OAuth within non browser application? - oauth

I know how OAuth works in web applications that run in a browser, but I'm not sure how OAuth can be implemented in an application that does not run in a browser.
It's easy to display the URL using some kind of a WebView, but how do I get back the information it sends back? My research doesn't reveal a straightforward way to do this.

There are a few Java libraries out there that can do this. (Are you looking for a particular language?)
Scribe is probably the most mature Java library:
https://github.com/fernandezpablo85/scribe-java
There are more libraries for pretty much every language here:
http://oauth.net/code/

Related

spring-authorization-server and OpenId Connect and angular-oauth2-oidc

In my project i have an angular app where i use https://github.com/manfredsteyer/angular-oauth2-oidc and a SpringBoot backend.
In the UI i copied most of the Stuff from here https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards.
My Code works with https://demo.identityserver.io and with a local Keycloak.
I only have to change the only:
spring.security.oauth2.resourceserver.jwt.jwk-set-uri (in the Backend)
In the frontend "issuer: 'http://localhost:8080/realms/master',"
to fit to the corresponding server
My "Dream" would be to use the spring-authorization-server. In my app i can create User dynamicly, and there for i need to be able to add this user to the authorization-server with a REST call. As fare as i understand, the spring-authorization-server code that should be ease to extend.
I copied over the spring-authorization-server code from https://www.baeldung.com/spring-security-oauth-auth-server with the base spring-authorization-server version: 0.2.0.
The Server starts and my App does the Redirect to the LoginPage. When it comes back from the spring-authorization-server the angular UI OIDC code detect a problem with the "Nonce", sometimes is missing, sometimes it does not match. Unfortunately i was not able to find the reason for that behaviour :-(
As my code works with the other two implementations, i suspect either a misconfiguration or a bug in the spring-authorization-server.
The documentation on spring-authorization-server is pretty slim.
Question: Does somebody know a place where a spring-authorization-server is used with a web client an OpenId Connect?
2.3.2022 Update: I open a Issue at the spring-authorization-server https://github.com/spring-projects/spring-authorization-server/issues/640
I hope this will bring some more info.
Best Regards T
I gave up on angular-oauth2-oidc after days of suffering. With angular-auth-oidc-client it works after 2h :-) They have better documentation and way more examples with different scenarios. I really can recommend it :-)
#Steve Thanks for the hint with the lib angular-auth-oidc-client.
I'm unfamiliar with angular-oauth2-oidc. However, I would recommend angular-auth-oidc-client.
See this branch containing a working sample that uses this client. The sample demonstrates obtaining an access token as a public client as well as authenticating to a backend for frontend application (or BFF, which is the recommended choice) without using any client-side library. We will be presenting a webinar on March 10, 2022 on this topic. You can register here.
You can also check out this sample from SpringOne 2021, which also demonstrates an Angular application utilizing a BFF and retrieving data from a resource server.

PayPal integration. C# POST vs. WSDL

I got the PayPal integration working well using plain old HTTP POST using C# & .NET 2/3.5. I also get all transaction details in the response.
So, if I want to use WSDL (SOAP), will there be any advantage? (you can assume I know how to use web services)
Also, are there any examples on a complete C# project using this method? I already looked at http://www.codeproject.com/Articles/42894/Introduction-to-PayPal-for-C-ASP-NET-developers
but that page tells very little about how to make a fully functional transaction using WSDL.
Any ideas?
Or "if it ain't broke, don't fix it"
thanks!
I really don't work from WSDL's very often because I'm primarily a PHP developer. I have worked with them in Adobe Flex, though, and I gotta say I liked what I saw.
Basically, I was able to hook the WSDL up in Flex (which you can do in other IDE's as well) and it automatically gave me access to all of the API calls in the system. I could see all of the possible requests (functions) available to the web service as well as how to build them without even referring to much documentation.
When building HTTP requests directly (NVP/XML/JSON/etc) you gotta refer to documentation quite a bit to see how to build the request, and there's typically more trial and error involved, too, until you get things working. The WSDL helps you get around that, although, in reality you'll probably still be referring quite a bit to documentation.
The WSDL/SOAP tools I've used with PHP don't work nearly as nice as Flex or Visual Studio from what I've seen, so I typically stick to custom class libraries that build my requests for me. when I'm working in other platforms that utilize WSDL's a little nicer, though, I definitely prefer it.

Twitter OAUTH and a Win32 EXE Desktop Application

I have been coding against a Delphi EXE (win32 desktop app) to access twitter and do certain functions. It used to use Basic authentication with the api limitation. I know I have to convert this to OAuth. I have been reading over the documentation trying to determine the best approach. I understand the best method is the Web browser with a call back url. I also know that Twitter includes a Pin Based (oob) authentication method. I figured this was the route to go with this application, but I want to make sure since that is not seamless. It requires the user to go external to the application and get a pin number. It also is not as secure since the access token returned never expires.
I am using Indy v10 components to do the GET/POST operations, so I am wondering if there is a way to do this using them and being able to do a callback and not use the Pin authentication method.
Can anyone help me?
Also I've been trying to get Chuck Beasley's Twitter Class working in Delphi 7 with Indy v10 and I've been having trouble. IdObjs and Idsys don't exist anymore. Has anyone got this class to work with my scenario?
Thanks,
David
OAuth is a standard used for Web applications, its text is liberally littered with the word 'agent', meaning a browser. The best solution IMHO is, if possible, to actually have a callback URL, meaning you have your own site which provides the service to back your application functionality. There are services that make this possible for third parties already, like JanRain. If these options are not feasible (meaning you cannot provide a true WWW site for the callback URL) not feasible, then your only option is indeed the out-of-band authentication, oob. Don't even think about having the OAuth authentication call back the app listening on some port, that is completely unreliable for 1) the vast majority of apps will sit behind some sort of NAT device (router, outbound proxy) which makes them unreachable from the OAuth prvider and 2) the OS firewall will block your incoming calls.
In the mean time, Beasly's Twitter class has been expanded/updated; see the latest incarnation
I've started a library that uses Synapse to access twitter. It can use OOB/PIN authentication and predefined oauth token/secret. It can be extended to use browser based auth. Currently written using FPC but should be adaptable to Delphi quite easily. FPCTwit code
You may wanna try my take on twitter, supports unicode as well unlike the other delphi implementations:
http://eden.fm/2011/02/27/twitter-library-for-delphi/
I don't use Indy though, but ICS

Erlang Facebook Example

Does anyone know of an example facebook app (or facebook connect app) done in Erlang? I'm looking for something that includes the whole process. Specifically I don't seem to find anything on user authentication.
I've checked out erlang_facebook, erlang2facebook and erlyface but none of them seem to offer a simple and comprehensive example accessible to me as a beginner .
I'd be happy for just a bit of code to plough through though, preferably using mochiweb as backend.
I've played around writing a FB app in Erlang and looked at the projects you mentioned as well. I found it easier to just use FB's graph API directly for authentication, etc. I used Nitrogen/Mochiweb for the web server and made graph requests with httpc:request.
Zotonic (Erlang CMS/Framework) provides Facebook integration, including authentication.
http://zotonic.com/mod-facebook
A few years on and I still find Jeremy Raymond's method satisfying. In particular, wrapping their ever-changing url-as-an-API scheme inside your own API seems to be the most painless. httpc is useful, and so is cowboy if you are familiar with that.
Whatever you choose, you should absolutely not be designing your ideas around their API. Convert their ideas into your project's semantics by wrapping their API. After all, the web isn't the whole internet and you never know when FB might stop being the cool place to waste your life. There is no telling if your application/library/codebase-you-use-on-something-else will outlive theirs.

Work flow for authentication and API use with Twitter on OAuth

I'm a bit confused about all this OAuth bruhaha in the sense that all the examples I can find are for web applications and none of them for desktop applications.
I understand the Web application work flow, but that includes some redirections between the web app and twitter.
How does one do this in an desktop application?
How does the redirects work?
Should I have to include a Web Browser object?
Is there a way to go around this?
Could anyone point me to resources instead of a full blown solution please?
Thanks
Not sure which language you're using, but the .NET library for Twitter called Tweetsharp has a post on using Tweetsharp from a desktop app and authenticating via OAuth. See http://tweetsharp.com/?p=68. If you're not using .NET then perhaps it will inspire something you can do?
Basically, what tweetsharp does is launch the browser to the authentication URL and then waits for the user to return. I don't know of any way to do this other than something like that (Or include a WebBrowser control of some kind to launch the authentication URL in your own window).
Here's a straightforward solution, implemented as a set of PHP scripts for running from the command line. Well documented and explained, with a helpful 'verbose' option for debugging.
http://nullinfo.wordpress.com/oauth-twitter/
After some poking around and asking some questions about this subject to some other programmers, it looks like it's still an ongoing discussion, with no visible light at the end of the tunnel.
But for people interested on the ongoing discussion, here's the best link to have:
OAuth Desktop Discussion
I've seen a few desktop apps get around this by effectively embedding a browser into their program, so they can just open the in-app browser window to let you do the login and authorisation. This strikes me as a bit of a cheat or defeat of purpose because you still end up typing your ID and password inside the application anyway.
One possibility I was thinking of was, your desktop application could embed a mini HTTP server inside it. So then it launches the default browser to perform the authorisation, with a callback URL something like http://127.0.0.1:8765/oauthorized and then just listen for it.
Would that work?
Not sure what you would do for console applications... spawn a copy of lynx?
Include a WebBrowser control in your app. Put it in a panel or a separate form that you'll Form.ShowDialog().
Create a callback for the browser's successful posting of OAuth and one for a rejection. Don't forget to check for a FailWhale.
In the callback, you close the panel or form and store the token.
Here's a nice overview with sample code and everything: http://tweetsharp.com/2009/04/how-to-authenticate-a-desktop-application-with-oauth/

Resources