This documentation: https://developers.google.com/admin-sdk/directory/v1/quickstart/quickstart-java#step_1_enable_the_admin_sdk_directory_api
Mentions that I need to have client secret, and the code sample lower on that page uses client secret.
However, when i go to APIs and auth/Credentials here https://console.developers.google.com/project/[proj]/apiui/credential#
I only can find clientId and private key instead.
Is there some other place I should get client secret from?
Google API Console is here
APIs and Auth (left)
Credentials Submenu
After I created an OAuth, my information was there.
(by my information was there, I mean successful showing of client secret, etc)
I used wrong type of API, I need web API for that, but I used server API when I was setting up Authentication. Adding web API for authentication added client secret for me.
Related
I'm looking at AWS Cognito documentaion here
Authentication with a User Pool
Actually I looked at many links in the documentation without finding clear information about this.
In AWS Cognito, I successfully created user pool, app client and integrated signup and login in Android and iOS using the platform provided SDK (amplify). But I want to do that directly from REST client, for testing purposes to generate user tokens. I want to submit the required credentials, username and password and get the user token as I do from the SDK.
I also tried the answer here but it gives an error
{
"__type": "NotAuthorizedException",
"message": "Unable to verify secret hash for client 1034me0p4rkfm17oidu7mkunu5"
}
Is this is something possible and how?
I just managed to get it done. There is a setting while you create an application client in Cognito console Enable Client Secret
To get that functionality to work, You need to create another App client with Enable Client Secret disabled. Then use the example mentioned in this answer
I have my web application. Now i want to integrate salesforce into my web app so that i can push data from my app to any salesforce org after the authentication(OAuth).
I found 2 ways:
1. Connected Apps
2. via wsdl generation file and use
I created a connected app from my developer account and i authenticated using consumer key, cusumer secret key(from my connected app) and username of user and secret token of the user account.
I tried with another free trail account, It's validating and fetching the details and post data also working.
My question is, shall i deploy my connected app into app exchange, then only i caan use REST APIs ?
generating wsdl and coding around is the better option than the above ?
Is there a option, only one time authentication enough for any number of sessions and use the REST APIs?
Please suggest me a best way to proceed.
You're mixing up a couple of independent issues here.
If you're going to authenticate via OAuth, you must have a Connected App.
A SOAP API login() call requires you to store a username and password, which is undesirable.
There is no way to "permanently" authenticate, i.e., to get a session id that never expires. Your app must always be ready to get a new access token via the OAuth refresh token it obtains and stores (via, for example, the Web Server OAuth flow), or to reauthenticate via JWT flow.
Connected Apps are global metadata in most cases. You don't need to deploy a Connected App into a target org in order to authenticate using its Client Id and Secret into that org. The only exception I'm aware of is if you want to use the JWT flow with a certificate and preauthorized Profiles and Permission Sets.
Based on what you've shared, I don't see any reason for the AppExchange to be involved.
I have a web app in Google App Engine (with Flask) that needs to ask the user for permissions.
I followed this explanation and it got me working great.
But how do I get the secret_file (or client_config) credentials?
All examples I saw used a local file - but that is not production safe! Is there any way to get it from the application credentials?
I also tried using oauth2client.client.GoogleCredentials.get_application_default() but that seems to be a service account which I can't use.
Creation of web app authorization credentials is discussed here.
Once you are done with the form, client_secret.json file will be generated and is downloadable via the API Console.
There will be a 'Download JSON' button at the right of the OAuth Client credential you created and at the upper part of the page when you click on the Client ID.
From this documentation, it is explained how to construct the authorization request using google-auth-oauthlib.flow module.
In Python, call the from_client_secrets_file method to retrieve the
client ID from a client_secret.json file. (You can also use the
from_client_config method, which passes the client configuration as it
originally appeared in a client secrets file but doesn't access the
file itself.)
Is there a way to authenticate the Microsoft or google OAuth token in active directory without using an authentication server?
Here is the scenario:
A client app gets an Microsoft access_token from some external service.
Client app will make a call to some secured web API and pass that access_token along with the request header
If the access_token passed by client is valid then API will provide response to the client.
Is there a way to validate that access_token on API side?
My normal understanding about OAuth 2.0 is there needs to be an authentication server to which both the client and API would talk to as shown in the figure below:
But if the token is provided by some external service, Can we use it to validate our web API. Are there any ways to implement such authentication?
You can learn more about AAD Signing Keys and handling Key Rollover using this page: Signing key rollover in Azure Active Directory
Validation of the token, once you have the signing key, can be done using existing libraries like OWIN. You can also try following instructions like this (although it seems the document isn't 100% complete yet): Manually validating a JWT access token in a web API
This library is also available, but I think OWIN is supposed to have replaced it in general.
Also check out this blog post, which has a pretty great deep dive into token validation.
can someone please enlighten me on what session secret is and how to find it?
A session secret key is used for signing request to Facebook api functions. It is used in situations where it can be disclosed, for example in browser executed javascript code which makes API calls and needs to sign them.
Facebook have not yet provided a way to get a session secret key in the new graph API so you need to enable 'deprecated api methods' under your app settings and then you can use the old REST api call auth.promoteSession to get your session secret key server-side, then embed that key in the code to be used client-side.