I want to implement an OAuth with SuccessFactors solution for my web application but I am having a hard time figuring out the best way to implement this, or if there is an existing workflow to do this.
I have a Ruby on Rails app that already uses Omniauth to authenticate with other services (Facebook, Twitter, Office 365, etc) so I thought this would be easy.
I just want my users to be able to sign-in using SuccessFactors and to pull basic information from it (name, email, status, etc). I am very unfamiliar with SuccessFactors' method of authentication as detailed here. It seems to use both SAML 2.0 and OAuth 2.0.
Does anyone have any experience with this or with similar authentication flows? Will I be able to make this work with Omniauth?
Related
I have recently implemented Microsoft OAuth2 to retrieve data from the Graph API (and more). Now I wan't to integrate with some of the social functions in the Yammer API but I can't find any info whether this is possible.
It seems unnecessary for me to have to force the user to auth against two different OAuth endpoints when judging from Yammer Embed, the Microsoft SSO is enough to authenticate in (Microsoft-owned!) Yammer as well.
Maybe I'm just not understanding OAuth enough, but it does mean that I will have to authenticate first against MS OAuth2, then to Yammer OAuth2.
EDIT: Just after I posted this, I found the "Yammer impersonation" page which I missed earlier: https://developer.yammer.com/docs/impersonation
It is very short on details, is this a viable way to avoid the user actively having to sign in to Yammer?
We have a paid Microsoft service including most applications, btw.
Further EDIT: I mainly want to use the API to get some statistics on nr of likes on a post etc., not really any personal info at this point.
If you register your app with AzureAD you can require scopes for the Graph API and the Yammer API at the same time. There will be then only one OAuth flow and one consent screen.
We have an App which uses Spring Security along with username/password credentials. We want to add the ability to use Google+ as an alternative sign in option. In the user record, I would store the google user id along with the authenticated token rather than a password.
However, I have not had any success finding any docs or guidelines about how to do so. The spring security docs provide a way of doing it via openId, but Google recommends using Google+ Sign-in or OAuth 2.0. I have found plenty of information about how to access oauth restricted resources from google, but none that use google as an authentication provider.
I may have to dig in and figure out how to implement my own spring authentication provider and user details solution for use with google authentication, but I would love it if someone could point me to where it has already been done, as I would be amazed if no one has done it before, and I'd prefer not to reinvent the wheel.
Thanks in advance.
I ended up using pac4j and spring-security-pac4j
I'm developing a mobile app that will interact with a rails app that's essentialy a json api. Is it possible to use an external identity provider such as facebook or googleplus to secure the access to my API?
Users will upload a photo to a json rest service but the rails app would only allow the upload if the uses is authenticated with one of those providers.
I've checked omniauth gem but I don't know if that's the path to do it. I don't understand very well how oauth works so I'm trying to know if this would be possible to do.
Regards
Fak
The answer, in part depends on how you're going to provide Identity via the mobile app. The user's authentication, and their identity are de-coupled.
My guess is you're wanting the user to authenticate to the mobile app using the Google/Facebook sdk app side. To do so, you'll need to use that sdk to generate a token, which can then be saved to Rails. The token can then be required as part of each API request - which rails will validate.
The topic is a bit complex to fully describe the flow....but in essence: 1) Create the token on the mobile app using the mobile sdk, 2) save the user and token to Rails/database, 3) as part of every request check the access_token provided.
Since the topic of Oauth and request/identity providers takes some time to understand, I would first watch he following railscasts on securing an API. Once you're done with that one (and understand the concept), you can also watch this railscast.
Hope this helps.
I would like to use OpenID to unify logins across projects that my group is working on. One of the projects may need to be an OAuth provider in the future so that users can sync data with other sites as well. Is it possible to setup an OAuth Provider that uses OpenID for authentication?
Yes.
Not sure which version of OAuth your are talking about here. But basically it would entail making the OAuth authorization step into an OpenID process which when successfully completed, resumes the OAuth process.
NB: OAuth is primarily for authorization of third party applications, OpenID is for user authentication. There is nothing impossible about mashing up the two, they are in essence dealing with different problem domains.
Basic Authentication(OpenID) or OAuth both require your permission, but there is an important difference. With Basic Authentication, you provide your username and password for the app to access application, and the application has to store and send this information over the Internet each time you use the app. OAuth attempts to provide a standard way for developers to offer their services via an API without forcing their users to expose their passwords (and other credentials).
It doesn’t mean to say we cannot use the two together. OAuth talks about getting users to grant access while OpenID talks about making sure the users are really who they say they are. They should work great together.
Here is an example(OpenID+OAuth Hybrid protocol) lets aware you, how to use hybrid protocol.
Twitter, Facebook are working on now OAuth only while
Google, Yahoo work on OpenID as well as OAuth.
I have a grails app configured with spring-security-core and I need to allow Facebook / Twitter logins. I'm using the facebook plugin for grails and I'm using twitter4j for twitter authentication. Currently, I am successfully authenticating against Twitter and Facebook.
I'm wondering how I am to integrate those logins with Spring security. If a user logs in with Twitter I am assuming I need to create an account in my database and then use that account to process a login for Spring Security so that it wires up the session appropriately and all the authentication checks happen based on my #Secured annotations and tag usage in my views.
Something similar, I am guessing, needs to happen based on Facebook logins. Can someone point me in the right direction to get this implemented correctly?
A really good resource for understanding how to integrate an external authentication source is this article by Luke Taylor:
http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/
Grant