Menu
  • HOME
  • TAGS

Linkedin Oauth Javascript authorization “uh oh!”

javascript,oauth,linkedin

You need to go to your applications permissions immediately and uncheck all boxes except the 4 that appear in this screenshot. I was able to get my integration working again after that. They seem to not be handling people who had permissions enabled they no longer have very gracefully. You,...

Django-oauth is sending and receiving data without access token in ionic app?

android,django,oauth,ionic,django-authentication

Found the reason. It was happening due to DEFAULT_AUTHENTICATION_CLASS 'rest_framework.authentication.SessionAuthentication', in Django Rest Framework. This class allowed all the apis without access token....

Does Facebook mobile app login return the Facebook profile id (and email address)?

android,facebook,oauth,facebook-login

Yes, you can get both. The ID that you will receive will be an app scoped user id. That means that every App-User combination results in a different (and unique) ID. Stated otherwise; if you have multiple apps in your database, you can't just link every new user to an...

TypeError: __repr__ returned non-string (type bytes)

python,python-3.x,oauth,ipython

This is a bug in the library; the User.__repr__ method returns bytes on Python 3: def __repr__(self): return '<User {0!r} {1!r}>'.format(self.id, self.username).encode('utf-8') You already filed a bug report with the project, which is great! You can avoid the issue you see in IPython or any other interactive Python console by...

Twitter iOS User Login

ios,twitter,login,oauth

There is a method Twitter.sharedInstance.logOut to delete the local Twitter user session. And you also should clear Twitter-related cookies in NSHTTPCookieStorage to prevent using of old credentials in further UIWebView-based login sequence.

Google OAuth on MVC5 ExternalLoginCallback?error=access_denied

oauth,asp.net-mvc-5,google-oauth

I had the same problem using the latest ASP.Net MVC template with "Individual Accounts" selected. The solution was to enable the Google+ API for my project in the Google Developer console. I found my answer here (scroll down to "Changes to Google OAuth 2.0...")....

Github OAuth flow with Express and Ember.js

node.js,ember.js,express,oauth,github-api

Don't do the second redirect. Instead you want to do a GET request for the token exchange. You're redirect url param must match the original redirect url(make sure it is url encoded): http%3A%2F%2Flocalhost%3A8080%2Fcallback var https = require('https'); var options = { hostname: 'github.com', port: 443, path: '/login/oauth/access_token?client_id=XXXX&client_secret=YYYY&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback&code=' + code', method:...

Twitter OAuth : Invalid or expired token [its NOT duplicate]

php,twitter,oauth,twitter-oauth

Finally, I found a solution. All you need to do is, once you get the callback, initialize the class again with new access token. $connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier'])); $connection = new TwitterOAuth('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET', $access_token['oauth_token'], $access_token['oauth_token_secret']); I don't know why that works,...

Securing Symfony RESTful API consumed by angular front?

angularjs,api,symfony2,oauth,wsse

It all depends on what your requirements are. First of all, OAuth 2 is an authentication mechanism/spec which you can use in combination with sessions/bearer tokens/... This also applies for local accounts (since you want to do user registration). FOSAuthServerBundle is a bundle to implement the server-side of the OAuth2...

What does “offline” access in OAuth mean?

oauth,google-oauth,google-oauth2

Offline access is IMO a really bad name for it, and I think its a term only Google uses its not in the RFC for Oauth as far as I remember. What is Google off line access? When you request Offline Access the Google Authentication server returns a Refresh-Token. Refresh...

getting 401 to access http://localhost:8080/oauth/token

java,javascript,angularjs,oauth,spring-boot

In case of OPTIONS request, you should not do further processing, i.e. skip the call to chain.doFilter(req, res), e.g.: HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; response.addHeader("Access-Control-Allow-Origin", "*"); if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers",...

Mule OAuth Provider Accesstoken expiry time

oauth,mule

I have found the answer it is 86400 seconds which is 24 hours. Link to the documentation is here, however the description for Token Ttl Seconds is misleading, It should be seconds instead of milliseconds. I have logged a jira for the same here

Authentication with OAuth and JWT but without OpenID Connect

session,authentication,oauth,authorization,openid-connect

By requiring that the access token is a JWT, agreeing on the user claims that go in to the JWT, putting expiration/issuance timestamps in there and making sure that you cryptographically verify the issuer of the token you're actually doing the very same thing that OpenID Connect is doing: "profiling"...

Issue exchanging LInkedIn javascript token to rest oauth token

oauth,linkedin

You are looking at old documentation from LinkedIn. Starting from 12th May, LinkedIn has started rolling out new changes in their API which includes authentication. In my knowledge, LinkedIn is not using OAuth anymore, and you need OAuth2.0 henceforth for authentication. You should check this link for more information: https://developer.linkedin.com/docs/signin-with-linkedin

Spring Oauth2 RemoteTokenServices error on extractAuthentication

java,spring,oauth,spring-security,spring-security-oauth2

I found the "solution". There was a version mismatch in my pom files. While my auth server was running spring-security-oauth2-2.0.5.RELEASE my resource server was running spring-security-oauth2-2.0.7.RELEASE . The versions declare the response differently. ...

How do i retrieve values (Message) and (Code) from the reply of twitter api?

php,oauth,twitter-oauth

Try foreach($reply->errors AS $error){ echo 'error code:'. $error->code; echo 'error message:'. $error->message; } As you can see, errors property is an array, so you must itarate...

Azure AD OAuth Access Token Request ::: 400 - Bad Request

php,azure,oauth,office365

Make sure your redirect_uri is the same as the one you used for the authorization code request. Also, you might try adding the resource parameter in your request body.

Using an OpenID Connect server to authenticate between two applications [closed]

java,oauth,openid,connect

You have to validate that token somehow and protect your REST service with it. You can do this by adding a filter to your application: https://jersey.java.net/documentation/latest/filters-and-interceptors.html With this filter, you can check the Authorization HTTP Header, get the token that's inside it and validate it. If it validates, you can...

How to implement android RESTful client with Robospice (or something like this) + OAuth?

android,rest,oauth,robospice

It depends. Are you talking about OAuth 1 or OAuth 2? For the former, you could use signpost. For the latter, you could use RoboSpice + Google Http Client + Google OAuth Client Library. If you use Google Http Client as your network library, what you need to do is...

Retrieve access token for Yahoo API using OAuth 2.0 and Python requests

python,api,oauth,python-requests,yahoo-api

Change your body variable to a dict, i.e., body = { 'grant_type': 'authorization_code', 'redirect_uri': 'oob', 'code': '************', } No other changes are needed. Hope it helps....

Sequelizejs error when authenticating with passportjs(facebook)

node.js,facebook,oauth,passport.js,sequelize.js

Profile is an array of { value, type } objects http://passportjs.org/docs/profile So you should pass profile.emails[0].value or profile.emails.map(p => p.value)...

How do I allow several Instagram authentications per user with OmniAuth?

ruby-on-rails,ruby,ruby-on-rails-4,oauth,instagram

The first step to creating a multi-authentication (or multi provider) app is to separate your User model from authentications. Make sure you read https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview before starting. We want something like the following: class User < ActiveRecord::Base has_many :authentications end # Represents an OAuth authentication account class Authentication < ActiveRecord::Base belongs_to...

Customizing GET Response Using Python Requests Module

python,oauth,get,python-requests

For production purposes, you should not re-implement oauth. Please have a look at https://pypi.python.org/pypi/oauthlib which is an established library for performing the oauth authentication logic. If you want to stick with requests, then there also is https://github.com/requests/requests-oauthlib. Other than that, regarding your question My question is, how can I replicate...

POSTing with JSON using npm request

node.js,oauth,request

var formData = { client_id: '0123456789abcdef', client_secret: 'secret', code: 'abcdef' }; request.post({ url: 'https://todoist.com/oauth/access_token', form: formData }, function (err, httpResponse, body) { console.log(err, body); }); Please try this code....

how to specify the redirect url for the google sign-in button

oauth

Param name is data-redirecturi. Example: <div class="g-signin2" data-onsuccess="onSignIn" data-scope="https://www.googleapis.com/auth/plus.login" data-accesstype="offline" data-redirecturi="https://www.example.com/redirect_uri"></div> Note that you don't have to set data-cookiepolicy, it's single_host_origin by default....

Using Promise.all() for multiple http/oauth queries

javascript,oauth,promise

Promise.all() only works properly with asynchronous functions when those functions return a promise and when the result of that async operation becomes the resolved (or rejected) value of the promise. There is no magic in Promise.all() that could somehow know when the fitbit functions are done if they don't return...

Microsoft Graph API Accessing basic info of a user that is outside tenancy

oauth,ms-office,ews,multi-tenant,azure-active-directory

Ah-ah! Forget the use of your tenant ID when talking with the Graph API if you develop a multi-tenant app with OAuth! The equivalent to "common" when requesting a token for a user in or outside your tenancy is... "myorganization"! This will work: https://graph.windows.net/myorganisation/me?api-version=2013-11-08 Oh, it was clearly written in...

Is it possible to use service account with google cloud print [duplicate]

c#,oauth,google-api,google-cloud-print

I had the same problem and I came to the same conclusion as you: the service account does not own the printers. I found a solution here: http://stackoverflow.com/a/19951913/3122797 Basically, what you have to do is share your printers account with your service account. The problem is that the service account...

OAuthorization through app or web api

android,asp.net-web-api,oauth

In OAuth there are these players: the Resources (for example your gmail contacts) this is not a player itself the Owner of the resources (you're the owner of your gmail contacts) The Authorization Server (where you login to gmail) The Resource Server (gmail, which has the contacts). The Client: an...

Google Sign In issue asking to update to latest

oauth,google-plus-signin,google-signin

A new version 2.0.1 (as of 06.12.2015) has been released. If you run pod update in your project folder, it should get the latest library and update your project to use it.

Configure the authorization server endpoint

c#,asp.net,oauth,asp.net-identity,asp.net-5

Okay, let's recap the different OAuth2 middleware (and their respective IAppBuilder extensions) that were offered by OWIN/Katana 3 and the ones that will be ported to ASP.NET 5: app.UseOAuthBearerAuthentication/OAuthBearerAuthenticationMiddleware: its name was not terribly obvious, but it was (and still is, as it has been ported to ASP.NET 5) responsible...

Unable to obtain token using Abraham's TwitterOAuth for PHP; HTTP 500 returned

php,twitter,oauth,twitter-oauth

It turns out that a response was never obtained. As a result, attempting to process a response, when there was none resulted in errors on the server side. One of the PHP functions that Twitter OAuth relies upon is curl. I had tested to see if curl_init existed: print function_exists('curl_init')...

Cross-Domain OAuth… how to get response?

javascript,google-chrome-extension,oauth,cors

How about the following: In the final stage of the auth flow you can redirect to server.com you since you own server.com you can inject a script at the end that passes data to the extension via window.opener.postMessage For example, in the final page rendered by server.com: window.opener.postMessage({"userhash": "abc1234567890"}, '*');...

No Such Client Exception Spring Oauth2

java,spring,oauth,spring-security,oauth-2.0

I'm not sure where the 500 comes from in your case. I see a 406 because there is no JSON converter for the access token (Spring used to register one by default for Jackson 1.* but now it only does it for Jackson 2.*). You token endpoint works for me...

Is using a SSO Assertion (JWT or SAML) For OAuth Assertion Flow Common?

oauth,oauth-2.0,single-sign-on,saml,jwt

We use the Salesforce endpoints extensively for token exchange and do exactly what you are trying to do. Other systems have conceptually similar, but slightly different implementations, returning different forms of access_token (e.g. SAP, AWS are 2 good examples). All these are following a model in which they are the...

Ouath2 Google Meteor

meteor,oauth,meteor-accounts,service-accounts

Check your settings for the api key in the Google developer console, to make sure you've added http://localhost:3000/ to the authorized origins and http://localhost:3000/_oauth/google and http://localhost:3000/_oauth/google?close to your authorized redirect urls.

Android OAuth implementation makes receiving share activity stop

android,android-activity,oauth,android-sharing

Good news! I was able to solve this issue. All this time I thought that it had to do with passing the correct Intent flags when starting the receiveSharedDataActivity. Silly me... The problem was that my receiveSharedDataActivity had the noHistory:true parameter set in the AndroidManifest.xml. I needed this because obviously...

trouble using AFOAuth2manager to generate HTTPSOauthToken

ios,oauth,woocommerce,afoauth2client

try this NSURL *baseURL = [NSURL URLWithString:urlString]; AFOAuth2Manager *oAuthManager = [[AFOAuth2Manager alloc] initWithBaseURL:baseURL clientID: keyClientID secret:keyClientSecret]; [oAuthManager authenticateUsingOAuthWithURLString:@"/oauth/token" username:myUserName password:myPassword scope:@"email" success:^(AFOAuthCredential *credential) { NSLog(@"Token: %@",credential.accessToken); //Authorizing requests AFHTTPRequestOperationManager *manager = [[AFHTTPRequestOperationManager alloc] initWithBaseURL:baseURL];...

Facebook not always asking user for extended permissions

facebook,facebook-graph-api,oauth,permissions

You cannot ask other users than the app's admins/testers/developers for extended permissions until these have been granted to your app during the Login Review process. I suspect that you didn't received the permissions yet. See https://developers.facebook.com/docs/facebook-login/review/what-is-login-review ...

OVH API Authentication with powershell

powershell,oauth,ovh

I think you 've forgoten to prepend $1$ to the signature. "$1$" + SHA1_HEX(AS+"+"+CK+"+"+METHOD+"+"+QUERY+"+"+BODY+"+"+TSTAMP) ...

Can I associate a user's account with an action to the drive API?

javascript,oauth,google-drive-sdk,google-spreadsheet,google-oauth

The short answer is no. You'll be using the spreadsheets API (NOT the Drive API) to update the sheet.As far as Google is concerned, the "user" is your application, regardless of which human was driving the application at the time. Your application knows who the human is, and so it...

Jira Oauth: 401 Unauthorized in PHP oauth_problem=“signature_invalid”

php,oauth,jira,jira-rest-api

I am providing different Public key in Jira and in Application. After correction this issue it runs great.

How to share developer account at LinkedIn

oauth,oauth-2.0,linkedin

As I understand your question, I hope you're looking for following. Goto https://www.linkedin.com/developer/apps and select the app you want to make them administrator. Then select 'Roles' from the left menu and set them as administrator....

When to refresh token?

rest,authentication,oauth,lync,ucwa

The response from ticket service will provide the user with the OAuth token, type of token, and an expiration value. This value is measured in seconds which means you can divide out minutes (60) or hours (3600) to get a value that you can expect requests to start failing with...

ASP.NET Web API social authentication for Web and Mobile

c#,android,asp.net,asp.net-web-api,oauth

I've successfully done this very task within my own ASP.NET MVC application using ASP.NET Identity, but then hit the issue you mention: I need this to work using Web API as well so that my mobile app can interact natively. I was unfamiliar with the article you linked, but after...

Python gdata API returning empty data with oauth2

python,google-app-engine,oauth

I sorted this out. There were a few things I had to do differently: Download the private key from Google as a p12 file. Convert the .p12 file I downloaded from Google into a pem file with the following command. The default password is 'notasecret'. openssl pkcs12 -in key.p12 -nodes...

Access a Google Drive spreadsheet in Ruby on Rails

ruby-on-rails,ruby,oauth,google-api

I managed to get an answer on Reddit. You need a Service Account and to share the document with your service app's email. The p12 key has to be stored somewhere as well. @email = "[email protected]" @key = "path/to/key.p12" key = Google::APIClient::KeyUtils.load_from_pkcs12(@key, 'notasecret') auth = Signet::OAuth2::Client.new( token_credential_uri: 'https://accounts.google.com/o/oauth2/token', audience: 'https://accounts.google.com/o/oauth2/token',...

Apache Oltu Github integration example with Spring MVC

oauth,oauth-2.0,spring-security-oauth2,oltu

Attached is the screen shot to register the "App" on Github. "MyApp" is the App that I created. Use the same code from http://www.jasha.eu/blogposts/2013/09/retrieve-facebook-profile-data-java-apache-oltu.html, just make sure to change the AUTHORIZATION_URL = "https://github.com/login/oauth/authorize"; ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token" To get Protected Resource like User Profile use: https://api.github.com/user The output I get when...

authorization code for Github API used in R

r,oauth

The authorisation code is the code that github supplies after a correct OAuth 2.0 'dance' (to use Hadley Wickham's term). The easiest way of doing this is to use httpuv (install.packages("httpuv")). With that installed, a local webserver is setup on port 1410 and provided you've setup your github application appropriately...

OAuth2 “client credentials” grant: remote IP check?

oauth,oauth-2.0

That's certainly a valid approach but binds the token tightly to the network layer and deployment which may make it difficult to change the network architecture. The way that OAuth addresses your concern is by the so-called Proof-of-Possession extensions https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture. It may be worth considering implementing that: even though it...

How to remove OAUTH_PROVIDERS in Spree Social plugin

ruby-on-rails,oauth,spree,class-eval,spree-auth-devise

SpreeSocial::OAUTH_PROVIDERS is going to be redefined when the code initializes the application so just using pop won't be sufficient. Since SpreeSocial is a module not a class you'll need to either: 1) Use a module_eval not a class_eval to redefine the SpreeSocial::OAUTH_PROVIDERS SpreeSocial.module_eval do OAUTH_PROVIDERS = [ %w(Facebook facebook true),...

angular-ui replace'?' with '#' on redirect from facebook oauth

angularjs,facebook,facebook-graph-api,oauth,angular-ui-router

You can add this resolve function to your state, which will replace a hash url with the query string url: resolve: { 'urlFix': ['$location', function($location){ $location.url($location.url().replace("#","?")); }] } So a url of /fbauth#access_token=123456&code=abcde&expires_in=99999999 would be redirected automatically Becoming /fbauth?access_token=123456&code=abcde&expires_in=99999999 $stateParams would be populated correctly. The value would be {access_token: "123456",...

Tumblr Feed using AngularJS and OAuth.io

angularjs,oauth,tumblr,oauth.io

You have to use $scope.$apply() after modifying the scope in an async function (callbacks/promises) to bind the new value in the view: angular.module('instafeed') .controller('ShowTumblr', function($scope){ var endpoint = 'https://api.tumblr.com/v2/user/dashboard'; OAuth.initialize('[oauth.io key]'); OAuth.popup('tumblr', {cache: true}).done(function(result) { result.get(endpoint).done(function(data){ $scope.posts = data.response.posts; $scope.$apply(); }); }); }); Take a look at this working exemple:...

Authenticating mobile app login using webservice using oauth connection

php,android,api,authentication,oauth

Yes, you are on the right track to some extent but let me suggest a way which is used in the industry for a while now. 1st read question and answer to get the basic idea of how it should be done. How to implement 'Token Based Authentication' securely for...

How do I Login to WeldPad Using FB user?

javascript,oauth,polymer

Here are the steps you should follow in order to support oAuth with FB. 1. create a facebook app. https://developers.facebook.com/apps In the website section add your website in my sample http://weldpad.com/ This section define the permitted domain for using the FB Connect. Add the following code: <!-- Polyfill Web Components...

Electron & ReactJS, Use BrowserWindow for GitHub oAuth authentication

oauth,callback,github-api,electron

So what I was missing was the right event. The correct approach is: // Build the OAuth consent page URL var authWindow = new BrowserWindow({ width: 800, height: 600, show: false, 'node-integration': false }); var githubUrl = 'https://github.com/login/oauth/authorize?'; var authUrl = githubUrl + 'client_id=' + options.client_id + '&scope=' + options.scopes;...

Dotnet open auth with Facebook and Email/Password login with aspnet_membership tables

oauth,asp.net-membership,dotnetopenauth

First of all, you should not alter aspnet_membership table. If so, underlying store procedures will stop working. Instead, you want to create a new table with UserId as primary key, and make one-to-one relationship with aspnet_membership table. FYI: the ASP .Net Membership Provider you are using is more than 10...

How to get questions using StackOverflow API V 2.2 in PHP

php,oauth,stackexchange-api

Assuming that you have registered your application. Go to Manage your applications from here http://stackapps.com/apps/oauth Enable Client side flow within App settings. Now as you want to create Desktop application, following are steps: First you need to get Access Token by redirecting user to this link: https://stackexchange.com/oauth/dialog?client_id=[YOUR_APP_ID]&scope=private_info&redirect_uri=https://stackexchange.com/oauth/login_success You (as a...

Using 3scale with shared OAuth authorisation server

api,oauth,openid-connect,3scale

TL;DR: Use the 3scale API call to store access_tokens so they will be honoured by 3scale: https://github.com/3scale/nginx-oauth-templates/tree/master/oauth2 curl -X POST "http://su1.3scale.net/services/<SERVICE_ID>/oauth_access_tokens.xml?provider_key=<PROVIDER_KEY>&app_id=<CLIENT_ID>&token=<TOKEN>&ttl=<TTL>" 3scale provides a number of API calls to manage access tokens, this includes storing as well as deleting access tokens. You can find a list of these API calls...

Providing login_hint option for Google Oauth2 redirect

oauth,google-api,google-oauth

You should pass the variable to state. In the callback argument, you can parse your variable from state argument. For example, https://accounts.google.com/o/oauth2/auth?scope=email profile&state={"user_id": 1}&redirect_uri=http://localhost&response_type=code&client_id=xxxxxxxx.apps.googleusercontent.com&approval_prompt=force The callback url will be http://localhost/code?state={"user_id": 1}&code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7...

invalid_grant error while getting access token via OAuth 2.0

python,python-2.7,oauth,oauth-2.0

The redirect_uri used in the redirect to the authorization endpoint differs from the one that you use in the login function that exchanges the code at the token endpoint. As the docs at http://developer.runkeeper.com/healthgraph/getting-started ("Connect your Application to a User's Health Graph Account", bullet 3.) stipulate, it should match exactly:...

Accessing Calendar, Mail and Contacts of an OAuthenticated user

oauth,ews,azure-active-directory

You have a choice: Call the separate service apis - Your problem is that you acquired a token to call AAD, and then tried to use that to call Outlook - you need to make a separate call to acquire a token for outlook.office365.com through ADAL or through the token...

Does “authenticate with facebook” require a facebook-server to send data directly to my server?

facebook,facebook-graph-api,oauth,oauth-2.0

Will i be able to test/develop the "authenticate with facebook" in this environment? Yes, that should be no problem. (Done it lots of times myself already.) Most of the login flow happens inside your browser anyway. And when it comes to the part of exchanging the code parameter you...

Deploy to heroku without redirecting to localhost with passport callback

facebook,heroku,oauth,callback,passport-facebook

Did you add the callback URL to the app's settings? You have to add the site URL as that in the facebook developer app settings for it to allow facebook to make callbacks to any particular website. Should be under either basic settings on site URL or advanced settings on...

Linkedin API - get full data

php,api,oauth,linkedin

LinkedIn provided all these fields before May 12th 2015. https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,picture-url,industry,associations,interests,num-recommenders,date-of-birth,honors-awards,three-current-positions,three-past-positions,volunteer,location," + "positions:(id,title,summary,start-date,end-date,is-current,company:(id,name,type,size,industry,ticker))," + "educations:(id,school-name,field-of-study,start-date,end-date,degree,activities,notes)," +...

Google API OAuth 2.0 Service Account C# First time vs every day use

c#,oauth,google-api,service-accounts

As I've commented, the article "Using Google Drive API with C#" part 1 and part 2, shows how to store the refresh token and use it to authenticate in the name of app. It's also warning about the limitations of the service account, in many cases "useless" as you said....

How to debug a script put in module's config?

angularjs,oauth

Use your browser's built-in debugger. Chrome: https://developer.chrome.com/devtools/docs/javascript-debugging Firefox: https://developer.mozilla.org/en-US/docs/Tools/Debugger Firebug: http://getfirebug.com/javascript IE: https://msdn.microsoft.com/en-us/library/gg699336%28v=vs.85%29.aspx ...

OAuth 2.0 resource owner access token implementation

php,authentication,oauth,oauth-2.0

My overall comment would be that you should not use the Resource Owner Password Credentials grant to achieve what you want but the Authorization Code grant. That would allow you to upgrade your means of authentication independently of the Clients (applications) and achieve SSO as well. It is not the...

How do I assign Instagram redirect uri in python social auth? [duplicate]

oauth,python-social-auth

As was suggested by @Wolph it is better to change the redirect uri within my instagram developer account to match the endpoint of python social auth. So, http://localhost:8000/complete/instagram helped....

jshint and variable names out of my control

javascript,angularjs,oauth,jshint

var OAUTH_TOKEN = 'oauth_token'; var oauthToken = $location.search()[OAUTH_TOKEN]; Ofc choose a more appropriate name for the variables...

OAuthException: No token available when using Gunicorn and Flask

python,oauth,flask,gunicorn,digital-ocean

Turns out that requesting the access token before requesting data from Facebook solved the problem. So my authorized method should look like this: @app.route('/login/authorized') @facebook.authorized_handler def authorized(resp): if resp is None: return 'Access denied: reason=%s error=%s' % (request.args['error_reason'], request.args['error_description']) session['oauth_token'] = (resp['access_token'], '') me = facebook.get('/me') picture =...

How to wrap oAuth headers in clj-http?

oauth,clojure,twitter-oauth,clj-http

I've had difficulty in the past trying to use clj-oauth (mostly because of my own understanding of clojure) but I found twitter-api pretty straightforward to use. It makes use of clj-oauth internally.

What is the simplest example of Spring OAuth2 with Java configuration?

java,spring,oauth,spring-security,oauth-2.0

This one the best I ever found https://github.com/spring-projects/spring-security-oauth/tree/master/tests/annotation

Google api oauth prolog

oauth,google-api,prolog,swi-prolog

Okay finally worked this step out. If anyone is interested: Using status_code(_ErrorCode) seemed to resolve the problem with streampair and I needed to set redirect_uri='postmessage' for the request to work. I also used http_open rather than http_post. :- use_module(library(http/thread_httpd)). :- use_module(library(http/http_dispatch)). :- use_module(library(http/http_error)). :- use_module(library(http/html_write)). :- use_module(library(http/http_session)). :- use_module(library(http/js_write)). :-...

How to set new session id after getting access token in OAuth 2.0

oauth,salesforce,access-token

The client can handle this by having some logic for handling a request to the Salesforce API which fails with an Unauthorized response. When an Unauthorized response is received the client can ask your web server for a new access token / session id. Alternatively you'd have to use WebSockets...

Authentication in ASP.NET 5 (vNext)

asp.net,oauth,asp.net-5,asp.net-mvc-6

Microsoft.AspNet.Authentication.OAuth Allows 3rd party Identifiers (e.g. Google, Facebook) to authenticate users for you, saving your users the annoyance of registering. Allows other apps to use your application for Authentication Once your users are Authenticated by a 3rd party, the OWIN middle-ware reads their OAuth cookie and creates a domain specific...

Google OAuth service redirects to URL with a # sign at the end

php,url,oauth,google-oauth,fragment-identifier

There's nothing wrong with your redirect URL or client side code. This is something that Google recently added but should be of no concern to you, see also: Google OAuth code appends extra "#" in response and # added to Google+ OAuth 2.0 callback URL

How can I instantiate Ruby's RestClient?

ruby,rest,oauth,rest-client

I would go with preparing a hash url_regexp ⇒ access_token and generic add_before_execution_proc: @access_tokens = { /google/ => ..., /msoft/ => ... } RestClient.add_before_execution_proc do |req, params| token = @access_tokens.detect { |req_rex, token| req_rex =~ req }.last token.sign!(req) unless token.nil? end Of course the check should be done carefully, probably...

Spotify Web API - Client Credentials - Accessing a users playlists

php,api,oauth,spotify

First question, is it possible to get a users playlist tracks using client credentials flow? Yes, retrieving tracks for a playlist doesn't require user authentication as part of the access token. I've also tried creating the API variable using $api = new SpotifyWebAPI\SpotifyWebAPI(); but this says I need user...

Bearer token in MVC controller to access Web API

asp.net-web-api,oauth,oauth-2.0,bearer-token

OAuth flow for server to server: your web server connects to your Authorization server (AS, included in the Web API host, in this case) with a shared secret the AS (web API) returns the token to your web server the web server stores the token to use it on the...

managed paypal accounts with least friction?

python,paypal,oauth,payment

PayPal doesn't have a way for people to sign up entirely through your site, although there are some ways to facilitate the process. You'd probably have to call PayPal to get access to some of those as they are aimed primarily at larger businesses. However, don't neglect the easy/automatic assistance...

Laravel 5 Session variables not persisting after redirects Twitter OAuth

php,session,laravel,twitter,oauth

Issue was in config/session 'driver' => env('SESSION_DRIVER', 'file') env 'SESSION_DRIVER' was empty, changing the line to: 'driver' => 'file' Solves the problem and now session variables persist on redirects....

Authentication Issue with WP-API and Net::Http

ruby,wordpress,oauth,wordpress-plugin,net-http

I simply install this basic_auth plugin in my Wordpress site. First, I download the zip file from this link Now extract it to /content/plugins folder in your project directory Activate this plugin from your wp-admin interface. Now I use the following code snippet for authentication uri = URI.parse("http://vagrant.local/wp-json/wp/v2/posts") http =...

how to access end user context on resource server

api,security,oauth,openid

Yes, that is possible and no - you won't be violating the OAuth standards. Reason: Validation of tokens (exchange of information between the authorization server and the resource server is out of the scope of OAuth spec). Quoting from OAuth 2.0 Token Introspection Since OAuth 2.0 [RFC6749] does not define...

gspread/OAuth2: authenticated default gmail account (used early in ClientLogin)

oauth,oauth-2.0,google-oauth,google-spreadsheet-api,gspread

It seems that code from EDIT works. Thus, this is working solution: I've followed this tutorial: http://www.indjango.com/access-google-sheets-in-python-using-gspread/ But I modified code from point 1.2: http://www.indjango.com/access-google-sheets-in-python-using-gspread/#comment-2026863410 The only problem is that Google Sheets API returns only 500 results (thus, if using gspread when you have more spreadsheets that are not among...

Twitter's live streaming API unauthorized(android)

android,twitter,oauth,twitter-streaming-api

Problem solved. Here is the modified code: protected Integer doInBackground(Integer... params) { try { DefaultHttpClient client = new DefaultHttpClient(); OAuthConsumer consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET); consumer.setTokenWithSecret(ACCESS_TOKEN, ACCESS_TOKEN_SECRET); HttpGet request = new HttpGet(); request.setURI(new URI("https://stream.twitter.com/1/statuses/filter.json?track=" + mSearchTerm)); consumer.sign(request); HttpResponse response = client.execute(request); InputStream in =...

PingFederate OAuth validate access token using Apache Integration Kit

oauth,pingfederate

You cannot use the Apache Integration Kit (OpenToken) to validate Oauth Tokens. They are completely different token types and formats. However, Hans Zandbelt (from Ping Identity) actually wrote the mod_auth_openidc you link to and per its description, it does the following: "It can also function as an OAuth 2.0 Resource...

Azure Active Directory Login: Web App Permissions, User Consent not triggered

azure,oauth,active-directory,azure-active-directory

If an admin creates an application in their tenant, and requests permissions to other applications, then users in that same tenant are pre-consented for that application. I believe this is why you are not seeing the consent dialogue when user's in your tenant are signing into your application. If you...

Create OAuth Signature with HMAC-SHA1 Encryption returns HTTP 401

c#,.net,http,oauth,hmac

It looks like you should sort parameters alphabetically in Header string and within GetSignatureBaseString method as described in this comment and Twitter OAuth documentation

OAuth HwioBundle, different socialNetWork

php,symfony2,oauth,hwioauthbundle

If user's email is similar in both social accounts, you can use email field to identify user. You should create user provider class. If user with provided social token won't be found in database, user provider will try to find user by email and add new social token for specified...

How do I customize and use Phirehose functions?

php,twitter,oauth,stream,phirehose

To stop after 100 tweets, have a counter in that function receiving the tweets, and call exit when done: class FilterTrackConsumer extends OauthPhirehose { private $tweetCount = 0; public function enqueueStatus($status) { //Process $status here if(++$this->tweetCount >= 100)exit; } ... (Instead of exit you could throw an exception, and put...

Why isn't my Azure Website accepting OAuth tokens?

azure,oauth,claims-based-identity,azure-active-directory

So it turns out that I was using the Uri class to validate the App ID URI. Problem is, it adds a trailing slash onto to the end, which causes problems. As soon as I started using the string class to store the App ID URI, it was fine. So...

Google API Exception “invalid_grant” in DEVs GlassFish but not in Local

java,oauth,google-api,glassfish

Solved it by the answer on this post: Invalid grant when accessing Google API The problem was that the server's clock was not synchronized with NTP. That was it......

[OAuth2 authorization server]refresh token's expire time need different with access token?

asp.net,oauth,oauth-2.0,owin

That's true: refresh tokens issued by the OAuth2 authorization server built in OWIN/Katana always have the same expiration date as access tokens ; even if you specify an explicit ExpiresUtc property in AuthenticationProperties when you call IOwinContext.Authentication.SignIn(identity, properties) https://github.com/yreynhout/katana-clone/blob/master/src/Microsoft.Owin.Security.OAuth/OAuthAuthorizationServerHandler.cs#L333 That's not really convenient for the reasons @Hans mentioned but you...

RESTful API: how to securely store bearer API tokens?

api,rest,github,oauth,token

I don't see the problem here, so I think I am misunderstanding something in your question. Here is what I think you are asking, please correct me where I am wrong: Your only requirement for the authentication is that it is stateless. Specifically, using OAuth is not a requirement. The...

IOS LinkedIn API error

ios,oauth,linkedin

May this information help you - API Terms of Use Transition Guide...

why android g+ revokeAccessAndDisconnect still keep my g+ permission

android,oauth,google-plus

I found my answer buildGoogleApiClient should be private GoogleApiClient buildGoogleApiClient() { return new GoogleApiClient.Builder(this) .addConnectionCallbacks(this) .addOnConnectionFailedListener(this) .addApi(Plus.API, Plus.PlusOptions.builder().build()) .addScope(Plus.SCOPE_PLUS_LOGIN) .addScope(new Scope("email")) .build(); } ...