I am trying to get authentication done via OAuth for Bigcommerce. It looks easy but not happening at my end.
I got postman Bigcommerce APIs in collection. But there is no API for Customer Login API and when, I am trying to do it via OAUth it is not happening though it works fine with Basic Authentication.
I have created my draft App and successfully installed on Bigcommerce Store.
Created API Account > Client ID, Client Secret & Access token received.
My Concerns
How OAuth can be done for Bigcommerce ?
Please have a look to the settings for OAuth API
Desired result :
Customer Login API with Basic Authentication
This will help in logging in Customer Login
I tried Logging In: Login to BigCommerce API through iOS Application as a customer
If anyone can provide some insight, I would appreciate it greatly!
Here's a link to the documentation on the BigCommerce Oauth Customer Login API:
https://developer.bigcommerce.com/api/v3/storefront.html#customer_login_api
Your app would need to generate a JSON Web Token using a payload containing the following claims:
{
"iss": "your Oauth Client ID",
"iat": time token was generated (Unix),
"jti": "This is a completely unique string, ideally a UUID",
"operation": "customer_login",
"store_hash": "abc123",
"customer_id": 12345,
"redirect_to": "/account.php",
"request_ip": "111.222.333.444"
}
The JWT is signed with your BigCommerce Oauth Client Secret.
Then, you would append the JWT to this login entry point URL to log the customer into their account:
https://storedomain.com/login/token/{JWT}
Related
I know that OAuth2.0 is framework using to authorization data request between apps, but to give this access auth server is required. It is my question: who is this server? Let's say: We have two apps: Twitter and Google. I am trying to register Twitter account using Google account. And now where is this auth server? Is it Google? Or maybe it is another third server (managed by Twitter and Google together where user data is?) If it is Google, how Twitter is able to check if user token (generated by auth server [Google??]) is valid?
Thanks
On your first question,
I am trying to register Twitter account using Google account. And now
where is this auth server? Is it Google?
Yes, it's Google. If you're trying to login/register to Twitter via Google, Google is the authorization server. Because, Google has to authorize/delegate access to Twitter to access your data such as your Gmail id, username, etc.
Once you click on "Sign up with Google" button on the Twitter registration page, you will be redirected to the Google login page first (to see if you're an authenticated google user) and then Google would show you a consent page saying that "Twitter is trying to read your profile data, are you okay with this?". Once you click on "Allow" button, Google will generate an access_token, id_token, and refresh_token and pass it to Twitter.
On your second question,
If it is Google, how Twitter is able to check if user token (generated
by auth server [Google??]) is valid?
Twitter is not going to validate the tokens. Twitter can pass the token to retrieve your Google profile information from Google's Resource Server (where all your data reside)
Google's Resource Server is the one that's going to validate the token. It first checks the 'iss' claim of the token to see if the token is issued by Google's Authorization Server. Additionally, it would check for 'aud' to see if the token is issued for them (recipient of the token). Finally, it checks for the 'scope' claim to see if Twitter has the right access to request the data. For eg, they would need to request only read-only access to your profile, but not write access. There could be additional validation depending on the use case.
I hope this answers your questions.
Given that I have mobile app which integrated with Google and Facebook login, how do I use Google and Facebook authentication in the Micronaut REST API? In the future, the mobile app will allow user to register (create new account) besides social login.
Thanks for writing the following articles:
https://guides.micronaut.io/micronaut-oauth2-oidc-google/guide/index.html
https://guides.micronaut.io/micronaut-oauth2-cognito/guide/index.html
Both articles above mentioned "Micronaut extracts the JWT from the Cookie and validates the JWT signature with the remote Json Web Key Set..."
Currently, the mobile apps has the access token return from Facebook OAuth2 and Google OAuth2, can't I simply pass the access token as bearer token for authentication?
I believe I'm missing some dots here, please advise.
Appreciate if you could point me to the right direction.
Thank you very much.
I am trying to use the bitbucket API for getting details of my repositories, issue, etc., but I am not able to find a clear way of authenticating the API request.
I would like to have a simple way of authenticating the endpoints like
https://api.bitbucket.org/2.0/repositories/usamarehank_dckap?access_token={my_access_token}
Here I obtained the access token from the app password section of my account.
I am getting an error on doing so like
{"type": "error", "error": {"message": "Access token expired. Use your >refresh token to obtain a new access token."}}
I tried using consumer key creation but I am not sure where to plug those values in the request and with the OAuth it asks for client_id which I am pretty sure not giving in the docs where to get them.
How would I basically do a simple access_token request just like github API without any OAuth?
Right, this access_token is part of the OAuth authentication process: https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html
To use just these app passwords you can create via your profile, you need to use simple Basic Authentication with that app password.
You can read a bit more about it here: https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication
I've seen these questions about using Postman in order to invoke Google's API with OAuth 2:
Using Postman to access OAuth 2.0 Google APIs
Could not obtain Google oAuth 2 token on POSTMan
and many more, but they all have client ID and client secret.
For the 'Save to Android Pay' API, all I got is a .p12 key and an issuer ID. I also have Service Account Email Address but defiantly no client id or secret. I think I also have the Auth URL but I'm not sure: https://www.googleapis.com/auth/wallet_object.issuer
Looking in the Save to Android Pay API, doesn't say anything about a client id so I'm really not sure how I'm supposed to obtain a token in POSTMAN with what I have.
So my question is: giving a .p12 key, an issuerId and a Service Account Email Address, What do I need to fill in POSTMAN OAuth 2 fields:
Token Name, Auth URL, Access Token URL, Client ID, Client Secret, Scope (Optional), Grant Type
To obtain OAuth 2.0 client credentials, you need to register an application to the Google API Console as specify in the basic steps and then you'll get a client ID and client secret.
The Google Developer Consoles (even the old version) no longer lists the Mail API in the list of available APIs.
I'm trying to develop a web application which acts on behalf of users to manage their Gmail, like Mailbox. This requires using the Gmail IMAP API with XOAUTH2 authentication with an OAuth 2.0 access token. The documentation instructs provisioning OAuth 2.0 token with a https://mail.google.com/ scope. Provisioning credentials for a web application then requesting a token with this scope yields a 403 response with an accessNotConfigured error. There are options in the developer console for configuring other APIs, but there is no option to configure access for the Mail API.
Attempting to provision the mail scope in the Google OAuth Playground using their client credentials works correctly and the resulting access token can be used to access Gmail IMAP with XOAUTH2.
Have Google disabled OAuth 2.0 authentication for Mail using new credentials, or is it just hidden? I can't find a way to contact them and ask for Mail API access.
Just create any client id it doesn't matter what API you select. When you make the authentication request send the scope of https://mail.google.com/. That will get you the access token you need to login to the imap server.