In the web api for /authorize a refresh and access token are returned. How can I access/ receive a refresh token similar to what is returned in /authorize?
Something like SPTAuth.defaultInstance().refreshToken?
You need to create a URL scheme for your app. Something like:
appName://SpotifyAuthentication
Then when you register your dev account with Spotify, you need to enter that as the redirect URI. When you make the request on the device (GET https://accounts.spotify.com/authorize?client_id=.....&response_type=code& redirect_uri=appName%3A%2F%2FSpotifyAuthentication&.....), it will call this URI automatically and will call: application:openURL:options: in AppDelegate.
The URL query string will contain your auth token. IE: appName://SpotifyAuthentication?authToken=someToken.
Related
I have an iOS app that authenticates for api access and I have a request to throw the user into safari, not a WKWebView but still keep them authenticated.
Is there anyway to securely share the session between an iOS app and full safari?
I have looked into WKProcesspools but I am not sure that will quite do it.
Not sure about WKProcesspools, but you can share the session using Query parmaters.
Format your weburl to include verification token as a query parameter.
When you verify user via API, you must get the token from response. Pass this token as a query parameter in your url and redirect to Safari.
URL - https://www.example.com/page1
URL with token - https://www.example.com/page1?token=asdfv12324fvfropfc23as
Extra care to prevent copy/paste of token:
When creating token, pass IP Address or MAC Address as parameter of your API and based on these addresses you can check if the request is coming from same address. This will take care of the device authentication.
Hi guy I have a simple diagram to explain what I to achieve
first want to authenticate OAuth with mobile because mobile cant receive a callback from auth server so I need to create new simple node server for handle authentication code and get real token everything just fine until getting real token I already send code
you will see URL that console log print
already attach code in URL
I dint know issue come from guess because different referer who getting and obtain code
because I try to use only server:9000 getting and obtain access token is work
we dont need server for obtain token just only external browser and deeplink
here solove workflow
native trigger external browser
browser send authentication request to auth server
authserver send authorization back to browser
browser trigger some address that associate to app with deeplinking also passs auth code with query param
native capture auth token then send code to auth server for obtain access_token
auth server send access token back to native
native store access token in secure storage like keychain and shared preference
I am developing an API. I implemented register, login, and Facebook auth using Auth0.
My token expires after one day, and I need to get my refresh token to sign in the user again without requiring its credentials again. I have to make a call to /authorize with these parametrs [sic]:
GET https://YOUR_AUTH0_DOMAIN/authorize?
audience=API_IDENTIFIER&
scope=SCOPE&
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
state=STATE
but I get this error Image
The GET response should give me a code, which I would use to get my refresh token making another GET request on /oauth/token like that: Image
Does anyone have any idea how to get over the first step?
Have you tried using curl to get access token and refresh token and then refresh outside of your app? The following link has very detailed instruction on how to do that with auth0.
https://auth0.com/learn/refresh-tokens/
This is unfortunately, very poor documented, and I haven't been able to generate an access_token for iOS.
I followed How to get an Instagram Access Token
Got my id and secret, along with the redirect URI, and there are a couple of issues:
Can't get to register the URL scheme of the redirect URI, as Instagram explicitly asks for and https://youcallback.com, what is the scheme?
If I use the callback from OAuthSwift example, it does redirect, but I get this error and when I check, the URL fragment is nil, even though when I test it on the browser, I do get an access_token. I also tried an external, and internal WebView.
serverError[No access_token, no code and no error provided by server]
I'm using this site https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx to do Authorization Code Grant Flow with the goal of reading my office 365 calendars using this type of flow. The problem is that when I request for an oauth token the response is not updating the "scope" variable. I'm requesting the oauth token using this POST call "https://login.microsoftonline.com/common/oauth2/token" and passing in the body my grant_type, redirect_uri, client_id, client_secret, code, resource. The response is 200OK but for scope it only reads -> "'scope': 'Contacts.Read'" when it should also have Calendars.Read as well. In manage.windowsazure.com for the app that has the same client_id I'm passing in has the read calendars checked as well as the read contacts checked. When I first got my authorization code by typing this into the browser "login.microsoftonline.com/common/oauth2/authorize" I only had "Contacts Read" checked. But now every time I type that into my browser it skips the page where I accept my app to look at my calendars and contacts page. When I login with someone else's computer and get the auth code and request the token it updates their scope to both contacts and calendar and works fine. For me I'm getting a new Auth code in the url but it skips the page where I could accept my app to look at my contacts AND calendars. I'm getting a new authorization each time. I tried clearing my browsing data but It still wouldn't work.
You need the user to logon again so they can consent to the new scope. Try adding prompt=consent to your logon URL.
This works much nicer in the v2 app model, which does dynamic scopes.