I am developing clover app using clover web api for integrating with WordPress site i have successfully built clover app but having CORS related error.Basically it is a oauth access token error. How to get Access Token From Oath
Related
From the Google Doc, I see below are the options to fetch an access token for the directory API
Web server applications i.e Client Credentials
Installed applications (Mostly same as Client Credentials approach
which we currently support but with the use of applications
installed)
Client-side (JavaScript) applications (For JavaScript applications
that run in a browser)
Applications on limited-input devices (For Limited-input devices such
as TV, game consoles, video cameras, and printers)
Service Account
Reference Doc:
https://developers.google.com/identity/protocols/oauth2
Is there any API to Fetch an access token from SAML bearer assertion for the directory API and if yes then what information does this API needs and is there any Doc to do so
Example Directory API for which I am looking to connect -
Directory API used for user creation: https://www.googleapis.com/admin/directory/v1/users
Answer:
Unfortunately, at current Google doesn't support client authorization and authentication for their APIs via SAML 2.0 Profiles.
More Information:
As you've already pointed out, the only supported methods of fetching an access token at the present time are those mentioned in the documentation page titled "Using OAuth 2.0 to Access Google APIs".
Feature Request:
You can however let Google know that this is a feature that is important for access to their APIs, and that you would like to request they implement it.
Google's Issue Tracker is a place for developers to report issues and make feature requests for their development services, I'd urge you to make a feature request there. While there is no component for general OAuth2 or Authentication methods, given your requirements I would suggest filing it under the Admin SDK component which you can find here
References:
Using OAuth 2.0 to Access Google APIs | Google Identity Platform
Further Reading:
RFC 7522 - Security Assertion Markup Language (SAML) 2.0 Profile
for OAuth 2.0 Client Authentication and Authorization Grants
In my Asp.Net Core 2.1 Web Api + Angular App setup, I am trying to reset user password token using identity framework. Token is generated by calling GeneratePasswordResetTokenAsync(), emailed and request is sent back from client, verified by ResetPasswordAsync. I have checked that the two tokens are same but still ResetPasswordAsync fails with Invalid Token result.
I am using PG SQL as database, and JWT for Authentication, The SecurityStamp is also not null, my client app is written in angular and served from a different web server than the one serving the web api. However when testing on local machine there is no problem.
I have enabled CORS in web api allowing any origin, however I have noticed that my client request contain
Origin: https://my-domain.com
Referer: https://my-domain.com/myangularapp
Please let me know if any info is missing, any help will be appreciated.
I am using Liferay 6.2 CE & want to authenticate my liferay web services with OAuth. I have made a remote json web service in liferay in 'ServiceImpl' & its occurring in list of web services on page http://localhost:8080/api/jsonws & also working fine. But it works only when I am logged in the application on browser.
What i need is to authenticate all of them with OAuth, like hitting services from Postman etc, i have done this using basic Auth.
thanks
How to enable OAuth1 Server support for Jersey 2.9 based RESTful web services? Is there any example project demonstrating the required features? The user (Android App) should get HTTP 401, if he does not include authenticated token in request header.
See reference docs: https://jersey.java.net/documentation/latest/user-guide.html#d0e10946
First step in enabling Jersey OAuth 1 support is to register a
OAuth1ServerFeature instance initialized with an instance of
OAuth1Provider. Additionally, you may configure the Request Token URI
and Access Token URI - the endpoints accessible on the OAuth server
that issue Request and Access Tokens. These endpoints are defined in
the OAuth 1 specification and are contacted as part of the OAuth
authorization flow.
Should I use OAuth1 server support for securing Jersey 2.9 based web services? Is there any other better library that can be used to implement token based authentication for Jersey based RESTful web services?
I'm using django application with python-social-auth responsible for integration with Linkedin OAuth2 API.
Linkedin returns 500 server error:
{
"error":"server_error",
"error_description":"the authorization server encountered an unexpected condition : Unable to retrieve access token"
}
Steps to reproduce:
Create new LinkedIn app with OAuth 2.0 Redirect URLs set to http://localhost/complete/linkedin-oauth2/?
Setup django app with python-social-auth module:
SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY = <API key>
SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET = <Secret Key>
Run Django server on port 80 and go to: http://localhost/login/linkedin-oauth2/
Go to Linkedin Settings, choose Groups, Companies & Applications > View your applications, select your application name and submit Remove
Logout user from your Django app and start authentication again: http://localhost/login/linkedin-oauth2/
There's a discussion about this issue on the LinkedIn forums.
Apparently this can happen if you move from OAuth1 to OAuth2.
The proposed remedy until they resolve the problem is to create a new authentication key for our applications.