I have two applications both using Cognito for authentication. I want one application to be embedded inside of the other and to use OAuth2 or something to authenticate the user. I see lots of instructions for using Facebook, Google, and other social providers but nothing about using Cognito as the provider. If anyone has any suggestions where to start I would appreciate it.
The important thing is to keep your application code standards based and portable, so that you can switch between providers. I have some Cognito samples that may help you: https://authguidance.com/home/code-samples-quickstart/
Feel free to ask follow up questions - you are right that the docs are poor
Related
Can anyone provide a URL or tutorial to the help with setting up the Auth Settings tab in Luis.ai? I am building a tool that allows anyone without coding experience to create a Chat Bot exclusively based on Luis.ai and it's Cognitive Services API. I could ask users to provide their app id and subscription id; but I would rather have an Oauth login so they wouldn't have to share those keys with my service.
I asked Microsoft through there support over a week ago, and no response. I am just trying to understand if Oauth configuration is possible and how? Any insight would be much appreciated.
Spoke with Microsoft and currently the ability to Share the service without divulging the subscription key is not available; however if you visit this Microsoft URL and vote for the feature, they will consider it.
https://cognitive.uservoice.com/forums/551524-luis/suggestions/15365835-sharing-luis-applications
It is currently under review for implementation.
I'm using thephpleague oauth client library and everything works fine except for Google authentication. It seems I have to enable my domain somewhere to be able to use Google apps.
https://support.google.com/a/answer/33419?hl=en
This was not helpful indeed as I don't understand what I have to do. Am I obligated to pay for having a working OAuth connection with Google? I don't have a company, I don't need the apps, cloud or any other thing then a working API.
EDIT: to be clear I already wrote my libraries for OAuth and it's all working, it's Google that needs me to do something on domain level.
You don't have to pay. First of all you need to create a project in the Google Developers Console. Then get your credentials. I don't know which API you are going to access. Have a look at this.
https://developers.google.com/identity/protocols/OAuth2?csw=1
Additional - This site was very helpful for using the Google Calendar API
http://www.daimto.com/accessing-google-calendar-with-php-oauth2/#Conclusion
Hope you find what you are looking for.
I'm trying to add Google Apps authentication to my Rails (3) app using Devise (1.2.1). Thing is, I can't find anything that helpful on the interwebs other than the small mention in the devise wiki.
Question is, is this possible, and are there any examples out there I can check out?
Devise is to make your web application authenticate users. If you wanт users to login into your app with Google ID then look into OpenID. If you want to connect to Google services you need to implement Oauth client
I am searching for a working solution of authentication on Rails 3 with the following features:
account types: standard login, facebook connect, openid, oauth
one user may have (and link) multiple accounts (EG a user attach both Wordpress and Google OpenID accounts)
A working example of Rails app implementing them would be perfect.
You could take a look at devise even thought it doesn't have every feature that you're asking for. But then again I doubt there's something out there doing all that.
Sounds like https://www.ruby-toolbox.com/gems/socialite is hoping to be what you're looking for.
Can we build applications on top of the twitter user base?
Is it just another open id or something more?
I noticed when using twitpic and some MUD type game 14mafia.com that it uses my twitter login (it tweets on your behalf).
If they are using my login/password that's pretty crazy, I mean what kind of security is that?
Anyhow, just want a developers who has expereince to tell me if we can re-use their membership like openid?
Can we build applications on top of
the twitter user base?
The Twitter API is described at http://apiwiki.twitter.com/
Is it just another open id or
something more?
Twitter is neither an OpenID consumer nor provider.
I noticed when using twitpic and some
MUD type game 14mafia.com that it uses
my twitter login (it tweets on your
behalf).
If they are using my login/password
that's pretty crazy, I mean what kind
of security is that?
Awful security. Don't give out your password to third party sites. Some just use the password anti-pattern, others will steal your credentials for purposes you don't want.
Twitter supports OAuth today. If a site wants to do things with your Twitter profile, it should use that.
Anyhow, just want a developers who has
expereince to tell me if we can re-use
their membership like openid?
No, you can't.
Twitter offers both OAuth and simple username/password authentication in its API. Originally they only had the basic authentication API so many early apps were built using it. Later, they added the OAuth support, but since it was easier to use the basic authentication, many twitter clients and apps still use it.
You can tell which one an application is using, because if they are using the simple authentication they will ask for your password. You have to trust them with it in that case. You're right that it's poor security.
I imagine they are using the Twitter API.