I'm looking for a way to secure my own api with OAuth, but all I find is how to create client that connects to Twitter or Facebook. In the ZF2 docs site there is only example how to use ZendOAuth to connect to Twitter service. Is there any tutorial/documentation or anything ?
Which version about Oauth you are looking for ?
Just add one of these modules to create an Oauth provider. Take care! you have to know how oauth works, to integrate into your application.
For oauth 1.0a
https://github.com/bgallagher/BgOauthProvider
For oauth 2.0
https://github.com/php-loep/oauth2-server
see https://stackoverflow.com/a/23302428/389976
Essentially check out Apigility http://www.apigility.org/
Related
OAuth2.0 in webapi
Aim is to implement Web APIs authenticated by an OAuth 2.0 client in appian.
1.I have created a sample WebAPI.
I have created a OAuth credentials from adminconsole. AdminConsole->Web API Authentication->OAuthclients2.0
If i try to access the webapi from browser it is accessible without authorisation. How to integrate this OAuth with my API. is there any attribute needs to be added in appian webapi.?
Kindly help.
How to apply oauth authentication with appian webapi?
all you need to do is add the service account on which you created the Oauth credentials to the application groups in appian application designer
I read this article.
Gmail can't be use in third-party component without using OAuth 2.0?
Should a personal account also use the OAuth 2.0 when using a third-party library?
If you are using Gmail or any other Google API you should be using OAuth 2 flow to ensure a more security scenario.
For your actual questions, yes you need to use OAuth flow to authenticate to any Google API as required, the link you posted about Less Secure Apps already says that they will be deprecated anytime soon and are pretty much discouraged.
I have been playing with the new Admin SDK in conjunction with the "upgraded authorisation experience" and wondered if someone has and experience/examples on how to use it. From what I have read, if you upgrade the authorisation experience you shouldn't need to use OAuth 2.0 and get a client ID and secret from the API console.
When you upgrade the authorisation, the API console entry is automatically created so you just have to turn on Admin SDK. Your app should then run simply using your own admin credentials.
Have I misunderstood this and if so, what is the benefit of the new authorisation experience?
I can use the Admin SDK just fine if I create a client ID and secret in the API console but this is using OAuth 2.0 then.
If someone has an example of how to use the admin sdk with OAuth 1.0 i could have a look at it would be much appreciated.
You will still need get your tokens and API key...
Take from the Directory API documentation:
If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane.
If you are looking for an oAuth2 example with GAS, Arun has a nice example he posted on GitHub, see the SO posting: How to authorize with oauth 2.0 from appscript to Google APIs?
Sorry, I don't have any oAuth1 example to interface with the new APIs.
SalesForce.com Rest API Authentication. Will it allow 2-legged oauth transaction
Yes it does allow 2-legged authentication, although Salesforce docs say that it isn't recommended. It's described in detail here:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_username_password_flow.htm&type=5
From using it I know it always redirects you to salesforce to login and authorise the application, which if I have my terminology right is 3-legged oAuth, so at this point in time I'd say it doesn't support that.
THere's some good information on oAuth and Salesforce here.
Here is the actual support page for Salesforce 2 legged Oauth:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5
Contrary to another answer it is recommended and supported as long as you use the above method.
aka:
OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration
As now we have OAuth and OAuth2 protocol for the various services like Facebook, Twitter, etc. I would to know if it is possible to detect which Service uses which OAuth from the backend programming and hence proceed to use the best suited OAuth 1 or OAuth 2 class library for the OAuth?
Thanks.
You have to read each service provider's(facebook, twitter, etc) API documentation and decide based on that