I'm trying to connect to Exchange using Javamail and OAuth. I'm using Javamail 1.5.3 and I referred to this.
1) The exchange account that I'm trying to connect to is within an org domain. I know that my OAuth token is valid since I'm able to make a Rest api request to https://outlook.office.com/api/v2.0/me to get the user profile using the token. My code looks like this -
Properties props = new Properties();
props.put("mail.imap.ssl.enable", "true);
props.put("mail.imap.sasl.enable", "true");
props.put("mail.imap.sasl.mechanisms", "XOAUTH2");
props.put("mail.imap.auth.login.disable", "true");
props.put("mail.imap.auth.plain.disable", "true");
Session session = Session.getInstance(props);
Store store = session.getStore("imap");
store.connect("imap-mail.outlook.com", "xxx#org.com", OAUTH_TOKEN);
I get (javax.mail.AuthenticationFailedException) javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] OAuth authentication failed
2) When I connect to an xxx#outlook.com account, I get 500:Internal Server Error and I'm not able to make the api request above to fetch the user profile using the OAuth token I received.
Related
I'm try to request call this route api.twitter.com/2/users/:id/following also getting the error :
Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint. Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].
I've trying to understand how I should generate an oauth token valid for this request, but i'm a bit lost! I've all the pipe line for the user authentication and for the last request I can get all user data including userToken and tokenSecret how i can use that info to generate the token for my request?
Also I've try to generate a token generate with apiKey and apiSecret withtou success
curl -u 'apiKey:apiSecret'
--data 'grant_type=client_credentials'
'https://api.twitter.com/oauth2/token'
I'm really lost using twitter api because of the multiples ways to authenticate
The curl command you're using will give an App-Only token, this won't work if you're trying the POST /2/users/:id/following endpoint. Follow this guide on generating an OAuth 2.0 User Access Token.
I have implemented OAuth2 Refresh Token in my project where i have two servers :
- Authentication Server
- Resource Server
Question : Where should i check if my access token has already expired or not ?
Method 1 : Before sending a request to resource server, we check if the access token has been expired or not at the client side only ? If the access token has been expired then we send refresh token to Authentication server to get the new access token and resend the request to resource server with the new access token.
Method 2 : Request goes to resource server and then we get invalid_access in the response & then we sent a request to Authentication server with refresh token to get the new access token & then again send request to resource server with new access token ?
Request you to share your thoughts on the same.
Thanks in advance.
Some good points above - would definitely recommend method 2 - as you've pointed out yourself it is more resilient.
Also the client side code should deal with other possible reasons for 401 responses, such as load balancing flips or changes to token signing keys.
I therefore always write OAuth clients to call APIs like this code snippet, regardless of technology.
I use Office.js's getCallbackTokenAsync to load the token to pass to the backend.
In the backend, I use EWS to retrieve the email data. Here is how I perform the authentication.
ExchangeService service = new ExchangeService();
service.Url = new Uri(ewsUrl); //retrieved from getCallbackTokenAsync
service.Credentials = new OAuthCredentials(ewsToken);// retrieved from getCallbackTokenAsync
It works well in exchange online enviroment. However when tested in on-premise exchange server, I got this authentication error:
Error Message: The remote server returned an error: (401) Unauthorized.
Stack Trace: at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
I then found this doc says the Oauth2 authentication is only for exchange online. I guess I need to use this NTLM (Exchange on-premises only).
The major reason I use EWS instead of Graph or Rest is it supports on-premise server more naturally. So should I change the authentication here? I certainly do not want to ask user for username and password.
Or is there anything I need to do(maybe custom configuration) to make the on-premise exchange server support token authentication?
I'm trying to get access to the Google Drive API using RestKit on iOS but I'm having problems with the Oauth authentification.
I've been following the Wiki page they have on the subject here:
Oauth Support On RestKit
Basically we create the client like this:
oauthClient = [RKClientOAuth clientWithClientID:[Client Id] secret:[Client Secret] delegate:[Your Delegate]];
[oauthClient setAuthorizationCode:[User Authorization Code]];
[oauthClient setAuthorizationURL:[Authorization Endpoint]];
[oauthClient setCallbackURL:[Your application callbackurl]];
[oauthClient validateAuthorizationCode];
And we receive an access token on the delegate in the method
- (void)OAuthClient:(RKOAuthClient *)client didAcquireAccessToken:(NSString *)token
Here we can create an ObjectManager to make the requests and all the other operations
RKObjectManager* objectManager = [RKObjectManager sharedManager];
objectManager.client.baseURL = #"YOUR API URL";
objectManager.client.OAuth2AccessToken = #"YOUR ACCESS TOKEN";
objectManager.client.authenticationType = RKRequestAuthenticationTypeOAuth2;
With all this I have encountered a few problems.
First is how do we obtain the authorization code needed here:
[oauthClient setAuthorizationCode:[User Authorization Code]];
I haven't had problems with Client Id, Client Secret, Authorization Endpoint, Callback URL and API URL as they are provided mostly in the google console API but I don't know how to obtain that.
Second is the Access Token would be a temporal Access Token or a Refresh Token as they are named in the google API? If it's the first, how can we obtain a Refresh Token?
I've been trying to do this with RestKit but there may be better ways so I'm open to other ideas. I can't find much information about Oauth support in Restkit.
Thanks beforehand
You must use Google ObjectiveC Library in order to access Google Drive APi.
https://developers.google.com/drive/quickstart-ios
You can use Google's Objective-C client library for the Drive API, including OAuth 2 sign-in.
http://code.google.com/p/google-api-objectivec-client/
You start with your client ID and client secret, you direct the user to the resource owner's authorization server. The authorization server and the user validate each other and your app is returned an Authorization Code. You go back to the authorization server and exchange the Authorization Code for an Access Token.
If the Access Token is time boxed, then you would use the Refresh Token to request a new Access Token when you discover that the Access Token has timed out.
Here is what I am trying to do using facebook graph on my rails site:
user client-side flow to get user permissions and authenticate user w/ facebook
send the access token received on the client-side to my server for additional processing from the server side
When I try to do this, I get an error from facebook saying I cannot authenticate the server. I am using the same token to do this that was given to me on the client side. Is there any way to authenticate the server without having the user log in using the server-side process?
try something like this in your JavaScript:
FB.login(function(response) {
if (response.session) {
location.href = '#{authenticate_path}?access_token=' + escape(response.session.access_token);
}
}, {perms: 'offline_access'});
You can then access facebook via the OAuth2 gem with the given access token:
client = OAuth2::Client.new(<app_id>, <app_secret>, :site => 'https://graph.facebook.com')
token = OAuth2::AccessToken.new client, params[:access_token]
token.get('/me')