I have a chrome extension which I would like to convert into an Edge extension. I attempted to use the conversion tool provided by Microsoft (here) but it doesn't work, at all. I load the extension and the program just hangs, without updating the UI at all. It's a fairly complex extension, so I could understand why.
I've started to look into doing this myself, however I saw that the Identity API is not supported at all within Edge Extensions (see here) which hinders my progress slightly, as I use chrome.identity.launchWebAuthFlow to interact with our own Identity Provider.
Is there a way around this at all? Or any possible alternatives? We need to be able to authenticate against our own Identity Provider (which is running IdentityServer 3.)
Please check this thread, as we know, Edge does not support identity now. So we cannot get user identity using Edge extension APIs. Currently we do not have any tricky do get user identity and do not encourage to do it with a tricky method. The best and safety way is sign-in with your extension now.
Someone has create a feedback to asks Edge support Identity API, you could also add a vote.
Related
I am a beginner in the world of the OAuth2.0 and OpenID Protocols. I would like to implement a custom server - provider for multiple applications. So, to use it for Single Sign-On (SSO). I would like to work with python. Till now I have found four packages, for an OAuth2.0 and an OpenID Connect server implementation, in Python: pyoidc, django-oidc-provider, Django OAuth Toolkit (DOT) by OAuthlib and Authlib. I tried to read and understand pyoidc, but it was not so helpful and easy, basic things were missing. I have tried django-oidc-provider and I was really satisfied, and the whole implementation was really easy. So, after those trials, I am left with Django OAuth Toolkit (by OAuthlib) and Authlib. Has anyone tried them? Are these packages the same? Is Authlib an updated version of the OAuthlib library? The only information I know till now, is that Flask-OAuthlib is deprecated, and Authlib is was its new version.
*Every answer or advice or personal experience would be really helpful and always appreciated!
Thank you again for your help.
After some research, I concluded to work generally with JWTs. As before, I would like to work with a GraphQL API, so I am searching for solutions about JWT authentication on it. I maybe use Passport.js (passport-jwt) or something else for Python. All the libraries mentioned above possibly will be not used.
I will just redirect the user to my main application, authenticate them with JWT, and then return the JWT back to the application. In the future and after deployment, I might also implement an OAuth2.0 provider for my website. Although those packages did not really help me, I would recommend Django OAuth Toolkit (DOT) and django-oidc-provider to others. But, also I learned that django-oidc-provider only supports the implementation of a small and simple OAuth2.0 provider. Django OAuth Toolkit comes with lots of options for implementing an advanced OAuth2.0 Authentication Server (AS), including Authorization Code flow with PKCE (Proof Key with Code Exchange), which is the most secure flow. It is also scalable and has great documentation with lots of customizations if you want.
*I sent an email to the support of Authlib, and of course no one has answered to me after a week.
My client suggests that implementing a web service using WS-Policy entries inside the WSDL (using WS-SecurityPolicy standard, which seems to be the recommended way) might cause incompatibility issues with clients that call the web service. My first question is, are his concerns correct? If not, how can I prove to my client that it is safe to use WS? I could not find anything on the subject.
If compatibility issues can indeed occur, I need to find a different way to implement WS-Security requirements (like signing parts etc.) without Spring, using JavaEE APIs. I could not find anything on that subject either. The only thing I could find is about standalone web services but I do not want that, I want a web application and I need to use JavaEE APIs (so no Spring).
Any help will be appreciated.
If you have pre-existing clients already using this webservice, then yes it will break compatibility if you add WS-Security.
But if no one is using it, or it hasn't been developed yet, how will this cause compatibility issues?
Personally I see WS-Security as rather complex, particular in the area of signing and encryption, so if your client had said that some clients might not have the skills to implement the web service I would have been inclined to agree with him.
So I've done some digging, but came up with nothing thus far because I feel that this would be a close to impossible task. But I am more than willing to look on my own, I wanted to know if it was possible to access Google related resources using QT Creator. So For example if I wanted to use say Google analytics, what would I need to research? Would I need to have some sort of app-engine side?
Thanks!
You can access most of the Google products by using the corresponding API (AppEngine is not required for that). This link lists all available Google APIs. You can then access it using the Google API Client for C++, but the C++ binding seems to be in alpha.
Edit:
It seems that Google stopped the development and support of the C++ binding for their APIs. The library source code can still be found on Github.
I'm trying to make an autorun app with c++ that doesn't have an UI, but it will log into google drive when u plug in the USB drive. I was wondering if there was a way to do this, either by using google api, or by detecting the field forms on the login screen, and automatically filling them in. Also this is going to be strictly a private software.
Add one part How do you make a HTTP request with C++? with two parts https://developers.google.com/drive/v2/reference/.
Shake lightly. Chill and serve.
Optionally add for flavor: https://developers.google.com/drive/auth/web-server
However, I'm unable to find a c++ oath2 library. The closest thing I found was https://code.google.com/p/twitcurl/. If you find an oath library, please comment on this.
UPDATE:
POCO has a OAuth 1.0 implementation seen here: https://github.com/pocoproject/poco/tree/develop/Net/samples/TwitterClient/src
Also, according to this landmark blog post, there are still many concerns about OAuth 2.0's security. The 1.0 implementation above is what I would attempt.
For more information on OAuth 2.0, see RFC6749 and RFC6750.
I'm trying to get authenticated for receiving and publishing Google Buzz-es from a Qt 4.6(c++) application. I'm looking for a cross-platform solution.
Could anyone provide some working solution for this purpose?
You can also try kQOAuth which is a new Qt library for doing OAuth authentication. It will let you do the user authentication very easily too, if you like.
Supports OAuth 1.0 and HMAC-SHA1. No external dependencies.
http://www.johanpaul.com/blog/2010/10/introducing-kqoauth-easy-and-powerful-oauth-library-for-qt/
I couldn't find any either, so I made one: https://github.com/pipacs/steps/tree/master/o2 . Based on KQOAuth, tested with Google Docs.
Quick google search gave me QOAuth, which is a Qt lib and liboath which is a C based API.
I'm using QOAuth, you have to do some hack before you can use QOAuth in windows.
So far, I could get the request token from Google, and let the user authorize it.
But when I try to get the access token with the oauth_verifier, it keeps telling me the signature is invalid.
Anyway, I've used QOAuth to deal with other SP successfully. So the QOAuth is the solution.