can any one please suggest how do i test oauth2.0 by using Apigee edge management Trace tool or web browser. I do not have access to post man rest client or curl.
kindly help.
You can go to http://apigee.com/console.
Apigee console works as a Oauth 2 client as well.
To make it work against your APIs, you need to sign in. After you sign in to the console, you see a "Create your own API Console" link at the top right corner of the screen.
Once you are done defining the client with client_id, secret, redirect url etc. you can launch your version of apigee console and test Oauth 2.0 compliant APIs.
Related
I'm trying to create a web server that allow users to oauth their IB accounts. To obtain a request token, you first need to get a consumer key. I tried to follow their instruction, but there is no details on how to make a call to get the consumer_key.
What exactly should the endpoint be? Is it a POST or GET call? how do params / body looks like?
Even though you registered your consumer_key in InteractiveBroker settings page, OAuth flow for the consumer_key will not be worked because IB Web API OAuth flow is not ready to work.
Their customer service doesn't have the ability to solve the problem because the OAuth flow should be ready by the developers for IB Service Provider.
All of documents for the OAuth flow of InteractiveBroker is not correct and the customer service said they don't know about the issues.
It will be the losing of the time if you are going to solve the problem for OAuth flow of InteractiveBroker.
InteractiveBroker Web API is not ready yet.
Don't lose your time.
The answer from Daniel is still right (it just doesn't work) there are however a few projects that can alleviate the pain:
https://github.com/Cloudmative/cp-webapi-gateway
https://github.com/Voyz/ibeam
Both of them require to run a docker service that will do the authentication and proxy the requests to IB gateway service.
You can avoid 2FA if you create an additional user to access your account.
I'm getting 501 HTTP error, it seems that OAuth is not ready yet for InteractiveBrokers developers:
Direct link to the OAuth configuration: https://www.interactivebrokers.co.uk/oauth
There is no API call to get the consumer_key. There is an OAuth settings page (best I know there is no direct link to it) in the IB web portal that lets you
enable OAuth access
upload the public Signing/Encryption keys and the DH param files
set your own consumer_key
Edit: here is the direct link to the OAuth settings page
If your talking about the web trading API you have to submit several things to IB in order to get your application registered. Onboarding instructions can be found in their OAuth document at: https://www.interactivebrokers.com/webtradingapi/oauth.pdf
Can we register OAuth redirect URI to google console developers via php code?
By PHP Code how we add more than 1 OAuth redirect URI, I don't need to add it manually from console.developers.google.com
No, you cant. You must write it manually in Google Developers Console.
I think it is there because of security reasons. In case of some kind of attack or if wrong person would get your code, he could just change everything in your developers console within code. He never should be able to do it.
More informations in Using OAuth 2.0
So I know it is bad to store the client_secret in a client side app (in my case a mobile app); however, the below link is the only link which describes how to use your refresh token for Google OAuth 2.0 and it requires the client_secret.
https://developers.google.com/accounts/docs/OAuth2Login#refresh-tokens
My question: Is it possible to use Google OAuth 2.0 in a client side app without using/storing the client_secret? I know that Windows Live Connect's flavor of OAuth 2.0 allows you to refresh your token without specifying the client_secret, but I have not yet discovered a way to do this with Google's API.
Any thoughts?
There is a separate workflow for using OAuth2 on installed applications or devices.
See link below to relevant google documentation
Using OAuth 2.0 for Devices
Something that confuses me is this found on the Google Developer Console documentation regarding Setting up OAuth2.0
Setting up OAuth 2.0
To use OAuth 2.0 in your application, you need an OAuth 2.0 client ID,
which your application uses when requesting an OAuth 2.0 access token.
When you register an application in the Google Developers Console, you
can generate an OAuth 2.0 client ID.
To find your application's client ID and client secret, and set a
redirect URI, expand the OAuth 2.0 Client ID section.
To deactivate the client ID, delete the application from the
Developers Console.
How do you "expand the OAuth 2.0 Client ID section" ? Here is a screenshot of this screen:
UPDATE:
Screen shot from "original" developer console interface:
The terminology used is for the original Developer Console, whereas you have been redirected to the new Cloud Console. Personally I find the original more robust so I tend to use that. Look at the bottom of teh page and you'll see a grey link "Return to Original"
I have been playing with the new Admin SDK in conjunction with the "upgraded authorisation experience" and wondered if someone has and experience/examples on how to use it. From what I have read, if you upgrade the authorisation experience you shouldn't need to use OAuth 2.0 and get a client ID and secret from the API console.
When you upgrade the authorisation, the API console entry is automatically created so you just have to turn on Admin SDK. Your app should then run simply using your own admin credentials.
Have I misunderstood this and if so, what is the benefit of the new authorisation experience?
I can use the Admin SDK just fine if I create a client ID and secret in the API console but this is using OAuth 2.0 then.
If someone has an example of how to use the admin sdk with OAuth 1.0 i could have a look at it would be much appreciated.
You will still need get your tokens and API key...
Take from the Directory API documentation:
If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane.
If you are looking for an oAuth2 example with GAS, Arun has a nice example he posted on GitHub, see the SO posting: How to authorize with oauth 2.0 from appscript to Google APIs?
Sorry, I don't have any oAuth1 example to interface with the new APIs.