I have been searching a lot but did not find the answer.
I'm trying to use Keycloak with Fitbit SDK app. There is an OAUTH2 implementation but it does not support OIDC (in the SDK Fitbit)
Can I use OAUTH2 without OIDC with keycloak ? If yes how can I do it. I read a lot of posts quand documentation but I just mention OIDC
If not is there an other solution ?
Thanks
Related
The Autodiscover flow is described here but I can't figure out how OAuth2 fits into the mix: https://support.microsoft.com/en-in/help/3211279/outlook-2016-implementation-of-autodiscover
Any links to documentation / guides or any other help would be very useful!
Both code bases can provided OAuth2 capabilities. Why should I use one vs the other?
The Spring OAuth2 library has capabilities of turning an application into a full-fledged OAuth2 Authorization Server, which is able to issue its own tokens BUT it still needs and depends upon a central OAuth2 provider for authentication. CF UAA is one such provider.
Facebook or Github are the other such OAuth2 service providers used more commonly for this purpose.
More details about Spring OAuth can be found at - https://spring.io/guides/tutorials/spring-boot-oauth2/
I hope it helps.
I am constantly get confused by OpenID Connect and Oauth2, and I read this article and get a sense that Google is using OpenID Connect https://auth0.com/docs/oauth-web-protocol (but I remember google used Oauth2 as providing auth service to 3rd parties), see the following quote
Auth0 supports the OpenID Connect / OAuth2 Login protocol. This is the protocol used by companies like Google, Facebook and Microsoft among others so there are plenty of libraries implementing it on various platforms.
Moreover, the above URL seems to say Auth0 is using OpenID (rather Oauth)? See the following quote:
GET https://YOUR_NAMESPACE/authorize/?
response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=http://YOUR_APP/callback
&state=VALUE_THAT_SURVIVES_REDIRECTS
&scope=openid
http://openid.net/specs/openid-connect-basic-1_0.html
OpenID Connect is basically authentication built on top of OAuth 2.0.
OAuth 2.0 by itself didn't standardise authentication (just authorization) and the confusion you have likely comes from the fact that each of the companies that are now switching to OIDC previously had already poured their own "authentication sauce" on over their OAuth 2.0 implementations. In practice this meant that each had their own set of scopes and their own version of what is a standard /userinfo endpoint in OIDC, but the authorization mechanism in all cases (including OIDC) is based on OAuth 2.0.
To wrap up by answering your question: Yes, both of the endpoints you mention support OpenID Connect.
I'm looking for a way to secure my own api with OAuth, but all I find is how to create client that connects to Twitter or Facebook. In the ZF2 docs site there is only example how to use ZendOAuth to connect to Twitter service. Is there any tutorial/documentation or anything ?
Which version about Oauth you are looking for ?
Just add one of these modules to create an Oauth provider. Take care! you have to know how oauth works, to integrate into your application.
For oauth 1.0a
https://github.com/bgallagher/BgOauthProvider
For oauth 2.0
https://github.com/php-loep/oauth2-server
see https://stackoverflow.com/a/23302428/389976
Essentially check out Apigility http://www.apigility.org/
SalesForce.com Rest API Authentication. Will it allow 2-legged oauth transaction
Yes it does allow 2-legged authentication, although Salesforce docs say that it isn't recommended. It's described in detail here:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_username_password_flow.htm&type=5
From using it I know it always redirects you to salesforce to login and authorise the application, which if I have my terminology right is 3-legged oAuth, so at this point in time I'd say it doesn't support that.
THere's some good information on oAuth and Salesforce here.
Here is the actual support page for Salesforce 2 legged Oauth:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5
Contrary to another answer it is recommended and supported as long as you use the above method.
aka:
OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration