Microsoft has announced end of life support for basic authentication for office 365 - the 13th October 2020.
Will the AE.Net.Mail libaray (currently version 1.7.10.0) still be usable to connect after this date using
var client = new ImapClient(host, username, password, AuthMethods.Login, port, true);
No, AE.Net.Mail will not work anymore for Office365 once Microsoft ends support for basic authentication.
You'll need an IMAP library that supports the XOAUTH2 SASL mechanism.
Update: I've had several people ask me how to obtain the proper OAuth2 access-token credentials via Microsoft Graph for use with MailKit, so I've reached out to the Office365 development team in order to try and get that information. Once I've got that info, I'll write up a HOWTO document and include it with MailKit.
Related
My server is configured to use a static-auth-secret so I changed the WebRTC Trickle ICE example to use oauth as the credential type, and I hoped this would allow me to use the static-auth-secret for authentication.
However, I get this error now:
TypeError: RTCPeerConnection constructor: 'oauth' (value of 'credentialType' member of RTCIceServer) is not a valid value for enumeration RTCIceCredentialType.
This is what my iceServer object looks like now:
const iceServer = {
urls: [urlInput.value],
credential: passcodeInput.value,
credentialType: 'oauth'
};
This doesn't make sense because the documentation here says credentialType can be either oauth or password.
The OAuth credential type was removed from the WebRTC 1.0 specification for lack of implementation in browsers.
It may come back later as an extension to WebRTC 1.0.
At the moment, it is not possible to authenticate with OAuth to an ICE server in deployed browser implementations of WebRTC. See the relevant browser bugs:
Firefox
Chromium
As #dontcallmedom mentions, oauth is not supported. So, to solve my problem of authenticating with a server using a passcode, I had to develop a Node.js Express API which generated ephemeral credentials that worked for default password ICE server authentication. Big note: this REST API is not provided by default, it is made by the user.
More detailed instructions found here
I need to create an organizational feed to host nuget packages shared among projects on our Azure DevOps environment.
After several unsuccesful attempts and research, I discovered that the only way to create an organizational feed is, by design from Microsoft mouth, the Azure DevOps API.
Source for the claim : This question on VS dev community
and The MS docs on project-scoped feeds
Basically, I just need to be able to perform a POST here :
https://feeds.dev.azure.com/{organization}/_apis/packaging/feeds?api-version=5.1-preview.1
with the body :
{
"name": "{myfeedname}",
"hideDeletedPackageVersions": true,
"upstreamEnabled": true
}
And of course, a Bearer token to authenticate myself. That's the point where I'm confused.
What is the simplest way to obtain one ? I'm logged in through my company Microsoft AD account on my computer browser on Azure DevOps. I don't see any Bearer token that I can "steal" to use in PostMan in my browser dev tools.
The API docs described some relevant info, but I'm confused on how to use it in Postman :
Security oauth2
Type: oauth2
Flow: accessCode
Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL: https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
Scopes Name Description
vso.packaging_write Grants the ability to
create and read feeds and packages.
Here is the interface in Postman for OAuth2:
Ican see how the info in the docs relates to the fields 1 - 2 - 3 - 4, but then, what callback url should I use ? What credentials ? my Microsoft email + password from AD ?
I tried this, and all I seem to get is this from Postman :
{"$id":"1","innerException":null,"message":"A potentially dangerous Request.Path value was detected from the client (&).","typeName":"System.Web.HttpException, System.Web","typeKey":"HttpException","errorCode":0,"eventId":0}
TLDR
How do I properly proceed to get a token with Postman, or other tool to manually execute my one-time request to Azure DevOps REST API ?
notes :
Following info here : Unable to get Authorization code for Devops using Postman oAuth2.0
, leading here : https://github.com/Microsoft/azure-devops-auth-samples/tree/master/OAuthWebSample , I understand that I have to register and run a whole web application. Am I understanding this correctly ? I there a simpler way ?
I understand that I have to register and run a whole web application. Am I understanding this correctly ? I there a simpler way ?
Yes, you are right. You have to register whole web application.
As the interface in Postman for OAuth2, we need provide the CallbackUrl, ClientID, ClientSecret and so on. Then, we check the document Requesting an OAuth 2.0 token, we could to know the Callback URL is:
The client application callback URL redirected to after auth, and that
should be registered with the API provider.
So, we have to register an OAuth client app in Azure DevOps (https://app.vsaex.visualstudio.com/app/register), then we could get the following information, like:
You could check the document Authorize access to VSTS REST APIs with OAuth 2.0 for some more details.
AFAIK, there is currently no simpler way to get a bearer token to send requests to the Azure DevOps API.
Hope this helps.
Cut my life into pieces, this is my last resort.
Seriously, I can't find this info anywhere! I thought Graph supported Outlook.com. I saw this question which referenced the Outlook Api vs the Graph Api, but how do I authorize an Outlook.com account for this?
I'm sending the user to https://login.microsoftonline.com/common/oauth2/authorize with the parameters:
response_type = code
client_id = <my client id>
redirect_uri = <my redirect_uri>
state = <csrf>
resource = https://outlook.office.com/
to sign in. It takes them to the Office 365 sign in, and when you type #outlook.com, it tries to redirect you, only to go back to the 365 login page and do it all over.
I can authorize Office 365 just fine, but not Outlook.com. I can provide more info if needed, I just figure I'm hitting the wrong endpoint or something.
Currently we have two versions of the authentication endpoint. The version less endpoint (https://login.microsoftonline.com/common/oauth2/authorize) only supports work and school accounts (Office365) the v2.0 auth endpoint (https://login.microsoftonline.com/common/oauth2/v2.0/authorize) supports both work and school and personal accounts.
To use a personal account (hotmail.com, outlook.com, live.com) with Microsoft Graph, you start by registering you app in apps.dev.microsoft.com, then follow the instructions in this article:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-scopes/. Try that and let me know how it goes.
When I try to login today via google in my web app, I get that error:
400 That’s an error.
OpenID auth request contains an unregistered domain:
http://XXX.XXX.XXX/ (IP here)
But on localhost everything works fine. What is more - on other project also everything works nice.
I'm using default OAuth:
OAuthWebSecurity.RegisterGoogleClient();
How to resolve it?
I would like to add some context to this thread together with a potential solution to developers that are currently blocked.
Back in February we announced the deprecation of OpenID 2.0 (OID2) scheduled for April 2015. We also announced that new OID2 relying parties (RPs) registrations** will no longer be accepted after April 2014.
Given that the API will be shut-down in less than a year’s time, our intention is to avoid having new RPs integrating with Google's OID2 API. Instead, we suggest to use our OpenID Connect API which we consider more secure and easier to implement.
Registrations were effectively closed on May 19th (as documented in the Google’s OID2 developer documentation). All RPs already using OID2 should not be affected by this the closure.
As for developers currently working on an integration with our OID2 API (presumably because they missed the announcement and warnings in our OID2 documentation), we will do our best to minimize the friction caused by the registration closure. If you are in such situation, please let us know by posting a registration request before June 15th. The post should contain a sample OID2 request used by your application, in case you prefer not to disclose such information, please post an email address and we will reach out. We plan to look into each case and try to get you unblocked in the best possible way.
Miguel.
** OID2 does not have a registration procedure for RPs integrating with an identity provider. RPs are associated to the realm value (e.g., www.example.com) used when contacting Google OID2 API. Thus, a RP is considered "registered" if its realm value has been used to contact our OID2 API.
This approach is obsolete as Google changed their auth to OAuth2
I didn't delete this answer because formerly approved api users are still valid to use.
== Original post below ==
If you are OWIN-based MVC5 user, just change Startup.Auth.cs file
app.UseGoogleAuthentication();
to
app.UseGoogleAuthentication(
clientId: "000-000.apps.googleusercontent.com",
clientSecret: "00000000000");
according to the http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on page.
Google has disabled OpenID2 for new domains. Existing relying parties can continue to use the API at least until the end of the deprecation period that runs through to April 2015. The announcement is at: https://developers.google.com/+/api/auth-migration#timetable
I'm developing a REST service that uses MS Azure Access Control Service for authentication. If the examples are any indication, the typical way to secure a REST service this way would be to provide a global username and pw, private key, or X.509 cert for the protected service. However, I want to use the passive user login mechanism on a mobile device with a flow more like the following:
Unauthenticated user attempts to access protected service from app
Mobile app redirects to browser app (or embedded browser)
User selects identity provider to use for login (facebook, google, etc.) from ACS login page
User enters credentials for identity provider
Browser redirects back to app
App somehow gets the SWT token to use with subsequent REST requests.
I'm stuck at about step 5--getting the SWT token, and the existing examples I've found don't seem to address this scenario. In addition, I'm actually trying to build a proof of concept with a desktop client in WPF, which may complicate things. Can anyone suggest a specific tutorial or a path to pursue that uses the per-user authentication vs. per-service? Thanks.
EDIT:
As I'm digging into this deeper, I've realized that the examples posted below (and most others) are based on OAuth WRAP, which has been deprecated in favor of OAuth 2.0. Can anyone suggest a more up to date reference? Googling has turned up http://blogs.msdn.com/b/adventurousidentity/archive/2011/09/18/acs-v2-oauth-2-0-delegation-support-explained.aspx and http://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=32719 but they're not the most intuitive.
You should look into the ACS Windows Phone sample:
http://msdn.microsoft.com/en-us/library/gg983271.aspx
Here instead of using Silverlight you will be using WPF. Most of the code should be re-usable. Note that since you are using WPF you will need to register your own object for scripting e.g:
[ComVisibleAttribute(true)]
public class NotifyHandler
{
public void Notify(string notifyString)
{
// Here I have the token.
}
}
this.webBrowser1.ObjectForScripting = new NotifyHandler();
Update:
The sample above uses OAuth Wrap to contact the secured service. If you would like to use OAuth2 you should change the way the "Authorization" header set:
OAuth WRAP case:
WebClient client = new WebClient();
client.Headers["Authorization"] = "OAuth " + _rstrStore.SecurityToken;
OAuth2 case:
WebClient client = new WebClient();
client.Headers["Authorization"] = string.Format("OAuth2 access_token=\"{0}\"", token);
You can use the "Simple Service" sample as a guide to implement your token validation in your REST service:
http://msdn.microsoft.com/en-us/library/gg185911.aspx
Yet if you would like to implement a more complete sample you can look at how CustomerInformationService is protected in the CTP version 1.4:
https://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=35417
Take a look at this one:
WPF Application With Live ID, Facebook, Google, Yahoo!, Open ID
http://social.technet.microsoft.com/wiki/contents/articles/4656.aspx