I already have the AuthorizationCode via returnurl, but i cant use it to generate a toke to talk with google api in java
i solved my question getting the credentials via a java apllication using the key.json
credentials = GoogleCredentials.fromStream(new FileInputStream("key.json"));
credentials = credentials.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/dialogflow"));
credentials.refreshIfExpired();
AccessToken token = credentials.getAccessToken();
after that i use the resttemplate to call and detectintent
Related
I have a jhipster (spring boot and angular) project implementing oauth2 protocol with Keycloak. I managed to get the application to redirect to keycloak for authentication. I am quite confused as to where the access token is in the response after sign in and where is it stored after redirecting back to my site?
I tried using chrome inspect to view the network but I can't seem to find the access token.
Below is a link I used to setup oauth2 for my project:
https://www.jhipster.tech/security/
URL when login is clicked: http://localhost:8080/oauth2/authorization/oidc
Thanks for all the reply. Managed to get the tokens using the following:
SecurityContext securityContext = SecurityContextHolder.getContext();
OAuth2AuthenticationToken oauth2Token = (OAuth2AuthenticationToken)
securityContext.getAuthentication();
OAuth2AuthorizedClient client = clientService
.loadAuthorizedClient(oauth2Token.getAuthorizedClientRegistrationId(),
oauth2Token.getName());
refreshToken = client.getRefreshToken().getTokenValue();
With OAuth2, the authentication is stateful which means that you have a cookie (JSESSIONID) for the Spring session.
You can get more information by inspecting the context using SecurityContextHolder.getContext().getAuthentication() in the backend.
I'm trying to connect to Exchange using Javamail and OAuth. I'm using Javamail 1.5.3 and I referred to this.
1) The exchange account that I'm trying to connect to is within an org domain. I know that my OAuth token is valid since I'm able to make a Rest api request to https://outlook.office.com/api/v2.0/me to get the user profile using the token. My code looks like this -
Properties props = new Properties();
props.put("mail.imap.ssl.enable", "true);
props.put("mail.imap.sasl.enable", "true");
props.put("mail.imap.sasl.mechanisms", "XOAUTH2");
props.put("mail.imap.auth.login.disable", "true");
props.put("mail.imap.auth.plain.disable", "true");
Session session = Session.getInstance(props);
Store store = session.getStore("imap");
store.connect("imap-mail.outlook.com", "xxx#org.com", OAUTH_TOKEN);
I get (javax.mail.AuthenticationFailedException) javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] OAuth authentication failed
2) When I connect to an xxx#outlook.com account, I get 500:Internal Server Error and I'm not able to make the api request above to fetch the user profile using the OAuth token I received.
We are using EMAIL Settings API and ClientLogin for Authentication. EMAIL Settings API is still on GDATA Libraries. Using GDATA libraries can we start using OAuth 2.0 ? (we are using the appsforyourdomain client library to use EMAIL Settings API) Or can we continue using ClientLogin ? Based on the post looks like ClientLogin is going to retire by April 20, 2015. Please guide me the right approach.
GDATA API : 1.46.0. EMAIL Settings API is used only for disabling the webclips for the user.
We were using GDATA API 1.46.0 and it does not support OAuth 2.0 . Support was added in 1.47.0 version. See the release note below. After using the new Libraries I was able to implement OAuth 2.0.
Used GmailSettingsService class inside the appsforyourdomain client library and commented out the ClientLogin flow and added new flow for OAuth2.0. Use GoogleCredential Object to create the OAuth2.0 credential object.
// Client Login
// this.setUserCredentials(username + "#" + domain, password);
// OAuth 2.0
this.setOAuth2Credentials(initCredential());
public static GoogleCredential initCredential() throws GeneralSecurityException, IOException {
httpTransport = GoogleNetHttpTransport.newTrustedTransport();
List<String> scopes = Arrays.asList("https://apps-apis.google.com/a/feeds/emailsettings/2.0/");
credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(scopes)
.setServiceAccountPrivateKeyFromP12File(new File(SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.setServiceAccountUser(DOMAIN_ADMIN_API_USER)
.build();
return credential;
}
Notes for v1.47.0
o Add OAuth 2.0 support leveraging Google OAuth Client for Java (http://code.google.com/p/google-oauth-java-client/).
I have tried to use OAuth2 to build a group settings service with the following:
def groupSettingsService(request):
CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json')
FLOW = client.flow_from_clientsecrets(CLIENT_SECRETS, scope=['https://www.googleapis.com/auth/apps.groups.settings'], message=tools.message_if_missing(CLIENT_SECRETS))
storage = Storage('groups-settings.dat')
credentials = storage.get()
if credentials is None or credentials.invalid:
credentials = run(FLOW, storage)
http = httplib2.Http()
http = credentials.authorize(http)
return discovery.build('groupssettings', 'v1', http=http)
But the problem is when the token isn't valid anymore (expires) it redirect to a page to tell a user to grant access again to that scope...things that is inappropriate for API calls !
is there a way to work with a username/password or client_secret to grant a full access permanently to the API without asking to grant access or not ?
You need to ask for access_type=offline when you redirect the user to Google.
You will than get an code, which can be exchanged (by POSTing with your client_id and client_secret) into an access_token (that is the one you are already using) and a refresh_token.
When your access_token expires, you can POST the refresh_token, client_id and client_secret to get another access_token. You can do that multiple times if you need (or weeks later...)
Did you save the credentials to storage upon getting a credentials successfully?
I'm trying to get access to the Google Drive API using RestKit on iOS but I'm having problems with the Oauth authentification.
I've been following the Wiki page they have on the subject here:
Oauth Support On RestKit
Basically we create the client like this:
oauthClient = [RKClientOAuth clientWithClientID:[Client Id] secret:[Client Secret] delegate:[Your Delegate]];
[oauthClient setAuthorizationCode:[User Authorization Code]];
[oauthClient setAuthorizationURL:[Authorization Endpoint]];
[oauthClient setCallbackURL:[Your application callbackurl]];
[oauthClient validateAuthorizationCode];
And we receive an access token on the delegate in the method
- (void)OAuthClient:(RKOAuthClient *)client didAcquireAccessToken:(NSString *)token
Here we can create an ObjectManager to make the requests and all the other operations
RKObjectManager* objectManager = [RKObjectManager sharedManager];
objectManager.client.baseURL = #"YOUR API URL";
objectManager.client.OAuth2AccessToken = #"YOUR ACCESS TOKEN";
objectManager.client.authenticationType = RKRequestAuthenticationTypeOAuth2;
With all this I have encountered a few problems.
First is how do we obtain the authorization code needed here:
[oauthClient setAuthorizationCode:[User Authorization Code]];
I haven't had problems with Client Id, Client Secret, Authorization Endpoint, Callback URL and API URL as they are provided mostly in the google console API but I don't know how to obtain that.
Second is the Access Token would be a temporal Access Token or a Refresh Token as they are named in the google API? If it's the first, how can we obtain a Refresh Token?
I've been trying to do this with RestKit but there may be better ways so I'm open to other ideas. I can't find much information about Oauth support in Restkit.
Thanks beforehand
You must use Google ObjectiveC Library in order to access Google Drive APi.
https://developers.google.com/drive/quickstart-ios
You can use Google's Objective-C client library for the Drive API, including OAuth 2 sign-in.
http://code.google.com/p/google-api-objectivec-client/
You start with your client ID and client secret, you direct the user to the resource owner's authorization server. The authorization server and the user validate each other and your app is returned an Authorization Code. You go back to the authorization server and exchange the Authorization Code for an Access Token.
If the Access Token is time boxed, then you would use the Refresh Token to request a new Access Token when you discover that the Access Token has timed out.