I have created new OAuth 2.0 Client IDs (application type = Desktop app). Then downloaded the OAuth client JSON file. Put the file into the folder where my code is looking. When I run the code locally on my PC it`s try to open following URL:
https://accounts.google.com/o/oauth2/auth?client_id={my_client_id}&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope={my_scope}&access_type=offline&response_type=code
and that is what I expect. Since the downloaded OAuth client has the parameter "redirect_uris":["http://localhost"]. So I expected the same thing when I ran this same code on the ubuntu server, but nope. The URL it proposes me visit is
https://accounts.google.com/o/oauth2/auth?client_id={my_client_id}&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope={my_scope}&access_type=offline&response_type=code
And here is the problem, I don't understand what I have to do to make my server pass this authorization.
I already tried to manually change this parameter of redirect_uris before visiting the destination to the same one I had on my local computer - to http%3A%2F%2Flocalhost%3A8080%2F, but I got this error in the browser:
Who can help me? What should I do?
Developers using installed applications need to stitch to using IP flow.
Loopback IP address (macOS, Linux, Windows desktop)
A key point on that page is
To receive the authorization code using this URL, your application must be listening on the local web server.
So as directed you would use http://127.0.0.1:port or http://[::1]:port The fact that you are getting a page not found is working as intended as you just have not set up the local web server as directed in the documetnation.
The authorization code needed for authorization can still be found in the URL browser. Currently this is the only information we have from Google and there is no other solution.
Related
I am trying build up a Staging Environment for an ASP.NET MVC Web App, but am stumbling from problem to problem, the last one having been this one: HTTP 500.79 Error / System.UriFormatException when deploying ASP.NET App to Azure Web App
Currently I am getting a HTTP 403 - Forbidden, "You do not have permission to view this directory or page." error when trying to access the page.
Authentication-wise the App uses Azure Active Directory as Authentication Provider, which is working fine in local testing (using a Test-AAD) and in production. The local and productive apps are not using Azure Web Apps. I noticed on the Azure App Service page that there is a possibility to specify authentication right within Azure, but I don't really want / need to use that, as everything is specified within the app resp. configured in the web.config (ClientID, ClientSecret and Tenant). Anyway, when I tried filling in the Authentication on Azure directly it did not work either, so I removed it again.
What happens now is that the redirect to the Login page on login.microsoftonline.com works, and according to the AAD Admin the login attempt is being successful, or at least shows no pecularities. However, when being redirected back to my page, I get a generic 403, without any additional information that could help pin the problem down.
I did check all sorts of logs for further details, and the only pecularity I found is that for some very odd reason, all requests are made to a completely gibberish URL:
Requested URL / specified Reply URL: https:\\skillmanagementtest.azurewebsites.net
Actually requested URL according to logs: https:\\Skillmanagementtest:80
I have absolutely no clue where this URL originates from, however, "Skillmanagementtest" with that capitalization seems to be the name I specified for the Azure Web App:
Screenshot resource group items
The web.config is being transformed properly during the CI/CD pipeline and I double-checked the auth settings there (tenant, clientID, clientSecret), and I am really out of ideas what may be causing this problem.
One hint I found on other problems was to check the IIS logs, but when I attempted accessing the directory these logs were said to be placed in I was rejected access, even though I have owner permissions on the App Service...
UPDATE
After a long and weary process of trying stuff out and discussing we finally got the App up and running. Some observations we made which may be interesting for others with this or similar problems:
The role-based authorization did not work because we forgot to specify the App Roles in the App registration's manifest file, and then link the security groups to the application roles. Check here for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
We had one API which is only visible within our company's domain. As an Azure Web App runs outside that domain, trying to access that API resulted in an internal server error. We still have to find a solution for this.
We had a situation where requests to the reply URL after authorization would be redirected from HTTPS to HTTP. We have solved this, but as five people were trying out stuff consecutively we don't know currently what the fix actually was. We may create another Azure Web App which may then reveal this part of the solution.
Check to ensure that what you have in your web.config and app settings matches what you have in the reply URLs for your app registration in the portal. There may be some reference somewhere where the reply URL does not match.
Are you using the openid sample? https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Also ensure that you are logging in with a user who has the right permissions under the tenant and to the app itself. My colleague and I made a short video that includes the right configurations that may be helpful for this use case. https://www.youtube.com/watch?v=MohaxN6fsDs
After a long and weary process of trying stuff out and discussing we finally got the App up and running. Some observations we made which may be interesting for others with this or similar problems:
The role-based authorization did not work because we forgot to specify the App Roles in the App registration's manifest file, and then link the security groups to the application roles. Check here for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
We had one API which is only visible within our company's domain. As an Azure Web App runs outside that domain, trying to access that API resulted in an internal server error. We still have to find a solution for this.
We had a situation where requests to the reply URL after authorization would be redirected from HTTPS to HTTP. We have solved this, but as five people were trying out stuff consecutively we don't know currently what the fix actually was. We may create another Azure Web App which may then reveal this part of the solution.
I have a Grails project which I want to test in a Local network, but the problem is that I use OAuth for signing in and have specified localhost as my redirect URL to Google app which works fine on a single machine, but when other PC's try to use my app google returns the token to their PC because they are the it returning to localhost. I tried to specify My IP address to google redirect URL but it doesn't allow because it's not a public IP address. So does anyone have any suggestion on what I should do?
you need to have a domain name specifying the redirect url if your app goes out of your local environment(in your case to google.com).so the solution is test all aspects of ur app besides the login in ur lan enviroment
I created a draft application in my store panel, I added the auth callback and load urls, but when I click to install it, it does not call the oauth url. It's not https, is this a problem, considering it's a draft application?
We're using a draft application and calling localhost, which is obviously not https and it is working fine. My advice is the problem is probably at the server you have instructed Bigcommerce to point to. Try to access that URL manually or use a service like hurl.it to create the request manually.
I'm developing an app using Phonegap and it implements a Facebook login to save some data using the user_id as a reference. I'm using OAuth.io library to implement the login dialog and everything runs smoothly in the web browser and in Android but when I test the app in XCode and I tap the login button the following error appears.
Cannot find hostname in file:/// from static
code: InvalidHeader
message: Cannot find hostname in file:/// from static
My guess is that it has something to do with phonegap not making an external request since the app is not actually hosted in a domain but running locally... any thoughts?
Seems like you are using oauth.js library instead of phonegap version
In your main page "index.html" add reference to the correct js file
<script src="oauth-phonegap.js"></script>
Then follow the instructions here to build your application
I had a simular issue using oauth.io. Turns out it was my Ajax prefilter changing the REQUEST to Facebook(it was adding parameters to the header for each request). Wether this is your issue or not, what you need to do is compare a successful REQUEST to Facebook to an unseccussful one, that will show you where things go wrong. Alternativly a blank phonegap app with no extra code other then the required oauth code should work and will be a Good starting point to isolate your issue.
I have been using Phonegap 2 years before.Though I didn't connect to facebook before,I connected to other website by OAuth.I can show you my solution.
Firstly,you should know how OAuth works.You can read OAuth 2.0 from facebook developer website or other websites.
Secondly,you should know your target:token,uid,expires_time.The most important thing is token.
Thirdly,just do it.In 2010,I solve this problem by using Phonegap Childbrowser plugin(now Phonegap have a inAppBrowser) and a light server.
Why I should use a light server?The server can help me to handle the redirecting in OAuth service and do cache.
Step 1 : I wrote script to connect with my server,and my server connect to OAuth Service(facebook).
Step 2 : OAuth Service(Facebook) do response and redirect to Facebook login page.
Step 3 : After input username and password,OAuth Service(Facebook) will redirect to another url and do a callback with some code or token.
Step 4 : If you get the token,save it and use it to connect OAuth Service(Facebook) if you want.
When I saw "Cannot find hostname in file:/// from static " in your description,I know that maybe you get confuse in OAuth.Now,I suggest you some server side code to handle it and make your OAuth process possible.
I'm trying to develop a desktop application to access an API exposed by Groundspeak for geocaching.com. The API requires the use of OAuth.
After finally figuring out why my message signature was being rejected (I had to double-encode my callback URL, after reading somewhere that double-encoding causes problems), I now receive the following error from Groundspeak when attempting to get a request token:
oauth_error_message=Error%20while%20reading%20message%20%27DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenRequest%27%20parameter%20%27oauth_callback%27%20with%20value%20%27http%253A%252F%252Fwww.mysite.com%252F%27.
Not a very descriptive error message. What's the problem here? Groundspeak uses DotNetOpenAuth on its server. Seems like my callback URL might be causing some issue, but I don't have any idea what.
I should probably also say that I'm developing a desktop application, so the callback URL isn't really valid. It does point to a website I own, but that website has no idea about OAuth at all. If I omit the callback URL, I receive the error "Callback URL not present or not valid" or somesuch.
I don't know anything about Groundspeak but I'd guess that they require that you register your app's callback URL before using OAuth. At least Google and Microsoft do this with their OAuth APIs. Look for some kind of developer settings on Groundspeak.
This is definitely something that needs to be further defined in the future: OAuth for non-web applications. But there does seem to be a few possible solutions (not the cleanest) that you can try to get OAuth working within a desktop application. You can look into the articles below that have some working solutions (I have not tested this myself). It's based off of Google's workable solution for handling OAuth from installed desktop apps:
https://developers.google.com/accounts/docs/OAuthForInstalledApps
Link to possible workaround solutions:
http://blog.appharbor.com/2012/06/21/oauth-for-net-desktop-applications
Here's also a related article on SO for desktop app OAuth: OAuth for Desktop apps?
Hope this helps!