The Application Details of a LinkedIn application include a section "OAuth Keys" which lists a consumer key and secret, and also a OAuth 1.0a user token and secret. Does this OAuth 1.0a user token expire? If so, what is the expiry time? I gather it used to be 60 days[1] Is this still the case?
[1] Linkedin Application has OAuth User Token and OAuth User Secret, Do they Expire?
Thanks...
OAuth 1.0a and OAuth 2.0 access tokens from LinkedIn have a 60 day expiry.
Related
I have questions.
Does WSO2 support something similar to:
https://docs.wso2.com/display/AM190/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type
using JWT instead of SAML?
Is it possible to achieve it using Facebook/Google as Federated identity provider?
And another one:
Can we use JWT token instead of OAuth2 Access Token in WSO2 Api Manager to authorize incoming requests?
Thanks
Does WSO2 support something similar to:
https://docs.wso2.com/display/AM190/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type
using JWT instead of SAML?
Yes, it does. We have the JWT Bearer Grant implementation for this. The idea behind JWT Grant is that a signed JWT valid according to [1] issued by a trusted IDP can be exchanged for an access_token. Follow [2] to try out the JWT Bearer Grant.
Facebook and Google do issue JWTs in the form of id_token. But there's a problem with using those id_token as a JWT Bearer Grant at the moment. According to the spec[1], the JWT Bearer Grant must contain some value in the 'aud' claim to let the entity that validates the bearer grant that it was intended to them. At present we cannot do this with any OpenID Connect provider ie. there is no standard way to request a OIDC provider to give us a token that we can use at 'X' identity provider.
Can we use JWT token instead of OAuth2 Access Token in WSO2 Api
Manager to authorize incoming requests?
AFAIK, this is not possible out of the box. One solution would be to use the JWT to get an access token using the JWT Bearer grant type. And then use the access_token APIM.
[1] https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bearer-12#section-3
[2] https://docs.wso2.com/display/ISCONNECTORS/JWT+Grant+Type+for+OAuth2
I just have a question re client_credentials grant type in OAuth 2.0. When a client requests for an access token 2 times, will the access token requested on the first time be invalid?
Thanks!
The first obtained access token will be valid until it expires.
A token contains an authentication ticket including the indentity and an expiration time. When the token is decrypted, the server obtains the ticket and checks that the ticket is not expired. It uses the claims included in the ticket for authorization tasks.
I am using Oauth to access Google Cloud Storage via their JSON API.
All is fine, I authenticate and get an access token which has an expiration of 3600.
What is the correct way to refresh this?
It is my understanding that in other types of oAuth flows (i.e. Web Server), the initial authorization request returns a refresh token as well as an access token, and that the refresh token is used to ask for another access token when the current access token has expired.
But is appears that there is no refresh token when doing server-to-server oAuth with a Google "Service Account"?
Found the answer.
https://developers.google.com/accounts/docs/OAuth2ServiceAccount#expiration
Access tokens issued by the Google OAuth 2.0 Authorization Server
expire one hour after they are issued. When an access token expires,
then the application should generate another JWT, sign it, and request
another access token.
I have an application that understands OAuth 2.0 token (on passing a valid OAuth 2.0 token, it authenticates a user) returned by Live ID .
This OAuth toke looks like -
"78wcH%2by1t6avE8zhVCzXQndK2zWJbCWvoZbSKfAduQuyQETUG2FtN5FOw%2bKaj5uCwUfuOS/2J35NvhDkZaaqoOzOVuoTYUDZgAACNzcJuSyBR21CAE9LpBrltj0PljQ76Hd9aJXW8x8DtRsKZvOn76PN69oGDzrGIjXXPIyCGDii9TYmP92kmh50B05qTqhdLiAXcluriQWuEMKONPUVazSmFN2BXZVW3NDdk3vkos8m68SXf%2"
Now I have another application which is based on Azure ACS mechanism. I can get SAML or SWT token from there.
Sample SWT tokens can be found here
Is there any method I can convert the SAML/SWT tokens to the former OAuth 2.0 token?
Note: I tried fetching SWT tokens via OAuth v2-13 protocol, but this token is not validated by the service accepting OAuth token.
Found it.
ACS doesnot expose any API which converts a SAML token to an OAuth 2.0 token.
The possible alternative is that on receiving a SAML token, break open the token, verify the authenticity of the user and successively, fetch OAuth token for the user using live id APIs.
It will definitely double the latency for your signin process.
I created an app in whootin.com and I have
Consumer Key
Consumer Secret
Request Token URL
Access Token URL
Authorize URL
I want to authenticate user those who are having whootin account and display their information in my site.
Because OAuth is only a specification, there are a lot of differenct clients you can use. For example: https://github.com/vznet/oauth_2.0_client_php.