I have a twitter app, which will access the user tweets and post on behalf of them too,
i was reading this documentation: https://dev.twitter.com/docs/auth/oauth
which says their are two type's of oauth i.e.
Application-user authentication
Application-only authentication
which one should i be using for oauth in my scenario, please suggest me the correct one.
thanx in advance.
Related
Given that I have mobile app which integrated with Google and Facebook login, how do I use Google and Facebook authentication in the Micronaut REST API? In the future, the mobile app will allow user to register (create new account) besides social login.
Thanks for writing the following articles:
https://guides.micronaut.io/micronaut-oauth2-oidc-google/guide/index.html
https://guides.micronaut.io/micronaut-oauth2-cognito/guide/index.html
Both articles above mentioned "Micronaut extracts the JWT from the Cookie and validates the JWT signature with the remote Json Web Key Set..."
Currently, the mobile apps has the access token return from Facebook OAuth2 and Google OAuth2, can't I simply pass the access token as bearer token for authentication?
I believe I'm missing some dots here, please advise.
Appreciate if you could point me to the right direction.
Thank you very much.
I have really hard time trying to understand mostly how should I implement my authorization flow. I think I have the authentication flow mostly correctly implemented using the technologies I've listed in the title. Here's what I want to achieve:
Basically I have a mobile app built using React-Native and I have made a restful API for this mobile app to use. I am currently at the point that I have implemented authentication using ADFS 4.0. My mobile app directly uses the ADFS endpoints to authenticate the user and I am able to receive the id_token and access token correctly from there. But here comes the part that I have no clue what to do next. Before I used openID, I had my own authentication and just an OAuth2 flow in my Spring REST Api and everytime I made a request from the mobile app to the API, I provided the access token in the headers, and used it to verify from the authorization server that the user is indeed authenticated and also received some crucial information about the user to use in my API. But now since I use OpenID-Connect and ADFS 4.0 for the authentication, I have the cruicial information I need in my API in the id_token. The question is, what exactly should i send to my API now from the mobile app, the id_token, access token or both? Given the access token to the userinfo endpoint at the ADFS returns the subject of the owner of the token. Like is there any way I could receive the users info using the subject or what exactly should I do. I've tried to research this subject a lot, but I am still very confused..
Send the access token to the API in the Bearer header. In the API, validate the token and, if required, do user info lookup. A Spring example of mine here if it helps.
Happy to answer any follow on questions ..
Is it possible to get a Twitter access token with OAuth 2.0? I came along this thread but I don't understand it. Do they support OAuth 2.0 or are they still using OAuth 1.0A?
Quoting from this page:
Twitter offers applications the ability to issue authenticated
requests on behalf of the application itself (as opposed to on behalf
of a specific user). Twitter's implementation is based on the Client
Credentials Grant flow of the OAuth 2 specification. Note that OAuth
1.0a is still required to issue requests on behalf of users.
Therefore, no they do not fully support OAuth 2.
SalesForce.com Rest API Authentication. Will it allow 2-legged oauth transaction
Yes it does allow 2-legged authentication, although Salesforce docs say that it isn't recommended. It's described in detail here:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_username_password_flow.htm&type=5
From using it I know it always redirects you to salesforce to login and authorise the application, which if I have my terminology right is 3-legged oAuth, so at this point in time I'd say it doesn't support that.
THere's some good information on oAuth and Salesforce here.
Here is the actual support page for Salesforce 2 legged Oauth:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5
Contrary to another answer it is recommended and supported as long as you use the above method.
aka:
OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration
The oAuth protocol comes in two flavors, 3-legged and 2-legged protocols. The 3-legged one is about delegating user access rights to an application and is the one that gets the most attention on the web. The 2-legged version is used to authenticate an application against a service provider (Twitter in my case) with no specific user involved.
In my application I need read only access to publicly available information, but at higher rate than the one available to unauthenticated request. There is no need for me to authenticate as a specific Twitter user.
Does Twitter support the 2-legged version of oAuth?
Boaz
PS. The whitelisting alternative is an overkill for me and I rather not wait for the approval process.
You can get an access token for a single user following these instructions: http://dev.twitter.com/pages/oauth_single_token