Vimeo Integration using DotNetOpenAuth - oauth

I am trying to use Vimeo services on a web application where users need to be able to upload and list/watch videos. I have created a Vimeo App and they have given an Access token and an Access token secret using which I can access my own account.
Could someone tell me how do I do that from .NET C#

Instantiate an OAuthConsumer from DotNetOpenAuth, passing in an InMemoryTokenManager which you can find from the samples. Add your access token and secret to that token manager. You will also need your consumer key and secret. Then use the OAuthConsumer instance to make authorized outbound calls.
Hint: You won't need to do any of the OAuth authorization flows, since you already have the access token.

Related

generate an access token for a external API to use firebase functions

I am having trouble understanding how to accomplish this. I have Firebase functions running on my application. I am using an external API in which I can configure Webhooks to hit an endpoint on my Firebase functions to perform an action. To make sure that the call comes from this external API, they recommend using an oauth2 flow. Mainly they ask me for:
Provide us (the external API) with an ID and an access token;
these are used to access a URL which provides a bearer token;
this bearer token is then used to access the provided webhook URL until the bearer
token expires after a pre-determined period of time.
And there are 4 input fields:
1. OAuth2 access token url
2. OAuth2 client id
3. OAuth client secret
4. OAuth2 Scope. <---- NOT SURE WHAT THIS ONE MEANS
My question is how do I generate the access token and the client id for this external API?
What value should I put for the oAuth2 scope?
Thanks!
I was able to figure this out using auth0. In one of their documentations, they cleared explained what I was trying to accomplish. Posting here to future reference in case any one needs it.
Thanks all!
reference: https://auth0.com/docs/authorization/flows/client-credentials-flow#learn-more
You can generate the client ID and client secret in the Console > Credentials.
Cloud Functions API oAuth2 scope is https://www.googleapis.com/auth/cloud-platform.

External API's Calling My API Secured with Azure Active Directory

If I have an API secured with Azure Active Directory, what is the flow when an external API wants to talk to my internal API?
Is this just an API to API call as normal or is this a special circumstance and needs handling a different way?
Is this just an API to API call as normal or is this a special circumstance and needs handling a different way?
The special circumstance may depend on the confidentiality of the resources served by these api(s) and the level of security your application needs. In the end it is an api to api call only.
There are two approaches you can use if Azure Active Directory (AAD) is your Identity Provider for the entire application.
Application Identity with OAuth 2.0 client credentials grant provided by AAD. The calling API makes a request to AAD token endpoint with its client id, client secret (credential) and the application id (the unique id for the callee API) to receive an access token as response. This token is used as Bearer token to call the downstream API. In this approach client id, client secret, application id that are exchanged for an access token, are static values. Some one who has access to these values may find a way to compromise application security (highly unlikely).
The second approach is Delegated User Identity with OAuth 2.0. A request is made to AAD token endpoint with client id, client secret, the access token received as part of calling the tier1 API and a special on_behalf_of parameter to receive an access token, refresh token as response. We preferred this approach as it uses a dynamic value (access token from tier1 api) and also provides a refresh token.
You can read more about these approaches here
If you do not want to use AAD, you can use asp.net built in OwinAuthenticationMiddleware to generate and validate your own access tokens. As said earlier it all depends on your application requirements and implementation details, but in the end it is an API to API call.
Hopefully this is helpful, please let me know if you have any questions.
Thank you,
Soma.
oAuth is done for loggin user to a webservice (see also reference here).
Use OAuth to give your users access to their data while protecting their account credentials.
As another webservice wants to consume one of your service best way to do so is to have another authentication method in order to authorize
Other API, I assume you are talking of machines and not users (alias humans).
So best way is to provide another auth mechanism in order to authorize machines to connect to your API in a safe way.
A simple way to do a machine connection is using a private PKI with public/private key.
A good reference for PKI : http://docs.oracle.com/javase/6/docs/technotes/guides/security/certpath/CertPathProgGuide.html

Using REST api and oAuth2 with iOS app

I'm a complete beginner in RESTful services in general. I am required to make an app that would require a user to log in with his credentials and then use the oAuth token to access the provided api.
I registered the app that I made and I have the Client ID and Client secret.
Now I have two questions:
How should the URI look like when I try to get the oAuth token?
What is the redirect uri used for?

Access my token while keeping it secret (omniauth)

I'm using Omniauth to link API with users. Currently I have my site's token and secret in the omniauth.rb file. How can I grab that data for API GET requests? If I can't, where should I store it and how should I retrieve it?
Thanks
I presume you're not familiar with OAuth itself. In order to implement your API interactions effectively, I advise you to read Beginner's Guide to OAuth.
Basically, you're going to register your consumer application in provider application. During that process, you will obtain a secret token, associated with your consumer app. Using that token to identify your consumer application, provider will generate access token for each subsequent request. These tokens are short-lived and basically allow only one requrest to API.

Related to OAuth

I want to provide OAuth protocol to my own application using webservices for credentials.
How to get the secret key and consumer key to my application.
If it's your application, then you need to be able to generate the tokens on your server.

Resources