w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Spring OAuth2 - Manually creating an access token in the token store
Here it is, your use case may differ slightly based on the flow you are using. This is what works for a password grant flow. There are a few custom class like token store, token enhancer ect. but that is really just extended versions of the spring classes modified for our own needs. HashMap<String, String> authorizationParameters = new HashMap<String, String>(); authorizationParameters.put("scope", "read"); authorizationParameters.put("username", "mobile_client"); authorizationParameters.put("client_id", "mobile-client"); authorizationParameters.put("grant", "password"); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest(authorizationParameters); authorizationRequest.setApproved(true);

Categories : Java

Is the scope of an oauth2 access token bound to the token or the user?
It sounds like your implementation is not quite complete. The client app is requesting a resource on behalf of the resource owner. When the resource server receives a request with an access token, it should check that (1) the token is valid and not expired, (2) the requested resource is within the scope the token was granted for and (3) the resource owner can access the requested resource. For #1, the authorization server will need to keep track of all tokens and when they expire. For #2, the authorization server will have to remember the scope for each token and be able to relate a particular resource to a scope. The resource server should know how to check #3. To answer your question "Is the scope of an oauth2 access token bound to the token or the user?", the scope is associated wi

Categories : Dotnet

Obtaining an access token in OAuth2
If you have to use this API then you should use POST version of AQuery and pass the POST parameters properly as below. This API OAuth2ForDevices is meant for resources constrained devices where the user has another way of authorizing your app. params.put("scope", "your scopes"); params.put("client_id", "your client id"); AQuery aq = new AQuery(activity); aq.ajax("https://accounts.google.com/o/oauth2/device/code", params, JSONObject.class, new AjaxCallback<JSONObject>() { @Override public void callback(String url, JSONObject traffic_flow, AjaxStatus status) { publishProgress(traffic_flow.toString()); } }); However, if your requirement is to use regular OAuth2 with Android on say an Android phone with regular input capabilities th

Categories : Java

oauth2.0 how to pass access token
With OAuth, the token is generally passed in the request headers. You may wish to try something similar to the following, for both POST or GET: POST: curl http://api.localhost/write -H 'Authorization: Bearer ACCESS_TOKEN' GET: curl http://api.localhost/read -H 'Authorization: Bearer ACCESS_TOKEN' The value part of the Authorization key/value pair can vary by REST service provider. With Github, for instance, the header key/value pair looks like this: curl -H "Authorization: token your_token" https://api.github.com/repos/user/repo You may need to consult the webservice provider docs for details.

Categories : Http

get user by access google oauth2 token
I found the solution with calling url to google api. public UserInfo login(String token) { String json = getJsonDataFromUrl("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token); UserInfo userInfo = new UserInfo(); Gson gson = new Gson(); try{ userInfo = gson.fromJson(json, UserInfo.class); userInfo.logined = true; HttpSession session = getRequest().getSession(); session.setAttribute("userKey", userInfo.encodedKey); }catch (Exception ex){ log.log(Level.WARNING, ex.getMessage()); throw ex; } return userInfo; } private String getJsonDataFromUrl(String aurl){ String json = ""; try { URL url = new URL(aurl); BufferedReader reader = new BufferedReader(new InputStreamReader(url

Categories : Google App Engine

Error fetching OAuth2 access token, message: 'invalid_request
I encountered this problem myself. As it turns out, I wasn't consistent in de construction of the client. Make sure that your redirect uri does not include the returned query string containing the authentication code! For example this will not work: $client->setRedirectUri('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); REQUEST_URI will be different when the user returns from Google.

Categories : PHP

Is there any OAuth2 module for Node.js that offer access token validation without an extra server call?
I'm not clear on what you mean by wanting to find a node module (all of which are essentially 3rd party API's) that provides OAuth2 client capability that will work against facebook and twitter without an extra server call. However that being said, you might look at these: https://github.com/ciaranj/node-oauth https://github.com/lexer/node-oauth2 https://github.com/coolaj86/node-oauth2-examples https://github.com/AF83/oauth2_client_node And since Node.js is javascript, you can wrap up regular javascript written for client-side browsers provided you simulate the necessary browser environment elements expected by the client-side javascript. Your question made me think it might be useful to encapsulate the OAuth library provided here: https://github.com/andreassolberg/jso, and roll it u

Categories : Node Js

Xamarin.Auth not able to parse JSON LinkedIn OAuth2 Request for Access Token by exchanging the Authorization Code
I believe you have outdated source, Xamarin.Auth gained the ability to handle JSON auth token responses a month ago: https://github.com/xamarin/Xamarin.Auth/commit/f21773a52f58b9d82f3adf38acba509fa0e9aecc#L3L311 Issues with this library are better reported as issues: https://github.com/xamarin/xamarin.auth/issues e.g. Expect100Continue not supported in W8, will have to remove HttpWebRequest and replace with HttpClient. There is an experimental-winphone branch I pushed last week that adds a Windows Phone 8 library and replaces the core with HttpClient to properly support disabling Expect100Continue on other platforms.

Categories : Misc

Why facebook access token from Spring Social returns empty array, while Facebook Graph Api token works fine
You need to submit a post request to spring social ConnectController for the specific provider e.g. http://wwww.yourdomain:8089/connect/facebook. Spring social then will redirect the user to facebook authorization page where the user will grant your app with the asked permissions and send back a code to your server. Spring social then will exchange that code for an access token. You need to establish a connection for that user to be able to perform requests against FB on his/her behalf. Here is a doc page that might help http://static.springsource.org/spring-social/docs/1.0.0.M2/reference/html/connecting.html

Categories : Java

validate OAuth 2.0 access token from a Spring RESTful resource server
Not sure how to answer all the questions with a nice bow, so I'll just put the following points out there: Are you trying to just consume an OAuth-secured API like Facebook in a OAuth-secured fashion? Use Spring Social. If you're trying to create your OWN REST API and use your OWN user context, then use Spring Security OAuth. In this case, you would require clients to authenticate using OAuth against YOUR API, not Facebook or LinkedIn, etc. Spring Social Security (in the 1.2.x series) supports 'signing' the user in as the result of an OAuth connection (e.g., 'signin with facebook,' '..twitter,' '..linkedin,' etc., and your application ultimately ends up with a Spring Security principal in session, just as if you had used an HTTP form to sign the user in manually. Spring Security OAuth d

Categories : Java

Facebook getAccessToken() returns app access token: works fine in one server but throws app access token in other.
I had the same problem today, turns out I didn't have the "fb_ca_chain_bundle.crt" file included (and I had the same problem before, the .crt was out of date) (https://github.com/facebook/facebook-php-sdk/tree/master/src). So this may be the issue, and it wasn't documented in their instructions, so both times took me a while to figure out.

Categories : PHP

Google OAuth One Time and save access token for future use(long live access token)
Assuming you want to keep users logged in even if they logged out of Google, then you have only one option, you have to roll your own session management. You can get a long lived token, a refresh token, but definitely don't save it in a cookie, save it in a database.

Categories : Javascript

Facebook Access Token Invalidation Upon Password Change And How Pinterest gets new access token
Not sure on the exact implementation Pinterest uses, but if a user changes there password, the oauth token will be invalidated and you MUST have the user re-login. This is a security feature so for example, in the event of a hacked account, the user can change his/her password and all tokens will be invalidated (imagine what would happen if this wasn't the case... Your account gets hacked, they authorise there own scam app to have full access to your account, you reset your password... oh they still have full access to your account as they have a oauth token). On this page you can see what error is produced in the event of a password change and your app must detect this and handle it

Categories : Facebook

Facebook access token extending - "The access token does not belong to application xxx"
This almost certainly means what the error says, which is that GENERATED_ACCESS_TOKEN_FROM_THE_FIRST_STEP is not actually from the app ID that you're using in the APP_ID_OF_MY_FB_APP parameter Check the access token you're trying to extend in Facebook's Debug Tooland ensure it was actually generated for your app

Categories : Facebook

oauth2 how to deal with refresh token
Here is my experience when implementing the oAuth library and api using this library. If you are implementing it as a library,you need to have checkToken and refreshToken seperately.So the api(depending on the requirement) can decide whether to refresh token or not while checking/verifing the token. When doing in the api, again it depends on the requirement.if the requirement is that the user session should be active for some time(say 4 hours) from his last access, then it is better to refresh token every time you are checking/validating the token. The same refresh token can be done on the client,but the issue will be that the client has to call refresh token after every api call,which means there will 2 calls for every single api. Hope this will clarify.

Categories : PHP

google oauth2 C#: no refresh token
In the API, within OAuth2ProviderForApplications.cs file, in GetAuthorizationUrl() method, on line 100 if you add &approval_prompt=force to the string: return string.Format("{0}?scope={1}&state={2}&redirect_uri={3}&response_type={4}&" + "client_id={5}&access_type={6}&approval_prompt=force" it works. But this is a horrible workaround plus it might create apache license issues. How found: in google oauth2 playground (https://developers.google.com/oauthplayground/) this parameter (approval_prompt=force) is set and if you omit it, it does not give refresh token.

Categories : C#

Google OAuth2: When and how to use refresh token
An access token will expire after 1 hour - after that time you will begin to receive "401 Invalid Credentials" errors when you make calls against a Google API. I'm not familiar with the .NET Google API Client library - the Java and Python libraries will automatically make a request for a new access token when this occurs, depending on how you are creating the DriveService object. I would expect the .NET library to have similar semantics.

Categories : C#

OAuth2.0 cannot get refresh token even when access_type=offline
Is this the first time you are authorizing with the application since you changed the parameter to access_type=offline? You will only retrieve refresh token once when client clicks authorization button to grant you access. One workaround is to set another parameter approval_prompt=force so that user will always click on authorization button and you can always get refresh token. Otherwise, save refresh token locally so that you don't have to retrieve it again.

Categories : Python

"Invalid_client" generating oAuth2 token for Adwords API
The problem was I wasn't using an email account that was a "Client Manager" and had "access to the user interface and API". Once I updated my client project and login info to use a Client Manager account, everything worked as expected.

Categories : Dotnet

How to refresh the OAUTH2 BOX token in multithreaded application
If you are writing a multi-threaded app, then you need to synchronize on the refresh block. In java, the classic way to do this is by using a singleton. Other languages allow similar mechanisms to coordinate an operation that needs to be coordinated across multiple threads.

Categories : Multithreading

How to preserve & re-submit request while doing an OAuth2 token refresh?
This is solvable by getting a refresh_token with which you can get a new access_token. You can do that by asking for offline access when the user first authorizes your app. You can also use the Ruby client library that Google provides to manage the OAuth2 process easier for you.

Categories : Ruby On Rails

Google Analytics API - Retrieve refresh token with OAuth2 & ASP.NET
It looks like you are passing the parameters twice. Once in the query string: WebRequest request = WebRequest.Create ("https://accounts.google.com/o/oauth2/token?code=xxxx... And then again as POST data. I would suggest removing the query string, e.g. POST directly to "https://accounts.google.com/o/oauth2/token". Also suggesting ensuring that all parameters are URL encoded if you're not already doing so: http://msdn.microsoft.com/en-us/library/system.web.httputility.urlencode.aspx

Categories : Asp Net

how can I get a facebook Page access token from a users access token using php?
Here is my functioning code, still messy but seems to work, note the scopes on the first $dialog_url, and please feel free to mock my code or even suggest improvements : function doWallPost($postName='',$postMessage='',$postLink='',$postCaption='',$postDescription=''){ global $FB_APP_ID, $FB_APP_SECRET; $APP_RETURN_URL=((substr($_SERVER['SERVER_PROTOCOL'],0,4)=="HTTP")?"http://":"https://").$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?returnurl=1'; $code = $_REQUEST["code"]; $FB_ACCESS_TOKEN = getFaceBookAccessToken( ); $FB_ACCESS_TOKEN_OLD = $FB_ACCESS_TOKEN; //if no code ot facebook access token get one if( empty($code) && empty($FB_ACCESS_TOKEN) && $_REQUEST["returnurl"] != '1') { // if( $_REQUEST["returnurl"] == '1') die; $dialog_url = "ht

Categories : Facebook

Web request to 'https://accounts.google.com/o/oauth2/token' failed using webapplication
What worked for me is to make sure that the scope setting is something like this: https://www.googleapis.com/auth/analytics.readonly and not just "analytics.readonly"

Categories : Asp Net

How to generate facebook access token for given app key and secret key using spring social facebook?
If you're wanting to use the token to access user-owned resources at Facebook (e.g., the user's timeline, friends, etc) there's no way to get a token without involving the user. That's on purpose so that you aren't allowed to fetch data or write data to Facebook without getting the user's permission to do so. But if that's what you want, then you must redirect the user to Facebook and back. This is OAuth 2's authorization code grant. Spring Social's ConnectController can help you with this. You might be able to do it via the JS API, but it's been awhile since I've done it that way and I know a few things have changed at Facebook in that regard. And it probably relies on OAuth 2 Implicit Grant (which involves a redirect). There is another way to obtain an access token without redirecting

Categories : Spring

Exchange code for access token and id token for google oauth java
You can extract the access_token and expires_in from the returned GoogleTokenResponse, e.g., GoogleTokenResponse#getAccessToken(). Take a look at the documentation for GoogleTokenResponse.

Categories : Java

How do i generate a fresh access token from a stale token in django-allauth?
A typical User Access Token is valid for 2 hours, you can extend it to 60 days. But you cannot refresh a Token without user interaction. Else, it would make no sense to limit the validity. Which is an important feature, if a user does not use an app for some days, the app should not be able to use his token anymore. So, you cannot refresh the Token with a cron job. The user has to refresh it (FB.getLoginStatus in the JavaScript SDK, for example). More about Access Tokens: https://developers.facebook.com/docs/facebook-login/access-tokens/

Categories : Python

Twitter Access Token URL returns Invalid Request Token
In Main function You write Simply this code redirect_url = "http://myawesomeapp.herokuapp.com/create_users/get_twitter_info" url = URI.parse(URI.encode(redirect_url.strip)) consumer_key=consumer key consumer_secret=consumer secret oauth = OAuth::Consumer.new(consumer_key, consumer_secret, { :site => "http://api.twitter.com" }) request_token = oauth.get_request_token(:oauth_callback => url) session[:twitter_token] = request_token.token session[:twitter_secret] = request_token.secret and in get_twitter_info function you write consumer_key=consumer key consumer_secret=consumer secret oauth = OAuth::Consumer.new(consumer_key,consumer_secret, { :site => "http://api.twitter.com" }) r

Categories : Ruby On Rails

Obtaining Access token from refresh token using Google API
For the first time, you need to get the access token from the browser prompt and then save it in some store. Check if the token is expired and then try to refresh it. Code here : private static IAuthorizationState GetAuthentication(NativeApplicationClient arg) { try { // Get the auth URL: var config = new Configuration(); var calendarScope = Google.Apis.Util.Utilities.ConvertToString(CalendarService.Scopes.Calendar); IAuthorizationState state = new AuthorizationState(new[] { calendarScope }); state.Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl); Uri authUri = arg.RequestUserAuthorization(state); var authCode = String.Empty; if (String.IsNullOrWhiteSpace

Categories : C#

OAuth2 Client Authentication Spring
Answering my own question: It turns out that the spring app only had 2 viable users: <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="bobspassword" authorities="ROLE_USER" /> </user-service> My tonr client was not in this user-service, so spring kept rejecting it. I just needed to add the client list to a ClientDetailsUserDetailsService: <beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> <beans:constructor-arg ref="clientDetails" /> </beans:bean> and then add that UserDetailsService implementation to the <authentication-manager/> bean: <authentication-manager

Categories : Spring

Can I create a short-lived, limited access token from a long-lived one?
One option would be to use my server's long-lived access token to create a new long-lived access token and hand to the JavaScript on the page, per this API flow. It would work but I don't like the idea of handing out long-lived tokens with full permissions.

Categories : Facebook

Spring Oauth2 Provider in Grails - dependency
What happens when you run the release version of the plugin and not the SNAPSHOT? I found that when I work with latest versions of grails, many times they break existing plugins. So what I would do is... Try to use release version of plugin with your 2.2.2 grails. If that does not work, I would step back my grails version and try an older one with the released plugin. If an older version does not work, I might be missing something in my setup, so I would try to figure out what it is. If things work in older versions and it looks like my setup is good based on setting it up, then I would ask on the grails nabble on what is up and/or open a JIRA ticket. Another thing to consider is how young/old the plugin is and how many previous bugs it had. We have many times either decided to de

Categories : Spring

Spring security Oauth2 client ClientAuthenticationProcessingFilter
I thought I might write something. But the version you are using is very old, recent version of Spring Security OAuth2 is very easy to use and have applied wide - many document. Let's make some search :D http://jhasaket.blogspot.com/2014/09/securing-spring-mvc-application-using.html

Categories : Spring

gae channel token as general access token
This is an interesting concept. It could be made to work if you're careful. For starters, this would only be safe if you transfer your token over HTTPS. Tokens and channels time out, so you have to recreate your channel every so often. Channels are a bit flaky over poor internet connections. If your lose your internet connection, sometimes the channel still works afterwards, sometimes you need to recreate it. There's no way to validate or get your client ID via your access token. So to use this as security, you would have to NOT return any data to the original request, and just send data to the channel. Also, you'll need to store your own mapping between client ID and access token on the server. And keep in mind that it would be inaccurate since it's hard to tell on the server sid

Categories : Google App Engine

How to get OAuth 2 refresh token using access token
I got the answer now i want to share to all of you because many questions are unanswered. to get a new token first you have to invalidate the token using below code accountManager.invalidateAuthToken("com.google", token); after invalidating the token you require to get a new Token, below code provides a new Token String newToken = AccountManager.get(this).getAuthToken(new Account(account, "com.google"), AUTH_TOKEN_TYPE, true, null, null).getResult().getString(AccountManager.KEY_AUTHTOKEN); now you can use your new token to authenticate and login.

Categories : Android

How to specify OAuth2 scope with spring-social-security SocialAuthenticationFilter?
You can pass additional scope parameter in a connection / signup form. See example for twitter from the official documentation: <form action="<c:url value="/connect/twitter" />" method="POST"> <input type="hidden" name="scope" value="publish_stream,offline_access" /> ... <button type="submit"><img src="<c:url value="/resources/social/twitter/signin.png" />"/></button> </form> It is the same principle for facebook too, just use appropriate scope values. Be sure that you do not missed this part: Facebook access tokens expire after about 2 hours. So, to avoid having to ask your users to re-authorize ever 2 hours, the best way to keep a long-lived access token is to request "offline_access".

Categories : Java

How do I use Google's token from AccountManager in my web app? (Rails with omniauth-google-oauth2)
I managed to validate the token on the server side manually, without using omniauth. I had to change the call to AccountManager#getAuthToken. The authTokenType parameter (previously "ah") needed to be filled with the client ID instead as follows: "audience:server:client_id:" + CLIENT_ID. The client ID is retrieved from the API Console, and is the one belongs to your web application. It looks like this: 123456789.apps.googleusercontent.com. The code on the server side was pretty simple, so I didn't mind: SessionsController (app/controllers/sessions_controller.rb): def create auth = request.env["omniauth.auth"] if auth account = case auth['provider'] when GoogleAccount::OAUTH_PROVIDER then GoogleAccount.find_by_omniauth(auth) end else account

Categories : Android

Using Spring Security OAuth2, what's the right way to refresh the stored authentication in the TokenStore?
I resolved this issue in my app by deleting all tokens for a given user when the authentication information is sent. Use a custom AuthenticationProvider bean. @Component("authenticationProvider") public class AuthenticationProviderImpl implements AuthenticationProvider Autowire in the token store bean. @Autowired @Qualifier("tokenStore") private TokenStore tokenStore; Then in the authenticate method, remove all tokens for a given user if the credentials are passed a second time. @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; try { //Do authentication //Delete previous tokens Collection<

Categories : Java

Angular JS + Node JS + Passport + Spring OAuth2 Authentication/Authorization
I do not know if I have to use passport-Bearer or not and how to use-it. No. There are other options, such as: oauth.io httpProvider + express middleware Here is an example of how to use passport: // Express using passport-local // This code is adaptation of examples/express3 from https://github.com/jaredhanson/passport-local // configure Express app.configure(function() { // ... app.use(express.session({ // The domain should start with a dot, as this allows the subdomain. domain: '.app.local', secret: 'keyboard cat' })); // Enable cors. app.use(function(req, res, next) { res.header('Access-Control-Allow-Credentials', true); res.header('Access-Control-Allow-Origin', req.headers.origin); res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); res.header('Access-Contr

Categories : Angularjs

PayPal - OAuth2 API Access?
In the same application that you've created on developer.paypal.com, you will see both test and live credentials. If for any reason you need to be verified, it will show you a button to get started with the verification process, which will enable your live credentials.

Categories : Paypal



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.