zoho oauth client_id is not working for multiple users. It works for only those users who are added in my zoho crm account . i want to integrate the zoho mail.
APIs OAuth configuration in ZOHO developer console:
I would like to inform you that the ZOHO provides Oauth scopes at application level and not at global level.
So you needs to create new scope with ZOHO Mail app and it will provide you different ClientId and ClientSecret from your ZOHO CRM for accessing a Mail app services.
For example: If you need to implement this in another app then first of all, configure this app at ZOHO developer console configuration. After that, you can access those services.
Related
I currently have an API that I am opening up to our business partners to call, and I want it secured with OAuth.
I've set up an Azure API management (consumption plan right now) that points to our API in azure.
I can call it and get valid results in the test console.
So I was following the Microsoft documentation for this, and it had me :
Register my backend API in app registrations;
Register a client app in app registrations;
In azure AD grand the permissions for this client app;
Configure the APIM with a validate-jwt policy.
So now my APIM is returning a 403 as expected.
My question is this. I do not know the clients that will be using this API. Or rather, do I HAVE to register a client app registration? Or can I leave that part out, and just provide the URLS that I have for the OAUTH side, which are like :
https://login.microsoftonline.com/GUID/oauth2/v2.0/authorize
https://login.microsoftonline.com/GUID/oauth2/v2.0/token
I am very new to Oauth and APIM, so I am not even sure how all this works.
But it seems odd that I am registering an app for a client, when I have no information on them or how they are calling my API.
I kinda get that I need to know who is requesting the token and authorizing. But the clients will be using a javascript snippet that we give them to embed on their site, so I dont really know what their site is like, what their URL is or anything.
Hope that makes sense.
The client registration is what represents the entity (web app, mobile app, etc.) that requests for tokens from Azure AD for your API.
The docs walk you through a process where the developer portal is registered as the client.
The snippet in your case would also require a Client ID (of an app) to fetch the token with. For this, you would have to register a new app registration and share the Client ID as part of the snippet.
I'm working with a company that is using the Google Apps free subscription. This company has a web site. They want to let users who have Google Apps accounts in their domain to authenticate into the web site via OAuth.
My question is, where do I find the ClientId and ClientSecret needed to do OAuth?
Thank you!
OAuth 2.0 for Client-side Web Applications will allow you to authenticate users using Oauth2. This will allow the users to grant your application access to their private data.
You will need to go to Google Developer console and create credentials on this page Credentials
Open the Credentials page in the API Console.
Click Create credentials > OAuth client ID.
Complete the form. Set the application type to Web application. Applications that use JavaScript to make authorized Google API requests must specify authorized JavaScript origins. The origins identify the domains from which your application can send API requests.
Currently, I have a running application with a bunch of customers and custom servlet API.
To have a possibility to integrate my app with app of my partner I need to implement REST API and OAuth 2.0 flow.
And am on my way to integrate WSO2 API manager in my environment for these needs.
Desired flow is on the picture - api flow
And to say it verbally:
User already registered in my APP
User registers on partner's APP
In order to use services of my app user is required to authorise himself on my app (oauth 2.0 authorization code flow is used) from partners app
Partners app can interact with my app via REST interface with help of user access token.
Is there possibility to register only one consumer on WSO2 API Manager side (My Partners app) and provide client secret and password only to my Partner, but not to each user?
Currently, I have one registered consumer to provide tests.
And each time when I make requests for authorization code for this test consumer with it's client secrets - I receive the same code.
From this behavior, I understand that it is needed to issue client secrets on API manager side for each end user and not just for partners App. achieve.
For Oauth 2.0 authorization code flow it is needed to provide only one client_id and client secret for partner.
In order to authorize end users at WSO2 API manager side and provide unique access_token's for end users - WSO2 API manager should have access to the User table of database.
In the User table there are login/encrypted_password values for end users are stored.
One of my iOS apps contacts one of my services using Google Cloud Endpoints and I would like to restrict access to that service to instances of the app.
I've followed instructions about adding authorization and have created an iOS client ID that is tied to my app's bundle id and app store id. I've now difficulties understanding this part of the instructions:
If your iOS app is making calls to an Endpoint that requires
authentication, you must Add a Sign-in Dialog to your iOS client.
I do not want my users to log in but instead I want my app to present its credentials to the service for authentication without user interaction. I thought since the client ID is (presumably cryptographically) tied to the client ID and bundle ID only the app is (somehow) able to do so and that the client ID would effectively serve like a service account.
Is this type of app (not user) authentication scenario supported by Google Cloud Endpoints (for iOS clients) or do I have to roll my own app authentication by passing some secret in the application-level protocol? Here are some earlier related (unanswered) questions for Android clients.
I have concluded for now that Google Cloud Endpoints allows authentication only based on Google account credentials. What I need is a credential for the entire app (not its users) akin to a service account or an API key.
I have used service accounts for server-to-server communication. It does not seem possible to create service accounts for an app (as opposed to a GAE application).
GTLService has a property APIKey. However, if my client sets it to a public access key (iOS key) that I created for my GAE application in Google Developer Console the server returns error Access Not Configured. Please use Google Developers Console to activate the API for your project but there is no (obvious) way for configuring non-Google APIs such as my service API.
So until further notice I will add an API key to my application-level API requests and check it in each #ApiMethod.
The Google Developer Consoles (even the old version) no longer lists the Mail API in the list of available APIs.
I'm trying to develop a web application which acts on behalf of users to manage their Gmail, like Mailbox. This requires using the Gmail IMAP API with XOAUTH2 authentication with an OAuth 2.0 access token. The documentation instructs provisioning OAuth 2.0 token with a https://mail.google.com/ scope. Provisioning credentials for a web application then requesting a token with this scope yields a 403 response with an accessNotConfigured error. There are options in the developer console for configuring other APIs, but there is no option to configure access for the Mail API.
Attempting to provision the mail scope in the Google OAuth Playground using their client credentials works correctly and the resulting access token can be used to access Gmail IMAP with XOAUTH2.
Have Google disabled OAuth 2.0 authentication for Mail using new credentials, or is it just hidden? I can't find a way to contact them and ask for Mail API access.
Just create any client id it doesn't matter what API you select. When you make the authentication request send the scope of https://mail.google.com/. That will get you the access token you need to login to the imap server.