I've question regarding automation with oAuth 1.0a. I need to access a REST API at a oAuth provider on behalf of a user. The provider has oAuth version 1.0a implemented.
At forehand excuse my ignorance on oAuth, it's new territory for me.
I'm working on a .NET MVC 5 project and installed the NuGet Package as follows: "Install-Package DotNetOpenAuth.OAuth.Consumer". This installed the following:
Attempting to gather dependencies information for package 'DotNetOpenAuth.OAuth.Consumer.4.3.4.13329' with respect to project 'projectname', targeting '.NETFramework,Version=v4.6.1'... successfully installed dependencies and the DotNetOpenAuth consumer package.
My goal is to access a REST API when triggered by an external source which is not human. In short, a controller is triggered by an external process and sends data to my application. Next, I will need to access the REST API of the provider in order to process the received data. So, no human eyes or hands are available to login or copy a verifier of some sort.
I've been looking around, read about oAuth and the DNOA library. I kinda found that I have to obtain a RequestToken to start off with. I'm using the following code to achieve this:
InMemoryTokenManager tm = new InMemoryTokenManager("**consumerkey**", "**secret**");
var serviceProvider = GetServiceDescription();
var consumer = new DesktopConsumer(serviceProvider, tm);
string reqToken;
consumer.RequestUserAuthorization(null, null, out reqToken);
I read about the InMemoryTokenManager, ServiceProviderDescription, DesktopConsumer and that is pretty clear to me. Although I'm not surefooted about using DesktopConsumer instead of WebConsumer..
Now, I need to get a verification code from the Provider. But how to proceed next in order to get it?
I've looked at the UserAuthorizationResponse object which contains a property exactly for this purpose but I'm unable to figure out how to retrieve this.
With the request token and verification code I should be able to get a AuthorizedTokenResponse object and perform the REST API calls.
Can anyone help me out on this?
Related
I have a working (tested) oauth response from postman, but unfortunately I don't know which way to go when I need to implement the query in .net Core.
Please can you give me a simple example or a hint?
The Identity Server 4 Samples repository, have a lot of examples of OAuth clients.
The steps you need to execute to authenticate, depends of the flow used by the server, more information about flows and usage http://oauthlib.readthedocs.io/en/latest/oauth2/grants/grants.html
Using the OWIN and Thinkecture components are very powerful. I have an MVC app that is fully secured using an Identity Server we built on Thinkecture. It can call our web api secured as a resource through our IDS.
We now have a new feature that we need to call out to a 3rd party and access their API to grab some data. They also protect their api through oauth2 using their identity services. I thoght doing this would be straight forward, but I am struggling figuring out the actual code to do this. Basically they request a page in our MVC app. It requires authorization, but that is authorization from our IDS. We lookup the access and refresh token to use for our user to call the 3rd party. If not found or if it is expired, we need to authorize with the 3rd party by having the user login to their IDS, give consent, etc.
I could not find any client examples to handle this. Can someone point me to an example or point me in the right direction?
I looked closer at the IdentityServer3 samples and found the MVC manual Code Flow client and dug into it a little bit. I was able to take the code from there and alter it a little bit to save off nonce and state a different way and then was able to accomplish what I wanted.
I would like to know if One Drive supports those four ways of Authorization. Please refer to this link. https://www.rfc-editor.org/rfc/rfc6749#page-23
We are integrating our DVR and NVR with One Drive now and we need to understand which authorization method One Drive supports. We are trying to use OneDrive with embedded ARM processors, so the user does not have access to a browser as they would for a web-app.
Please kindly advise how we should proceed from here. Thanks for your time and I look forward to hearing from you.
Best Wishes,
Ted Yang
I am going to say yes, OneDrive probably supports those ways of authorization, because on their authentication documentations page they say the following:
The OneDrive API uses the standard OAuth 2.0 authentication scheme to authenticate users and generate access tokens.
That link takes us to the oauth.net site page for OAuth 2.0. On that page, we find the following:
The final version of the spec can be found at https://www.rfc-editor.org/rfc/rfc6749
which is the document you linked. The OneDrive API documentation says it supports OAuth 2.0, and your linking the definition of OAuth 2.0, so I think it's safe to say it's supported. How to use it is another question entirely, and one I am unable to answer.
I will note, however, that on the OAuth page, they have this to say about it's uses (emphasis mine):
OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
I would presume that living room devices could include DVRs, and although your DVRs are for security purposes, the development of cloud storage APIs for either would undoubtedly be similar. So I would say this is probably quite possible.
How to do it:
First things first, you'll need to register your app. This gets you a client id and a client secret which you'll need. Registration directions
There are two methods: token flow and code flow. Token flow is two steps, and code flow is three steps. However token flow uses tokens that expire, so it would require the user to reenter thigns periodically. You therefor want to use code flow. Here's some directions for that.
Basically the steps of the code flow are:
Get an authorization code
User authorization code to get an access token
User access token to make API calls
You WILL need to make HTTP requests. I'm sure you should be able to do this with ARM embedded C. However, step 1 is what gives you to the Microsoft account login page. I am note sure how to circumvent this, exactly. I'm not sure you're supposed to be ABLE to circumvent this, since Microsoft doesn't want you handling their customers' passwords.
They have an example in Javascript that might give useful details on oauth in the oauth.js file. Javascript sample project
I am trying to use the .NET APIs from Google
https://code.google.com/p/google-api-dotnet-client/
https://www.nuget.org/packages/Google.Apis.Authentication/
As most of these APIs from Google require an oAuth token for you to fetch any data from them, I am struggling to get over this first hurdle.
My plan is to create a very simple .NET Web API that lists out my Google Analytic's accounts via the API which I can then in turn use with AngularJS to bind to a nice little view with the JSON returned from my WebAPI call.
The problem I mentioned is that there seems to be lots of different examples floating about and I can't seem to get any to to work. Either its out of date or the sample project doesn't compile etc...
From what I can understand I need to pass an Authenticator object to the BaseClient object which is in turn used for any Service API.
Below is a rough example I am trying to get to work, but currently fails and gets an error back from Google's API because I am not logged in/passing an oAuth token. Can anyone give me any pointers or advice please.
Thanks, Warren
[HttpGet]
public IEnumerable<Account> GetAccounts()
{
var baseClient = new BaseClientService.Initializer();
baseClient.ApplicationName = "Google Stats Example";
baseClient.Authenticator = null; //Unsure how to get the oAuth token
AnalyticsService stats = new AnalyticsService(baseClient);
var accounts = stats.Management.Accounts.List();
var allAccounts = accounts.Execute();
return allAccounts.Items;
}
To create an authenticator you need a nuget package named "Google APIs OAuth2 Client Library" but i downloaded a nugget package named "Google.Apis.Oauth2.v2 Client Library". Similar names but not the same.
I was not able to find the correct one on nugget page. If you perform a search on that package it wont show up. I had to use Visual Studio Nugget searcher and activate "show prerealese packages" to install it.
I'm building a web app which will have an api and an authorization service using DotNetOpenAuth. I found this example on how you can authorize using a service provider that already exists but I would like an example on how to implement a service provider that can create tokens, persist them and do evaluation. Is there any great articles or sample providers that I can download?
Update
DotNetOpenAuth has moved on since this was initially posted. I strongly suggest you follow Ashish's advise and take a look at the samples. It contains code to write Authorization Servers, Resource Servers and Clients for all the major flows.
If you wanted a pre built solution, with opensource code
Thinktecture Identity Server is an Open Source .NET security token service. It supports a number of endpoints for authentication including OAuth 2.0 Bearer tokens.
Update this Thinktecture Identity Server is now on version 2 and supports these OAuth 2.0 flows
Resource Owner Password Credential Flow
Implict Flow & JavaScript
Authorization Code Flow
again take a look at the code to see how it was all done and there are samples here to show how to plumb it in.
I hope this helps - these library's and examples have hugely helped us over the past few months.
Update
There is also another example warning, it looks dated of a simple OAuth provider for MVC here Sample code here
There are complete working example for DotNetOpenAuth can be found here - https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples
I tried a number of times with DNOA....had to give up, but documented my findings (used Thinktecture in the end)...http://tb-it.blogspot.co.nz/2015/06/oauth-20-frameworks-and-platforms.html