Multiple domains for oauth providers configuration in Grails 2.3 - grails

using Grails 2.3.8 and
plugins {
compile ':spring-security-core:2.0-RC2'
compile ':spring-security-oauth:2.0.2'
compile ':spring-security-oauth-facebook:0.1'
compile ':spring-security-oauth-google:0.1'
}
and the default providers setup:
oauth{
providers{
facebook{
api = org.scribe.builder.api.FacebookApi
key = '11111'
secret = '222222'
successUri = "http://localhost:8880/oauth/facebook/success"
failureUri = "http://localhost:8880/oauth/facebook/error"
callback = "http://localhost:8880/oauth/facebook/callback"
scope = 'email'
}
}
As I understood, I have to use the absolute URL's for callbacks. That is a problem, as my app is mapped to several domains, like myapp.com, myapp.de, myapp.ru etc.
Is it possible out of the box to provide the callback URL's for each domain?
TIA

so, I figured it out!
the solution contains a bit of ugliness, but works like charm:
in my Config I had to change the providers so, that the server name is reflected in provider name and callback-URLs:
oauth{
providers{
facebook{
api = org.scribe.builder.api.FacebookApi
key = '11111'
secret = '22222222'
scope = 'email'
}
'facebook_localhost'{
api = org.scribe.builder.api.FacebookApi
key = '111111'
secret = '222222222'
successUri = "http://localhost:8880/oauth/facebook_localhost/success"
failureUri = "http://localhost:8880/oauth/facebook_localhost/error"
callback = "http://localhost:8880/oauth/facebook_localhost/callback"
scope = 'email'
}
'facebook_wwwmysitenet'{
api = org.scribe.builder.api.FacebookApi
key = '9999999'
secret = '888888888888'
successUri = "http://www.mesite.net/oauth/facebook_wwwmesitenet/success"
failureUri = "http://www.mesite.net/oauth/facebook_wwwmesitenet/error"
callback = "http://www.mesite.net/oauth/facebook_wwwmesitenet/callback"
scope = 'email'
}
}
}
to make processing easier, I remove the dots from the server name.
The same I made for google.

Related

How do I set multiple paths in prosody's ldap basedn variable

I've set up a jitsi-meet instance for test purposes and I use the ldap-related modules for user authentication configured in /etc/prosody/conf.d/ldap.cfn.lua. Here is my working ldap.cfn.lua (I removed usernames and passwords and replaced them with *):
-- Authentication configuration --
authentication = 'ldap2'
ldap = {
hostname = 'my.ldap.server.org',
--use_tls = true,
bind_dn = 'CN=ldap,OU=user,OU=my,DC=company,DC=org',
bind_password = '***',
user = {
basedn = 'ou=workers,ou=location1,dc=my,dc=company,dc=org',
filter = 'sAMAccountName=*',
usernamefield = 'sAMAccountName',
namefield = 'cn',
},
}
I have several locations within my AD (evolved historically) and I need to query them too. How can I specify more than one basedn parameter? Here is what I tried so far without positive results (mere guesses).
user = {
basedn = 'ou=workers,ou=location1,dc=my,dc=company,dc=org',
'ou=workers,ou=location2,dc=my,dc=company,dc=org',
filter = ...
...
},
user = {
basedn = '(ou=workers,ou=location1,dc=my,dc=company,dc=org,ou=workers,ou=location2,dc=my,dc=company,dc=org)',
filter = ...
...
},
Thanks!
Luckily I've figered out another solution in the meantime:
In my case it's not neccessary to query multiple OU within the AD. It's sufficient to query the very root of my AD and filter for every Domain User.
This site gave valuable hints: https://ldapwiki.com/wiki/Domain%20Users
Here is my working config:
authentication = 'ldap2'
ldap = {
hostname = 'my.ldap.server.org',
--use_tls = true,
bind_dn = 'CN=ldap,OU=user,OU=my,DC=company,DC=org',
bind_password = '***',
user = {
basedn = 'dc=my,dc=company,dc=org',
filter = '(primaryGroupID=513)',
usernamefield = 'sAMAccountName',
namefield = 'cn',
},
}

OAuthOptions.Scope Cannot Be Assigned To

I'm trying to implement LinkedIn/OAuth authentication in my ASP.NET Core 2.0 app and I need to set the scope to { "r_basicprofile", "r_emailaddress" } so that I can user's email, profile image, etc.
When I try to set the scope in the following code, I'm getting the following error:
Property or indexer 'OAuthOptions.Scope' cannot be assigned to -- it's
read-only.
Here's the code:
services.AddOAuth(CookieAuthenticationDefaults.AuthenticationScheme, options => {
options.SignInScheme = "LinkedIn";
options.ClientId = "1234567890";
options.ClientSecret = "1234567890";
options.CallbackPath = "/linkedin-callback";
// Configure the LinkedIn endpoints
options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization",
options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken",
options.UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,picture-url,picture-urls::(original))",
options.Scope = { "r_basicprofile", "r_emailaddress" };
options.Events = new OAuthEvents
{
OnCreatingTicket = OnCreatingTicketLinkedInCallBack,
OnTicketReceived = OnTicketReceivedCallback
};
})
Any idea how I can set the scope?
P.S. I tried to adapt the code from my ASP.NET Core 1.1. This code was working fine in the ASP.NET Core 1.1 app.
The Scope = { "r_basicprofile", "r_emailaddress" } syntax is only available when using object initialization. Here, the options object is not instantiated from your code but directly provided by ASP.NET Core so you can't use this syntax.
The good news is that Scope property is a collection (internally, a hash set) so you can simply do:
options.Scope.Add("r_basicprofile");
options.Scope.Add("r_emailaddress");
If you want to get rid of the default scopes, you can remove them using options.Scope.Remove("scope") or options.Scope.Clear().

oauth facebook with grails accessing token

Its a grails project,
Facebook authentication is successful via oauth,
Now when it comes back to my controller, I want to get emailID of the logged in user,
Searched a lot, but did not find proper documentation,
I am using scribe and have following code in Config.groory
import org.scribe.builder.api.FacebookApi
oauth {
providers {
facebook {
api = FacebookApi
key = 'xxxx'
secret = 'yyyy'
callback = "http://my-domain-name-here:8080/TestOAuth2/dashBoard/facebooklogin"
successUri = "http://my-domain-name-here:8080/TestOAuth2/dashBoard/success"
}
}
}
Any help much appreciated.
Thanks.
Try this..,.
Config:
import org.scribe.builder.api.FacebookApi
...
oauth {
providers {
facebook {
api = FacebookApi
key = 'XXX'
secret = 'YYY'
scope = 'email,read_stream,publish_actions,user_birthday,publish_stream'
callback = "http://localhost:8080/appName/oauth/facebook/callback" //callback to oauth controller of oauth plugin
successUri = "http://localhost:8080/appName/myController/facebookSuccess"
failureUri = "http://localhost:8080/appName/myController/facebookFailure"
}
}
}
MyController:
def facebookSuccess() {
Token facebookAccessToken = (Token) session[oauthService.findSessionKeyForAccessToken('facebook')]
def facebookResource = oauthService.getFacebookResource(facebookAccessToken, "https://graph.facebook.com/me")
def facebookResponse = JSON.parse(facebookResource?.getBody())
log.info "Email = ${facebookResponse.email}"
...
}
You can get working example from my git repo. Grails Oauth Plugin Demo.
Email is not part of a Facebook public_profile. The only way to get the users e-mail address is to request extended permissions on the email field. You can do this by adding a scope to the oauth provider.
config.groovy
oauth {
providers {
facebook {
api = org.scribe.builder.api.FacebookApi
scope = 'email'
...
...
}
}
}
As an example of how to return email and various public_profile fields please see below.
Take Note of: getFacebookResource params e.g. https://graph.facebook.com/me?fields=id,name,verified,age_range,email"
import grails.converters.JSON
import org.scribe.model.Token
import grails.plugin.springsecurity.oauth.OAuthToken
class SpringSecurityOAuthController {
def oauthService
def onSuccess = {
// Validate the 'provider' URL. Any errors here are either misconfiguration
// or web crawlers (or malicious users).
if (!params.provider) {
renderError 400, "The Spring Security OAuth callback URL must include the 'provider' URL parameter."
return
}
def sessionKey = oauthService.findSessionKeyForAccessToken(params.provider)
if (!session[sessionKey]) {
renderError 500, "No OAuth token in the session for provider '${params.provider}'!"
return
}
// Create the relevant authentication token and attempt to log in.
OAuthToken oAuthToken = createAuthToken(params.provider, session[sessionKey])
Token facebookAccessToken = (Token) session[oauthService.findSessionKeyForAccessToken('facebook')]
def facebookResource = oauthService.getFacebookResource(facebookAccessToken , "https://graph.facebook.com/me?fields=id,name,verified,age_range,email")
def facebookResponse = JSON.parse(facebookResource?.getBody())
println facebookResponse
...
...
}
}
public_profile (Default)
A person's public profile refers to the following properties on the user object by default:
id cover
name
first_name
last_name
age_range
link
gender
locale
picture
timezone
updated_time
verified

Can't twitter status using oAuth and .net Hammock library on Windows Phone 7

I've been able setup the oAuth calls to get the users access Token following a couple blog posts:
http://sudheerkovalam.wordpress.com/2010/08/28/a-windows-phone-7-twitter-application-part-1/
and
:/byatool.com/c/connect-your-web-app-to-twitter-using-hammock-csharp/comment-page-1/#comment-9955
But I'm having problems sending a status update. I can't find any examples so I may not be setting the proper values. Here's the code which keeps returning: "Could not authenticate with OAuth."
private void Tweet()
{
var credentials = new OAuthCredentials
{
Type = OAuthType.ProtectedResource,
SignatureMethod = OAuthSignatureMethod.HmacSha1,
ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader,
ConsumerKey = TwitterSettings.ConsumerKey,
ConsumerSecret = TwitterSettings.ConsumerKeySecret,
Token = _settings.AccessToken,
TokenSecret = _settings.AccessTokenSecret,
Version = TwitterSettings.OAuthVersion,
};
var client = new RestClient
{
Authority = "http://twitter.com/oauth",
Credentials = credentials,
HasElevatedPermissions = true
};
var request = new RestRequest
{
Path = "/statuses/update.json",
Method = WebMethod.Post
};
request.AddParameter("status", TwitterTextBox.Text);
client.BeginRequest(request, new RestCallback(TwitterPostCompleted));
}
private void TwitterPostCompleted(RestRequest request, RestResponse response, object userstate)
{
Dispatcher.BeginInvoke(() => MessageBox.Show(response.Content));
}
thanks for any help,
Sam
Ah figured it out finally I was using the wrong URL need to use:
Authority = "http://api.twitter.com" and not: "http://twitter.com/oauth"
Just in case other people find this I've written a blog post on using OAth with Hammock for Twitter. Might be of use to some people!

CookieTheftException with PersistentTokenBasedRememberMeServices

I'm using the PersistentTokenBasedRememberMeServices (Spring Security 2.04) in Grails App in conjunction with the OpenIDAuthenticationProcessingFilter. The configuration is as follows (This is Grails's DSL equivalent to Spring resource.xml but it should be quite easy to adapt):
customTokenRepository(JdbcTokenRepositoryImpl)
{
dataSource = ref('dataSource')
}
rememberMeServices(PersistentTokenBasedRememberMeServices) {
userDetailsService = ref('userDetailsService')
key = securityConf.rememberMeKey
cookieName = securityConf.cookieName
alwaysRemember = securityConf.alwaysRemember
tokenValiditySeconds = securityConf.tokenValiditySeconds
parameter = securityConf.parameter
tokenRepository = customTokenRepository
}
openIDAuthProvider(org.codehaus.groovy.grails.plugins.springsecurity.openid.GrailsOpenIdAuthenticationProvider) {
userDetailsService = ref('userDetailsService')
}
openIDStore(org.openid4java.consumer.InMemoryConsumerAssociationStore)
openIDNonceVerifier(org.openid4java.consumer.InMemoryNonceVerifier, securityConf.openIdNonceMaxSeconds) // 300 seconds
openIDConsumerManager(org.openid4java.consumer.ConsumerManager) {
nonceVerifier = openIDNonceVerifier
}
openIDConsumer(org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer, openIDConsumerManager)
openIDAuthenticationProcessingFilter(org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter) {
authenticationManager = ref('authenticationManager')
authenticationFailureUrl = securityConf.authenticationFailureUrl //'/login/authfail?login_error=1' // /spring_security_login?login_error
defaultTargetUrl = securityConf.defaultTargetUrl // '/'
filterProcessesUrl = '/j_spring_openid_security_check' // not configurable
rememberMeServices = ref('rememberMeServices')
consumer = openIDConsumer
targetUrlResolver = customTargetUrlResolver
}
After a user has authenticated everything is fine until the cookie issued to him is used for the first time for example after a container restart (see here).
The very first request using the cookie seems to be always fine but after the cookie has been updated with a new date and most importantly a new token, subsequent requests will crash in here. As if the browser would still request resources using the old version of the cookie containing the old token. I'm totally baffled why this happens. Any suggestions?

Resources