Has anyone successfully implemented OAuth using Doorkeeper as Provider [Authorization Code grant type] in React ? what package did you used that acted as omniauth [if you are using RaIls]
I'm no familiar with Doorkeeper, but depending on what you are trying to achieve you might be interested in having a look at Pizzly. It has a React compatible JS client both to connect and perform authenticated requests to third-party API (e.g. Twitter, Google Sheets, Typeform, etc.)
Here's a demo with the GitHub API + Pizzly using React: https://codesandbox.io/s/pizzly-github-react-demo-rq78z?file=/src/App.js:493-545
Related
I read this article.
Gmail can't be use in third-party component without using OAuth 2.0?
Should a personal account also use the OAuth 2.0 when using a third-party library?
If you are using Gmail or any other Google API you should be using OAuth 2 flow to ensure a more security scenario.
For your actual questions, yes you need to use OAuth flow to authenticate to any Google API as required, the link you posted about Less Secure Apps already says that they will be deprecated anytime soon and are pretty much discouraged.
I'd like to build an app with a server-side Rails 5 API serving JSON data, and a React or other JS front-end, but I would like users to authenticate with their github accounts.
So when the app starts the user would log in with github and then receive a JWT token to use to interact with the Rails API.
Where are some resources I could use to get started here?
I ended up rolling my own using Faraday and manual api calls.
https://github.com/Ada-Developers-Academy/ada-prs-api/tree/authentication
Currently it's on hold as I'm switching to a React-Firebase framework as it's better supported and seems more scalable.
Which OAuth flow should be used for mobile app developed using Ionic Framework?
I am developing a mobile app using Ionic Framework v3. It will be interacting with my authorization server (www.example.com) using REST calls. To make the REST calls more secure I have introduced OAuth and JWT's. But I am unable to decide which OAuth flow to use.
Also note I will be using my own OAuth server and will not be using public servers such as Facebook, Google, etc.
My understanding is it depends on if you're going to deploy your Ionic app as a Web app or a Native app. For Web (SPA) you'll likely use the Implicit flow, and for Native you'll likely use Authorization Code Grant using Proof Key for Code Exchange - PKCE.
I personally use Auth0 for my auth, and I deploy my Ionic app in Web and Native. My app triggers the Implicit flow when in Web and PKCE for Native. Auth0 has some helpful docs here:
https://auth0.com/docs/api-auth/which-oauth-flow-to-use
https://auth0.com/docs/api/authentication#implicit-grant
https://auth0.com/docs/api/authentication#authorization-code-grant-pkce-
I came across this page from Google about Migrating to OAuth 2.0 login (OpenID Connect)
My current project has already used the Microsoft.Web.WebPages.OAuth library to implement the external login feature using Google account. But I am not sure whether this library still supports OAuth 2.0 login when the OpenID 2.0 is eventually shut down in the near future. Does someone have an confirmed answer about it? Thanks.
Is there anyway to retrieve the Google Oauth refresh_token using Scribe?
I am building an app that requires several scopes mixed between java Gdata and Google api java client libraries -- and I am looking for a Single Sign On (SSO) when a user of my app signs in. However because of the state of current Google Apps API's requiring Oauth 1 or Oauth 2 depending on which library / scope you need, I'm a bit stuck.
Oauth 1 (java gdata e.g. analytics data export scope) - requires the
access_token secret
Oauth 2 (google api java client e.g. analytics calendar scope) -
require a refresh token, which is not avail currently in a Scribe OAuth 1 call
Any tips / advice? Anyone managing this with a single sign on?
Sorry scribe does not support (at the time of this writing) Google's OAuth 2.0 Apis.
It shouldn't be too hard to implement using FacebookApi as a guide. Cheers!
Scribe has added support for Google OAuth API. I used scribe 1.2.2 and it worked just fine for me.