I have developed and deployed an app that requires OAuth (Google, Microsoft) to sign in. Due to some reasons, I now want to change my domain. I have the following questions
If I change to new domain, do I need to create new client id and secret?
If I change the Redirect URL to point to new domain, will the existing users who have already given permission for this app to read/write emails need to authorize again?
This question is applicable to both Google and Microsoft OAuth client id.
Related
We are using auth0 as our B2B user management tool in a multitenancy SaaS application,
for each tenant we have an organization on auth0 and a specific connection(of type auth0)
and we create each user for a specific organization on the organization connection.
right now we are using OAuth, getting our customers organization name from the subdomain of the request (lets say stackoverflow is the organization and the host is company.com -> path would be stackoverflow.company.com)
we are using an authentication service that takes the subdomain, convert it to org_id with auth0 API and redirects to our auth0 /authorize endpoint. Aftherwards we retrieve the access token and if its valid, we "confirm" that the session is okey and keep on working with this session. the access token becomes irrelevant at this point.
Our backend is spring-security based application.
we tried to use the SAML authentication because working with access token on a session-based backend seems a bit wierd but we noticed we cant use org_id there and we must use the “prompt organization” screen of auth0, which is bad for us because we dont want our customers to enter their customer name in a different screen.
so few questions on this topic:
should we do it using SAML?
is there any way to send org_id to auth0 with the SAMLRequest so we wont have to ask our customers to enter their organization name?
are we doing this the right way?
Say I've added a new resource to protect with IAP, and a new tenant. I want to do this for each new client that I onboard, to use external identities, and allow them to control their own users. I can't be logging into the cloud console each time to add a new client (I can see that users for a tenant can be managed by API). Any ideas?
have you evaluated using Identity Platform with IAP for authentication, https://cloud.google.com/identity-platform/docs? At the IAP-protected resource, you may change the auth to use IdP instead of the default Google Auth.
With IdP you can leverage the external identities of multiple providers that your customer would control.
I don't know if I asked the right question. I am creating a web app where users can login, authorize their JIRA account and view a list of projects / issues they have.
First I created a JIRA auth app like this:
JIRA My app
and in my code I used the client ID and secret like this:
Express code
After authorizing the user from the web app, I am able to generate an access_token
In order to get issues from JIRA you have to make a request and pass a header Authorization: Bearer [access_token] on this URL
https://[your-domain].atlassian.net/rest/api/3/search
Of course, the domain will vary depending on the user who logged in.
What happens is that if I try to authorize another JIRA account, it won't work because I can only generate tokens if I logged in the account that I used to create the Oauth app.
Currently i am working on a multitenant app. when a company get registered it has its own url actually we have one subdomain for each company.
we have a attchments component in our application with which a user can access its google drive account and can download the attachments. in the oauth app do we have to register each sub domain for every company as an redirect uri. is there a way we can create oauth app based on domain level so that we don't have have to register each subdomain.
Thanks in advance
I'm working with a company that is using the Google Apps free subscription. This company has a web site. They want to let users who have Google Apps accounts in their domain to authenticate into the web site via OAuth.
My question is, where do I find the ClientId and ClientSecret needed to do OAuth?
Thank you!
OAuth 2.0 for Client-side Web Applications will allow you to authenticate users using Oauth2. This will allow the users to grant your application access to their private data.
You will need to go to Google Developer console and create credentials on this page Credentials
Open the Credentials page in the API Console.
Click Create credentials > OAuth client ID.
Complete the form. Set the application type to Web application. Applications that use JavaScript to make authorized Google API requests must specify authorized JavaScript origins. The origins identify the domains from which your application can send API requests.