I try to make oAuth authentification on iOS with perms set with "manage_library,basic_access,email".
After login, only basic_access is suggested by the Deezer WEB authentification page ?
Where is the issue ?
Why Deezer does not use "standart" oAuth2 mechanism with scope parameters ?
Related
Given that I have mobile app which integrated with Google and Facebook login, how do I use Google and Facebook authentication in the Micronaut REST API? In the future, the mobile app will allow user to register (create new account) besides social login.
Thanks for writing the following articles:
https://guides.micronaut.io/micronaut-oauth2-oidc-google/guide/index.html
https://guides.micronaut.io/micronaut-oauth2-cognito/guide/index.html
Both articles above mentioned "Micronaut extracts the JWT from the Cookie and validates the JWT signature with the remote Json Web Key Set..."
Currently, the mobile apps has the access token return from Facebook OAuth2 and Google OAuth2, can't I simply pass the access token as bearer token for authentication?
I believe I'm missing some dots here, please advise.
Appreciate if you could point me to the right direction.
Thank you very much.
Can anyone tell me how i can get 'Tumblr' access token using oAuth 1.0 or 2. I've read tumblr documentation but i think there is no proper documentation of authentication. I also worked on Instagram, linkedin and etc using oAuth, but cant understand Tumblr authentication steps. And don't want use tumblr 'sdk' or sample app.
Gmail released a new API and since the auth scope is the same as for IMAP, it looks like IMAP access tokens will work on the Gmail API.
What is unclear is if OAuth 1 tokens will work on the Gmail API. I have legacy OAuth 1 tokens I'm considering migrating from IMAP to the Gmail API but I cannot ask the users to update their credentials.
Gmail API does not support the deprecated Oauth1 standard. A forward-path for upgrading those tokens to Oauth2 (without user involvement) can be found:
https://developers.google.com/accounts/docs/OAuth_ref#migration
I'm pretty new to OAuth and API security.
I'm building a REST API that will be accessed by my own mobile application.
I want to expose API to other developers via OAuth authorization and authentication and I'll be using my own OAuth provider.
What is the authentication strategy for my own mobile app ? After all, I don't need user to authorize my app. Can I use OAuth for authentication while having my own mobile application pre-authorized by default ?
Can I authenticate users of my mobile app with OAuth or do I need something like OpenID?
I don't think you want oauth if you are looking to step over the user authorization step. If you are determined to use oauth, however, you could mask the authorization step as a login dialog or give your application an access token. User authorization is a rather big part of oauth's functionality, so ignoring it probably means you should use some other interface to access your users' information.
Accessing my own oauth REST API - OAuth is NOTHING to deal with REST apriori: OAuth - is Authorization protocol, REST - an architecture style.
For OAuth - use version 2.0 - it's 2012 already.
What is the authentication strategy for my own mobile app? - for mobile app on Android, for example, you could use could get user's account with which one registered his phone within GooglePlay store/GMAIL (and then generate one-time password from on your server side). If one wouldn't provide them to your app - make an explicit authentication.
Nowdays probably only calculator doesn't use explicit authentication - so why should you differ? You can link you Authentication to FB or Google or any other OAuth provider - what does make you to create your proper OAuth provider?
You can Authenticate users with both OAuth and OpenID.
I'm building a Rails web app. I use OmniAuth for authentication.
I would like to provide API access but only after the user has authenticated themselves with OAuth (via twitter mainly).
Any suggestions of where to start?
EDIT: add more context as requested
Not trying to become an Oauth provider, but simply use the same login tokens. For example, you log into my app through twitter. You have both the token and secret OAuth tokens. I want to use those tokens to allow a user API access to the site.
I have a similar question: Retrieving OAuth tokens (on server) from Faraday OAuth module (from client)