I am using the below link https://github.com/okta/samples-js-react/tree/master/okta-hosted-login from GitHub to create an application for okta react. it works fine but when I am trying to access the application from okta tile with the below configuration in okta:
"Send ID Token directly to app (Okta Simplified)"
Then I am getting error cannot post in react UI.
The value of Initiate login URI is http://localhost:3000/implicit/callback
Send ID Token directly to app (Okta Simplified): When the end-user clicks on the application chiclet at Okta dashboard, Okta mints an id_token and makes a POST request to the 'initiate_login_uri' with the id_token in the body of the POST request.
You could handle POST request in your server and then redirect to a page in your app.
Related
I created a public App for Amazon SP-API.
While updating the App, there were 2 mandatory fields. OAuth Login URI and OAuth Redirect URI. My concern is about the OAuth Login URI. I am not able to save with updating just the OAuth Redirect URI.
I would want to implement the Amazon SP-API Oauth2 only after the user has logged into my website.
When I save the application after filling the two fields, this is what is happening.
User Logs into Amazon.
Authorized the App.
He is shown a list of items the App requests access to.
There is a button at the bottom sign/up Login to App
Once user clicks on the button, it goes to the OAuth Login URI
My application has to do the additional step of routing to amazon_callback_uri.
While the below URL talks about the flow going to the OAuth Redirect URI.
https://developer-docs.amazon.com/amazon-business/docs/website-authorization-workflow
Can you please help me avoid this redirecting to the Login URI and rather redirect to OAuth Redirect URI?
I'm using Postman a lot for API development. Most of time I use OAuth 2.0 for authentication. As this post says, the Authorization Code flow steps are as below:
The application opens a browser to send the user to the OAuth server
The user sees the authorization prompt and approves the app’s request
The user is redirected back to the application with an authorization code in the query string
The application exchanges the authorization code for an access token
In step 3, I think the user is redirected back to the application by using the redirect url. But what we always provided in the request is the configured url for real application that should get the auth code instead of Postman. I'm quite confused how can Postman get the auth token as the redirect url has no info about it.
The identity provider will create the authorisation code and return it to the redirect URI as a query string parameter, in a parameter named code the url will be yourdomain.com/app?code=authorisation-code
In postman it is possible to retrieve an access token for a Authorisation Code flow client.
Click the authorisation tab for a request, in the type select oAuth 2
Then click the orange Get Access Token button, it will prompt a new window where you can input your client & idp information.
When you click the request token button it will prompt you to enter your credentials at this point it will retrieve the authorisation code and automatically exchange it for an access token using the client id, secret and scopes that you configured on this screen, if everything is successful then you will receive your access token.
I am currently tracking a question on how to automate this process to be executed as part of the execution runner: Postman - Access Token Retrieval using Authorisation Code grant type
I am creating an automated testing collection in Postman, and I want to retrieve the Bearer Token using the oAuth 2.0 flow with authorization code.
I am struggling with how to configure a "listener" mock of redirect uri that will be able to receive the authorization code (in Postman).
I was able to create the next step of initiate a new call to get the token (using the authorization code).
My flow step by step, the problematic step is 5:
App send API request for permissions
App receive back a redirect link for user authorization
User authorizes the permission request
App initiate authorization flow (../oauth/authorize)
App receive to it's predefined 'redirect uri' the authorization code
App send request to GET token with the authorization code received
I am using Postman, and tried their callback uri, without any success.
I am reviewing OKTA. I have two authorization servers configured, the default one and a custom one. I have a client (web app) that is configured and correctly logging in. I am getting back the expected id_token and access_token. The problem I am running into, is how do I call an api, that is expecting an access token from the second authorization server? How do I request an access token on behalf of the logged in user (default auth server) from the second auth server, without prompting the user to login again? This is all done in .net core mvc application.
In each of your applications you can check for an active Okta session. If found initiate the OIDC AuthN flow.
This is the endpoint on the client you can use to check for an Active Session
https://developer.okta.com/docs/api/resources/sessions#get-current-session
You can use the following authorize URL to get the access token or id token
{{url}}/oauth2/{auth server ID}/v1/authorize?client_id={client id}&response_type=token&response_mode=fragment&scope=openid&nonce=nonce&state=state&redirect_uri={redirect url}
Get the auth server ID from the URL when you see visit the server in the UI.
The above call needs an active session so if you signed the user the first time with 'default' auth server recently. You don't need to sign the user again to get to the token for the second auth server.
I am developing a REST API with Spring Boot. I have implemented OAuth2 authorization server, so I am able to call my rest API to get a token:
localhost:8080/oauth/token -d "grant_type=password&scope=write&username=myuser&password=mypassword" -u myclient:mysecret
Now I want to implement "Sign up with FB" functionality, so I am thinking about the following flow:
User clicks on the "Sign up with FB" button.
Mobile app app makes a call to FB and gets an Access Token from FB
Mobile app sends this access token to the backend
Backend creates a new user entity and sends back a new access token (together with refresh token) issued by authorization server.
But I am not sure how to implement the step 4. I tried to find an example on internet, but didn't have any luck. Does anybody have an idea how to implement it?
Here is my OAuth2 implementation: https://gist.github.com/osgafarov/8530464d25895512862a3d1f6013170e
Many thanks!
I understood that you need to signup using fb. but its not suggestible that using the credentials flow, instead that you can use the Implicit Flow.
When user clicks on SignUp using FB Button mobile app Should open embedded browser (SFSafariViewController) and it will open the authorize end point.
when user clicks on approve or Okay the Browser redirects backs(Implicit flow) and closes the Browser View. here you will get the accesstoken in the URI.
Post that AccessToken to your Backend and Obtain the User Information from Facebook from that accesstoken.
Then insert that data into UrDB(in Backend) and return the response to ur client App.
https://5ecfdd32d0a3264463ba-8110a1171af36b468f9bd61da395ee26.ssl.cf2.rackcdn.com/blog/Screen%20Shot%202015-06-22%20at%206.42.07%20PM.png