Questions tagged [oauth-2.0]

OAuth (Open Authorization) is an open protocol framework to allow secure API authorization in a simple and standardized way for desktop, mobile and web applications. OAuth 2.0 is the second version of the OAuth protocol.

0
votes
0answers
5 views

Integrating Zuul and Oauth2client

I want to implement the following design using Zuul and Spring OAuth2: UI --> token A --> Zuul --> token B --> multiple services To summarize - one OAuth2 token allows communication with Zuul, a ...
0
votes
0answers
6 views

API Automation Testing using Katalon Studio- automate the process of OAuth 2.0 authorization token generation

I have started using Katalon-Studio for API Automation testing. I want to automate the process of OAuth 2.0 authorization token/barear token generation and then update it to HTTP Header instead of ...
0
votes
0answers
11 views

Oauth2 server return invalid_grant how do I fix?

I am setting up an Oauth2 server and using the authorization code grant flow. I am using the sample server from here github.com/authlib/example-oauth2-server. After returning the authorization code, I ...
0
votes
0answers
20 views

How to deny ASP.NET Core Identity social registration by claim

I'm using an OAuth social login with ASP.NET Core Identity and want to only accept new registrations for users with a specific claim, but cannot find a way to do this. I realise I can use Claims-...
0
votes
0answers
14 views

AWS Alexa skill linking with oauth 2

Hello to all I am new in AWS Alexa, i have a work to Alexa Skill account linking using PHP with oauth 2.0. I have successfully configured all and also get code for Auth Code Grant but when i run my ...
0
votes
0answers
13 views

Why does SerializeTicket() return token with all scopes that resource allows for client

Using AspNet 4.6.2 to generate access tokens, using any Auth flow (have tried Code Flow, Implicit Flow, Client Credentials Flow), using the AuthenticationTokenCreateContext class from Microsoft.Owin....
0
votes
0answers
5 views

OAuth2 Youtube Scope just for comments, likes and and subscribing

I'm creating an app that have some youtube features that should allow users to post comments on videos (and edit/delete their own comments), like videos and subscribe to channels. I already ...
0
votes
1answer
11 views

Setting up OIDC via Auth0 for a web site that is hosted on customer networks

As part of a process to update/secure/centralize our auth and licensing process, we are looking at using OIDC via Auth0. Part of our package is a web site that is typically hosted on customer networks....
0
votes
0answers
16 views

Android authentication on Keycloak with identity providers like Google and Facebook

I am creating a native android application and I am using keycloak authentication, because my web app and my API is already configured with keycloak. I setup Facebook and Google as identity providers ...
0
votes
1answer
15 views

Get request for bearer token

The object is to recieve a bearer token from the requested API. I was able to complete this using postman but would like to implement into my app. I have attempted many different variations of calls ...
0
votes
0answers
15 views

Authenticating daemon API calls

i'm building a monitoring web app. The app will show information about the user's system, to achieve this i'll be making API calls every x seconds through a daemon process that will be installed by ...
0
votes
0answers
6 views

Implementing python script using djangorestframework for makin an api for fitbit using oauth2

I need to implement my python code for making an Api on fitbit using Oauth2 i need all codes please help me with it code on views.py and what else is use using python script in pycharm with django-...
0
votes
0answers
7 views

Google Oauth recognizing G-Suite account

I am trying to add Google Sign In to my application. I want to limit who can sign in to a list of allowed companies (ie. a company that has a billing account with me). I intended to do this by ...
-1
votes
0answers
12 views

multiple authentication logics for saml authenticated users and none authenticated users [on hold]

I need an complete example to develop following requirements: I have alredy developed an auth server and implements sso among 3 portals using session(cookie) based authentication.it need to access by ...
0
votes
1answer
29 views

Excel web addin authentication for AppSource

I am building an Excel Web Addin. I'll need to authenticate the user against Office 365 and publish the addin to AppSource / Office Store. What is the ideal authentication method to use? I found ...
0
votes
1answer
23 views

API request for LinkedIn user data always returns 401

I am building back-end(API) of mobile application on asp.net core. Using swagger for visualization of API calls and so on. Currently I am creating external authentications, I have some problems with ...
0
votes
3answers
27 views

How can we integrate identityserver4 and web api in the same project(port) instead of creating different projects for each?

Couldn't configure the identityserver 4 authorization and bearer token authentication middleware in the same project.
-1
votes
0answers
11 views

What is the need of client secret?

I am using following google sign-in flow in my react + sprint-boot application : 1) User clicks google sign-in button and front end gets authorization coe (not token) using client id. 2) Backend ...
0
votes
1answer
19 views

Laravel Passport custom validation for any /oauth/token request

I need to validate extra fields in my users table before i create the requested tokens, but i can't find a simple way to do it with Passport. I find similar workarunds which returns a token using $...
1
vote
0answers
16 views

Making External API calls from nodejs that has OAuth2.0 set up

So I want to get data from Dynamics 365 CRM store it on my MongoDB through a NodeJs server, process it, and send it to a completely different system. Dynamics 365 CRM has OAuth2.0 to give access to ...
0
votes
0answers
21 views

keycloak - dynamic roles based on scope

I have some REST services that are protected with keycloak utilizing OpenID I will expose my services to other systems of my company. We need to use an existing user profile system that is made with ...
0
votes
0answers
23 views

Where in 'spring-security-oauth2' to set the 'error_uri' parameter

In case of an error of access to a specific URL, I want to pass additional information for the user application to 'error_uri'. The OAuth 2.0 specification describes the errors returned by the ...
2
votes
0answers
53 views

HazelCast session sharing between Zuul API gateway and Resource servers

SCENERIO I have Zuul Server as API gateway, Identity Server with Oauth2, ResourceServer1 and ResourceServer2 in sample ZuulServer, ResourceServer1 and ResourceServer2 have a distributed session with ...
0
votes
0answers
24 views

Getting a “404” when trying to send a request to a RESTful API

I'm attempting to create a Flask application in Python that communicates with a RESTful API that uses OAuth2.0, but I'm having trouble sending requests. I'm successfully getting an access token from ...
0
votes
1answer
10 views

How can I specify localhost loopback redirect_uri for Native application for Microsoft OAuth2 provider?

I have the code which authorizes at https://login.live.com/oauth20_authorize.srf endpoint. Parameters of the call: "client_id=" + ClientID + "&scope=" + someScopes + "&response_type=code&...
0
votes
0answers
21 views

How to configure AudienceRestriction for AWS SAML endpoint in Keycloak

We are mapping Keycloak roles to AWS roles within our SAML client via a custom SAMLAttributeStatementMapper and have successfully been able to generate a valid SAML response via Keycloak. In order to ...
0
votes
0answers
23 views

OAuth2 Server to Server Expiring Token

We are using OAuth2 to validate our server to server interactions. The Grant Type is Client Credentials. If I have Service1 running on ServerA all is well - when the token is about to expire it ...
-1
votes
0answers
27 views

How can I to set up a custom external authentication service with ASP.NET Web API (C#)? [on hold]

The problem: I'm trying to set up authentication with an external authentication service. I want to use Teamleader as a service but have never done this before. Can anyone please show me or send me ...
-3
votes
0answers
23 views

What I choose between asp.net identity vs firebase authentication

I am developing a large astrology application. where my API will be used for the web as well as a mobile app. I have to secure my all API with a token. Now I have to implement authentication module ...
0
votes
1answer
24 views

Unable to understand requirement of passport.initialize() middleware

I have defined a route 'auth/google' which is responsible for logging into app with google.Consent Screen appears for signin(no passport.initialize() required).I have defined callback Url as 'auth/...
0
votes
0answers
15 views

Authlib OAuth2 Server allows using a revoked refresh token

Using OAuth2 Server based on OAuth2 Server Example The server's behavior around token revocation seems weird. If the client revokes a refresh token and then requests a new access token using that ...
0
votes
1answer
21 views

How to gain an Access Token

I am lost, I have no idea what should I do to get the access token. This is the code that I have tried, please help, please! This is for Oauth2.0 token, and the API is Ocotoparse. from octoparse ...
0
votes
0answers
7 views

Should I use oauth if my Resource Server and Authorization Server are both my application's backend?

Oauth specifies a Resource Owner, Resource Server, Client, and Authorization Server. In my case, the Resource Owner is the user of my app, the Resource Server is my app's backend, the Client is the ...
0
votes
1answer
6 views

deliver token manually (in addition to the owin configuration way)

I have actually an asp.net website application, that can deliver token to an user with the following way : the user logs into the application, go to a specific page and obtains a clientid and a ...
0
votes
0answers
17 views

Is there a way to programatically login to using AzureAD with Cypress on PKCE flow?

I want to athenticate myself (React application) using cypress.js (https://www.cypress.io/). Is there a way to do it programatically with PKCE? As i was reading and looking into all examples - all of ...
0
votes
0answers
17 views

Get access token from Azure AD using Password grant for Automation Testing

I have a Function App hosted in Azure that uses AAD for authentication with approles defined in the app registration. The users are created in on-prem AD and synced to Azure AD. Then they are assigned ...
1
vote
0answers
18 views

How to add custom logic for authorizing and authentication in OAuth2.0 with Spring boot?

While authorizing and generating access token using OAuth 2.0 implemented with Spring boot.. we implement UserEntity with UserDetails in which we return respective fields from methods getUsername() ...
0
votes
0answers
12 views

Laravel 5.4 : oauth / oauth2 passport understanding issue

Currently I was install laravel 5.4.36 now it is working fine but i have some confution about table structure,execution & flow. I was ref: https://medium.com/modulr/create-api-authentication-...
1
vote
0answers
35 views

Can i authenticate to Azure Devops while running a python script without a user?

I am writing a python script to create a user in Azure DevOps. For that first, I need to authenticate with Azure DevOps. These are my concerns: 1) I used Azure DevOps python client API (which is ...
0
votes
0answers
24 views

Unable to call nuxeo rest api from rest client when integrated with Keycloak authentication plugin

I wanted to integrate keycloak as authentication plugin for nuxeo platform both running on my local machine Set up details Nuxeo platform version: 10.10 (runs on tomcat 9) Keycloak version: 6.0.1 ...
0
votes
2answers
27 views

How to get only the access token in this string?

{"access_token":"OeB89uEWZZzLPLMIsVBvJtIlnObM1sX7NNNWqwtjdzI.8LlxO2skN028HmcMw8F_BDiqEj9kDRfdVWc9f02WmiY","expires_in":43199,"scope":"","token_type":"bearer"} How to access only access_token from it ...
0
votes
0answers
32 views

Google Sheets API v4 with oAuth 2.0 server to server authentication using a service account in javascript

I searched everywhere and can't find an example to follow. I have a private google sheet. I use the data from the google sheet to populate various charts using Google Visualization API on a simple ...
0
votes
0answers
8 views

Single OAuth2 client with two difference Resource Servers

I'm a little new to OAuth2. And wanted clarity on a roadmap we were looking at. We have a resource-server-1 endpoint with auth-server in a particular cloud instance (AWS) The OAuth2 clients login ...
0
votes
1answer
42 views
+50

OAuth2 with Angular and reactive Spring Security

I am trying to implement a social login with VK for my Angular app and Spring Webflux back end. At the moment I have an endpoint on back end to serve user info: localhost:8080/people/me. I tried to ...
0
votes
0answers
18 views

Oauth2 check token and request user

I have a security problem with spring oauth2, I am generating a jwt access token for every user and using check token for the resource server correctly. it's there any way to validate the userId in ...
0
votes
0answers
21 views

Avoiding OAuth2 authorization for users for insert event to google calendar

I need to insert an event with parameters into Google calendar, but I am prevented by an authorization error. How can I avoid this mistake? Through POST request or something else? Found the answers in ...
0
votes
0answers
15 views

Invalidate facebook cached credentials

I am building an app where I use social media login. The app is built using react. I am using https://www.npmjs.com/package/react-facebook-login this library to login to facebook. After I login I ...
1
vote
1answer
11 views

JWT: Multi client auth server, stopping the use of jwt's between different clients?

Can anyone help ? I have a multi client auth server, its job is to create JWTs for a specific client (client being a service or app). Each client (service) has a clientID and ClientSecret. The auth ...
0
votes
1answer
32 views

Separating OAuth2 Authorization Server and Resource Server

I implementing OAuth2 Authorization Server and Resource Server. and there are many documents told me 'Authorization Server and Resource Server can be Separated or not' i like MSA, so i decided ...
-1
votes
0answers
27 views

Which oauth2 grant type to use for my application [closed]

I implement a software which is secured over oauth2. I used the grant type "client_credentials" but now I found out, that this grant type is not supporting refreshToken. It is a simple application. ...