Okay, so I wrote an API using Flask-Restful and now I want to implement OAuth2 authorization.
I've tried pyoauth2, but it's undocumented and the tutorial is quite complicated.
So, my question is: How do I do that?
Follow the flask-oauthlib guide to get a basic endpoint set up. Ensure that it works with a vanilla flask endpoint.
Configure your API to use the oauth decorator.
oauth = OAuth2Provider(app)
api = restful.Api(app, decorators=[oauth.require_oauth('email')])
Related
I am creating new product. for that I have to use available security features. should I use Oauth2 or Json web token? which is better and in which situation these should be used?
I think you may find your answer in using org.apache.oltu.oauth2.
https://www.programcreek.com/java-api-examples/?api=org.apache.oltu.oauth2.client.request.OAuthClientRequest.AuthenticationRequestBuilder
You can see an implementation for oauth and openID here oauth server and resource server
Just to explain what they are,
oauth server creates the tokens
resource server uses that token and processes it to give you the requested data
You can also go through the following docs to understand what they mean and how to implement them,
sample implementation in java , oracle tutorial on the concept of tokens
If you want to do google API auth then you can go through this
I also found this stackoverflow link which is sort of similar question and has shared few of similar links. You should check that out as well.
I've already looked at dedicated Rails casts here and
there, as well some Rails API tutorials with JWT here and there and here. Unfortunately, most of them are too outdated (2011-2015).
Nevertheless, I'm a still a little bit lost what to choose between oauth2, omniauth-oauth2, ruby-jwt
and in which situation and how to glue all these bricks together.
To be short, I need to authenticate Users via an external corporate API, get JWT token and be able to decode it to extract User information
before let him enter the Rails application.
What should I do:
create a custom strategy ?
will this custom strategy work with the corporate authentication API
if it does not use Doorkeeper ?
Some recent links would be really appreciated.
I see that you want to use Open Id Connect mechanism, which Identity Provider (IdP) will return id_token (JWT format) to client. That mechanism is already implemented here: https://github.com/doorkeeper-gem/doorkeeper-openid_connect. Check it out!
I've been struggling for two days with OAuth and RSpec to get a properly tested RESTful API using a 2-legged OAuth authentication so I thought about posting it here and prevent more pain to happen.
So here it is, in the answer.
I've built an example app. See it there : https://github.com/jerefrer/oauth-two-legged-restful-api
I am building a REST API using Grails. I want it to be protected using OAuth2.0 client_credentials flow(grant_type). My use-case is as follows:
a external agent will send a request to something like
http://server-url/oauth/token?client_id=clientId&client_secret=clientSecret&grant_type=client_credentials
and obtain a access_token. Then, my URL(protected resource) should be accesible with something like
http://server-url/resource?access_token={access-token obtained before}
I am looking for something that makes doing this on Grails easy and quick. What will be the best way/tool/plugin to use for this ? Scribe library is an option, if there are any tutorials for my specific use-case, it will be great.
P.S.: I have tried the spring-security and related plugins, no joy there. Any alternatives would be nice.
I have the same issue. I found a lot of grails plugins that helped you authenticate your app against other oauth providers, but nothing that would help me make my app the oauth provider. After a lot of digging, I came across this grails plugin that will do exactly what you want.
https://github.com/adaptivecomputing/grails-spring-security-oauth2-provider
I'm still configuring it for my application, and I think the docs might need a few edits (specifically the authorization_code flow) but I got the simple client_credentials flow to work with minimal configuration. Hope that helps!
Based on my experiences, Scribe was built for OAuth 1.0 and has only very limited support for OAuth 2.0. In fact, for testing our own OAuth 2 implementation, all we could use from it was an HTTP request wrapper, we had to do anything else manually. Fortunately, doing it manually is suprisingly easy.
Since I still haven't found a fine open OAuth 2.0 library for Java (frankly I'm not familiar with Groovy), I encourage you to write the client code for yourself. You don't even need a client callback endpoint to use the client credentials grant flow. So you simply create an HTTP request (as you've written above already, take care to escape the GET parameters though) and get the response content. Your flow does not use redirects, so simply parse the JSON object in the response content, e.g. with the org.json library. Finally, send an HTTP request using the extracted access token.
Note that your examples are not completely standard compliant. The standard requires using HTTPS, sending the token in an HTTP header instead of a GET parameter and suggests using a HTTP basic authorization header instead of GET parameters to specify client credentials.
I may have misunderstood your question, and you may want to implement the server side, too. The scribe library supports only client side, so you can find a commercial implementation or implement your own server. It is a complex task, but if you support only the client credentials flow, it almost becomes easy. ;-)
This isn't a plugin, it's just a sample Grails application that acts as an OAuth provider. It was really easy to get up and running with Grails 3.
https://github.com/bobbywarner/grails3-oauth2-api
I found the gmail_xoauth gem, which does most of what I need, but I also need to generate the oauth tokens (consumer_key and consumer_secret) from inside Rails3.
I am trying to integrate Gmail's oauth integration into my site and hence cannot use the python script that the above gem refers to. I would like my site to take the user to the authentication page and extract the consumer_key/secret tokens.
I am new to OAuth, so maybe there's something obvious that I am missing.
UPDATE: I solved the above, and have written a blog post with the details (since its too big to fit here).
http://blog.asif.in/blog/2012/03/03/google-oauth-and-rails/
You may want to check out OmniAuth. It's a gem that encapsulates/abstracts a lot of the underlying protocol work that must be done for OAuth, as well as other authentication/authorization protocols like OpenID and LDAP. I'm not well versed on Google's API for sending/receiving email, but authenticating is the first step.
The OmniAuth wiki has a very good tutorial on using it with OpenID and Google Apps, although this may not be quite what you're looking for when it comes to IMAP. You may need to write your own provider for OmniAuth (a good tutorial describing this is available). Google also provides a reference site for authenticating/authorizing via IMAP and OAuth. The most relevant part of that to you would most likely be the page detailing the protocol.
Hope that helps!
I'm not going to write the full code for you, but do you know PHP? You could have a look at the way this example works:
http://googlecodesamples.com/docs/php/Docs.php
...then make something similar in Ruby.
This is a Google Code Sample from the following site:
http://googlecodesamples.com/