Oauth 2 autentication from a desktop or console app - oauth

I am trying to authenticate to an Oauth 2 service from a console app.
When opening the authorization server with the browser (Process.Start...) to authorize the app I should pass a callback url to receive the auth_code.
I tried to insert inside the app a webservice to be called back (servicestack), but it is not accessible from outside (localhost) and also if called is not receving the auth_code.
Is there a more effective and elegant way to do desktop authorization for Oauth 2.0 service?

Desktop application can use PIN based authorisation.
For example:
http://www.voiceoftech.com/swhitley/index.php/2010/02/twitter-oauth-with-net-for-the-desktop/

Related

Invalid Authorization Code auth_code_not_found in OAuth2

Hi guy I have a simple diagram to explain what I to achieve
first want to authenticate OAuth with mobile because mobile cant receive a callback from auth server so I need to create new simple node server for handle authentication code and get real token everything just fine until getting real token I already send code
you will see URL that console log print
already attach code in URL
I dint know issue come from guess because different referer who getting and obtain code
because I try to use only server:9000 getting and obtain access token is work
we dont need server for obtain token just only external browser and deeplink
here solove workflow
native trigger external browser
browser send authentication request to auth server
authserver send authorization back to browser
browser trigger some address that associate to app with deeplinking also passs auth code with query param
native capture auth token then send code to auth server for obtain access_token
auth server send access token back to native 
native store access token in secure storage like keychain and shared preference 

Custom authenticator for 2FA with lighttpd

I have a web application which currently uses lighttpd with mod_auth and the htdigest method for authentication. I want to expand the web apps functionality to allow for 2FA. If I understand correctly, what happens for htdigest authentication is the following:
The browser requests a website from the server
The server responds with "authentication required"
The browser shows the user a window asking for username/password and sends this information to the server
The server serves the webpage
If I understand correctly, the server caches this auth info and automatically sends it for following requests.
Now, I want to add 2FA. I found out that I can use fastcgi to build a custom authorizer. Can I use this to do 2FA? How can I ask the browser to provide the user with a possibility to enter the OTP? It's no use to cache the OTP and send it with every request, so I guess I need to store a session token or something which the browser should send with every following request?

How do i setup a project with a "complicated" groovy OAUTH application with redirect

Im trying to setup a groovy app where I'm trying to integrate a third party service. They have an OAUTH process where the user clicks on a button and is redirected to their site to login and "grant" my app access to their service (somewhat like facebook). BUT - They are then redirected back to the app with a user "code" in the url as a parameter, which is then used to get an OAUTH token on the user's behalf through a different endpoint. I'm having an issue getting the "code" on the redirect. can anyone help?
wwww.someurl.com?code=2l314jhlk13...2134lkj23h4==
how can groovy listen for the redirect? I don't know where to go from here and the service i am using dosn't have any documentation.
Depending on what service would you like to integrate.
In some of them you can skip redirect. Some of them provides SDK with ready to use solutions.
If nothing - you need to http server.
If you app is a plain groovy without any web frameworks, probably the simplest solution is to use JDK built in http server.
Example - http://glaforge.appspot.com/article/the-jdk-built-in-web-server-with-apache-groovy

identity server token for webapi authorization error

I have a number of web api services created that need to get the authenticated user.
I have gotten the id server v3 working such that I can enter /core and /connect/token and my client gets a token and is passing it back to the server.
single iis server running all of the web app and web services and id server.
when I add the token authentication package I am getting an error that the well known configuration can not be found.
I am looking for what I need to change to make this work so that api calls get an authenticated identity.
I think this is a startup problem but I have my app.map() first and then the app.UseIdentityServerBearerTokenAuthentication() after.
so do I make it wait fro the first to complete ? async ? await ?
ok I am slow, I found an option to delay load the metadata and that fixed that.
now the api calls show that the user is authenticated.

Any way to test OAuth integration to google without having to have a port forwarding rule in my router back to my dev PC?

Any way to test OAuth integration to google without having to have a port forwarding rule in my router back to my development Mac?
Background:
Developing Ruby on Rails web app that will request data from Google Calendar API via OAuth
Using Rails "OAuth Plugin" for this purpose
Developing on MacBook which is running my dev environment
Google needs (as part of OAuth) to make a callback back to my local dev environment
Can't seem to think of a way to test with Google without having to set a Port forwarding rule in my site's router back to my Macbook?
This threw me for a loop too. I actually went through the work of setting it up on a public IP even though I didn't have to in the end.
But yes, your comment is correct. The callback URL is passed on to Google during the redirect then after you've been authenticated with Google, Google will redirect you back to the callback URL providing an authorization code as a parameter.
The only server to server communication that happens is exchanging the authorization code for access and refresh tokens. This typically happens on the callback page. But since it's initiated by your server and not Google, no special open ports are required.

Resources