)...
how to access end user context on resource server
Yes, that is possible and no - you won't be violating the OAuth standards. Reason: Validation of tokens (exchange of information between the authorization server and the resource server is out of the scope of OAuth spec). Quoting from OAuth 2.0 Token Introspection Since OAuth 2.0 [RFC6749] does not define...
How to get questions using StackOverflow API V 2.2 in PHP
Assuming that you have registered your application. Go to Manage your applications from here http://stackapps.com/apps/oauth Enable Client side flow within App settings. Now as you want to create Desktop application, following are steps: First you need to get Access Token by redirecting user to this link: https://stackexchange.com/oauth/dialog?client_id=[YOUR_APP_ID]&scope=private_info&redirect_uri=https://stackexchange.com/oauth/login_success You (as a...
OAuth2 “client credentials” grant: remote IP check?
That's certainly a valid approach but binds the token tightly to the network layer and deployment which may make it difficult to change the network architecture. The way that OAuth addresses your concern is by the so-called Proof-of-Possession extensions https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture. It may be worth considering implementing that: even though it...
Authenticating mobile app login using webservice using oauth connection
php,android,api,authentication,oauth
Yes, you are on the right track to some extent but let me suggest a way which is used in the industry for a while now. 1st read question and answer to get the basic idea of how it should be done. How to implement 'Token Based Authentication' securely for...
OAuth HwioBundle, different socialNetWork
php,symfony2,oauth,hwioauthbundle
If user's email is similar in both social accounts, you can use email field to identify user. You should create user provider class. If user with provided social token won't be found in database, user provider will try to find user by email and add new social token for specified...
Cross-Domain OAuth… how to get response?
javascript,google-chrome-extension,oauth,cors
How about the following: In the final stage of the auth flow you can redirect to server.com you since you own server.com you can inject a script at the end that passes data to the extension via window.opener.postMessage For example, in the final page rendered by server.com: window.opener.postMessage({"userhash": "abc1234567890"}, '*');...
Does “authenticate with facebook” require a facebook-server to send data directly to my server?
facebook,facebook-graph-api,oauth,oauth-2.0
Will i be able to test/develop the "authenticate with facebook" in this environment? Yes, that should be no problem. (Done it lots of times myself already.) Most of the login flow happens inside your browser anyway. And when it comes to the part of exchanging the code parameter you...
angular-ui replace'?' with '#' on redirect from facebook oauth
angularjs,facebook,facebook-graph-api,oauth,angular-ui-router
You can add this resolve function to your state, which will replace a hash url with the query string url: resolve: { 'urlFix': ['$location', function($location){ $location.url($location.url().replace("#","?")); }] } So a url of /fbauth#access_token=123456&code=abcde&expires_in=99999999 would be redirected automatically Becoming /fbauth?access_token=123456&code=abcde&expires_in=99999999 $stateParams would be populated correctly. The value would be {access_token: "123456",...
How to set new session id after getting access token in OAuth 2.0
The client can handle this by having some logic for handling a request to the Salesforce API which fails with an Unauthorized response. When an Unauthorized response is received the client can ask your web server for a new access token / session id. Alternatively you'd have to use WebSockets...
OAuthorization through app or web api
In OAuth there are these players: the Resources (for example your gmail contacts) this is not a player itself the Owner of the resources (you're the owner of your gmail contacts) The Authorization Server (where you login to gmail) The Resource Server (gmail, which has the contacts). The Client: an...
managed paypal accounts with least friction?
PayPal doesn't have a way for people to sign up entirely through your site, although there are some ways to facilitate the process. You'd probably have to call PayPal to get access to some of those as they are aimed primarily at larger businesses. However, don't neglect the easy/automatic assistance...
How do I allow several Instagram authentications per user with OmniAuth?
ruby-on-rails,ruby,ruby-on-rails-4,oauth,instagram
The first step to creating a multi-authentication (or multi provider) app is to separate your User model from authentications. Make sure you read https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview before starting. We want something like the following: class User < ActiveRecord::Base has_many :authentications end # Represents an OAuth authentication account class Authentication < ActiveRecord::Base belongs_to...
Issue exchanging LInkedIn javascript token to rest oauth token
You are looking at old documentation from LinkedIn. Starting from 12th May, LinkedIn has started rolling out new changes in their API which includes authentication. In my knowledge, LinkedIn is not using OAuth anymore, and you need OAuth2.0 henceforth for authentication. You should check this link for more information: https://developer.linkedin.com/docs/signin-with-linkedin
gspread/OAuth2: authenticated default gmail account (used early in ClientLogin)
oauth,oauth-2.0,google-oauth,google-spreadsheet-api,gspread
It seems that code from EDIT works. Thus, this is working solution: I've followed this tutorial: http://www.indjango.com/access-google-sheets-in-python-using-gspread/ But I modified code from point 1.2: http://www.indjango.com/access-google-sheets-in-python-using-gspread/#comment-2026863410 The only problem is that Google Sheets API returns only 500 results (thus, if using gspread when you have more spreadsheets that are not among...
Azure AD OAuth Access Token Request ::: 400 - Bad Request
Make sure your redirect_uri is the same as the one you used for the authorization code request. Also, you might try adding the resource parameter in your request body.
How to remove OAUTH_PROVIDERS in Spree Social plugin
ruby-on-rails,oauth,spree,class-eval,spree-auth-devise
SpreeSocial::OAUTH_PROVIDERS is going to be redefined when the code initializes the application so just using pop won't be sufficient. Since SpreeSocial is a module not a class you'll need to either: 1) Use a module_eval not a class_eval to redefine the SpreeSocial::OAUTH_PROVIDERS SpreeSocial.module_eval do OAUTH_PROVIDERS = [ %w(Facebook facebook true),...
Ouath2 Google Meteor
meteor,oauth,meteor-accounts,service-accounts
Check your settings for the api key in the Google developer console, to make sure you've added http://localhost:3000/ to the authorized origins and http://localhost:3000/_oauth/google and http://localhost:3000/_oauth/google?close to your authorized redirect urls.
Google OAuth on MVC5 ExternalLoginCallback?error=access_denied
oauth,asp.net-mvc-5,google-oauth
I had the same problem using the latest ASP.Net MVC template with "Individual Accounts" selected. The solution was to enable the Google+ API for my project in the Google Developer console. I found my answer here (scroll down to "Changes to Google OAuth 2.0...")....
Azure Active Directory Login: Web App Permissions, User Consent not triggered
azure,oauth,active-directory,azure-active-directory
If an admin creates an application in their tenant, and requests permissions to other applications, then users in that same tenant are pre-consented for that application. I believe this is why you are not seeing the consent dialogue when user's in your tenant are signing into your application. If you...
Google OAuth service redirects to URL with a # sign at the end
php,url,oauth,google-oauth,fragment-identifier
There's nothing wrong with your redirect URL or client side code. This is something that Google recently added but should be of no concern to you, see also: Google OAuth code appends extra "#" in response and # added to Google+ OAuth 2.0 callback URL
Django-oauth is sending and receiving data without access token in ionic app?
android,django,oauth,ionic,django-authentication
Found the reason. It was happening due to DEFAULT_AUTHENTICATION_CLASS 'rest_framework.authentication.SessionAuthentication', in Django Rest Framework. This class allowed all the apis without access token....
Jira Oauth: 401 Unauthorized in PHP oauth_problem=“signature_invalid”
I am providing different Public key in Jira and in Application. After correction this issue it runs great.
IOS LinkedIn API error
May this information help you - API Terms of Use Transition Guide...
Spotify Web API - Client Credentials - Accessing a users playlists
First question, is it possible to get a users playlist tracks using client credentials flow? Yes, retrieving tracks for a playlist doesn't require user authentication as part of the access token. I've also tried creating the API variable using $api = new SpotifyWebAPI\SpotifyWebAPI(); but this says I need user...
Customizing GET Response Using Python Requests Module
python,oauth,get,python-requests
For production purposes, you should not re-implement oauth. Please have a look at https://pypi.python.org/pypi/oauthlib which is an established library for performing the oauth authentication logic. If you want to stick with requests, then there also is https://github.com/requests/requests-oauthlib. Other than that, regarding your question My question is, how can I replicate...
Configure the authorization server endpoint
c#,asp.net,oauth,asp.net-identity,asp.net-5
Okay, let's recap the different OAuth2 middleware (and their respective IAppBuilder extensions) that were offered by OWIN/Katana 3 and the ones that will be ported to ASP.NET 5: app.UseOAuthBearerAuthentication/OAuthBearerAuthenticationMiddleware: its name was not terribly obvious, but it was (and still is, as it has been ported to ASP.NET 5) responsible...
Google api oauth prolog
oauth,google-api,prolog,swi-prolog
Okay finally worked this step out. If anyone is interested: Using status_code(_ErrorCode) seemed to resolve the problem with streampair and I needed to set redirect_uri='postmessage' for the request to work. I also used http_open rather than http_post. :- use_module(library(http/thread_httpd)). :- use_module(library(http/http_dispatch)). :- use_module(library(http/http_error)). :- use_module(library(http/html_write)). :- use_module(library(http/http_session)). :- use_module(library(http/js_write)). :-...
Tumblr Feed using AngularJS and OAuth.io
angularjs,oauth,tumblr,oauth.io
You have to use $scope.$apply() after modifying the scope in an async function (callbacks/promises) to bind the new value in the view: angular.module('instafeed') .controller('ShowTumblr', function($scope){ var endpoint = 'https://api.tumblr.com/v2/user/dashboard'; OAuth.initialize('[oauth.io key]'); OAuth.popup('tumblr', {cache: true}).done(function(result) { result.get(endpoint).done(function(data){ $scope.posts = data.response.posts; $scope.$apply(); }); }); }); Take a look at this working exemple:...