Im trying to setup a groovy app where I'm trying to integrate a third party service. They have an OAUTH process where the user clicks on a button and is redirected to their site to login and "grant" my app access to their service (somewhat like facebook). BUT - They are then redirected back to the app with a user "code" in the url as a parameter, which is then used to get an OAUTH token on the user's behalf through a different endpoint. I'm having an issue getting the "code" on the redirect. can anyone help?
wwww.someurl.com?code=2l314jhlk13...2134lkj23h4==
how can groovy listen for the redirect? I don't know where to go from here and the service i am using dosn't have any documentation.
Depending on what service would you like to integrate.
In some of them you can skip redirect. Some of them provides SDK with ready to use solutions.
If nothing - you need to http server.
If you app is a plain groovy without any web frameworks, probably the simplest solution is to use JDK built in http server.
Example - http://glaforge.appspot.com/article/the-jdk-built-in-web-server-with-apache-groovy
Related
I'm trying to enable OAuth via google. I've configured that callback URL but when trying to authenticate I get an error saying
The redirect URI in the request, https://example.com/users/auth/google_oauth2/callback, does not match the ones authorized for the OAuth client
I set Authorized JavaScript origins to https://example.com and the redirect to https://example.com/users/auth/google_oauth2/callback.
I'm using devise 4.3.3
I would aim to trace HTTPS messages so that you can see exactly what is being sent over the wire - use a tool such as Fiddler or Charles.
Standard messages for a Web UI look like those from my write up. Google messages will be equivalent.
Hopefully this approach will enable you to resolve your own problem. If not then please update your question with full HTTP message details
I'm currently implementing an OAuth2 authentication using Microsoft Bot Framework and Cortana as one of my channels. However, as I was setting up my OAuth2 configuration with the following details in where I properly set the Redirect URL both from Knowledge Store and apps.dev.microsoft.com
Knowledge Store:
apps.dev.microsoft.com:
Whenever I authenticate to Cortana based from the OAuth2 that I've configured, the redirect URI seems to be always set as https://www.bing.com/agents/oauth. Here's a screenshot of the http request from Cortana Authentication that I got from fiddler:
Which causes this error message:
Any idea how to fix this?
Don't forget that the bot channel (in this case Cortana) needs to be where the redirect points to. Cortana's redirect is https://www.bing.com/agents/oauth.
Documentation here. You can test OAuth via botframework and the emulator. In that case, the redirect is https://token.botframework.com/.auth/web/redirect. Documentation here. If you look at the diagram in the spec on page 10, you'll see that Cortana is the client. The auth call needs to come back to her. You also need to let the auth server know that the redirect URL is allowed. For Microsoft login, you go to the app dev portal, select your app, go add a "web platform" and register the redirect urls. That should solve the problem on both ends.
So I'm trying to do google oauth to get a refresh token for my users (not actually using google oauth to save the user). I had everything working when I used the client side OAuth for google api but they don't provide a refresh token when you do that handshake, only an access_token. I need a persisted refresh_token since I'm going to be making a lot of requests to the users google calendars.
So I set up omniauth on my rails server to make the flow go like this:
user clicks authenticate with google (client side) -->
popup screen goes to backend server (localhost:3001/users/auth/google_oauth2) -->
backend rails server redirects to google for authentication -->
they authenticate with google and get redirected to backend server's callback (localhost:3001/users/auth/google_oauth2/callback) -->
backend server saves token for appropriate user and then redirects back to client side app on localhost:3000 (nothing needs to be done on client, just need the token saved on my server for future use)
I do however need to know that the authentication was successful so I can dispatch appropriate actions in react/redux. In redux-auth they check for the access_token inside the popup.location URI. Problem is when I use this server side popup flow I get this nasty http/https error:
(original image: http://imgur.com/v5NgIGr)
If instead of redirecting back to the client I just redirect to a view in my backend server I could then have a script on that page that just does window.close() which works but seems hacky to me. Another potential solution I was thinking was to try and use the window.postMessage api but I don't know if that has great browser support/also seems hacky. I could emit a message to the other window (the main client app) from the popup saying the oauth was successful so my react code and do whatever it needs to do.
I feel like I'm just approaching this whole flow completely wrong or I'm missing something obvious.
I also feel like if I just had HTTPS on everything it would all work since before when it was 100% client side the popup worked beautifully and I didn't get this SecurityError. I spent some time figuring out how to get my webpack dev server using https and tried doing the same with rails (think I did something wrong on the rails side) but it was still not working. Also feel like I shouldn't need to force HTTPS on all my development servers in order to get it working...
If anyone has any thoughts or could give me some direction that would be much appreciated!!
You are approaching this the wrong way. Google's authentication and their APIs do have confusing documentation. I was also stuck with similar situation and after spending considerable time, I found the right way to do this.
From your question, I believe this seems like the relevant link: https://developers.google.com/identity/sign-in/web/server-side-flow
And following it, here is how your flow should look like:
To map it on your problem, this is what you will do:
user clicks authenticate with google (client side)
Client requests Google for authorization that includes your scopes
and receives a one time authorization code.
Client Sends this authorization code to your ruby server.
Ruby server uses the authorization code to exchange it with access_token and persisted refresh_token which you shall use in your subsequent requests to google apis.
Hope it helps.
How should I access the share point web services in iOS which need to be authenticated by TMG. When I invoke login request it returns login HTML template in response as shown below
Can we authenticate TMG firewall somehow in iOS. I am not expecting whole source but any help, references will be appreciated.
Finally we got solution to this stuff. By requesting site info using GetWeb method like
"SOAPAction" : "http:\schemas.microsoft.com\sharepoint\soap\GetWeb"
along with a username, password we received cookies. Then passing these cookies to next share point services we received response and resolved above TMG auth issue.
Any way to test OAuth integration to google without having to have a port forwarding rule in my router back to my development Mac?
Background:
Developing Ruby on Rails web app that will request data from Google Calendar API via OAuth
Using Rails "OAuth Plugin" for this purpose
Developing on MacBook which is running my dev environment
Google needs (as part of OAuth) to make a callback back to my local dev environment
Can't seem to think of a way to test with Google without having to set a Port forwarding rule in my site's router back to my Macbook?
This threw me for a loop too. I actually went through the work of setting it up on a public IP even though I didn't have to in the end.
But yes, your comment is correct. The callback URL is passed on to Google during the redirect then after you've been authenticated with Google, Google will redirect you back to the callback URL providing an authorization code as a parameter.
The only server to server communication that happens is exchanging the authorization code for access and refresh tokens. This typically happens on the callback page. But since it's initiated by your server and not Google, no special open ports are required.