I have a desktop application. For authentication I am using the Client-side Flow as described in https://developers.facebook.com/docs/authentication.
How do I specify locale when I request the OAuth dialog such as:
https://www.facebook.com/dialog/oauth?locale=en_US...
But when I do this, the locale value is not carried through the redirect.
(Before OAuth, I used locale= when requesting the login dialog using Connect.)
Is this a bug or am I missing something?
Related
Within our application there's a possibility of using authentication with OAuth 2.0 several times. First authentication will show us an authentication dialog box, when we want to do it one more time (second authentication) we are redirected without authentication dialog box to redirect_uri.
How is it possible to always see the authentication dialog box?
That will generally require support from the identity provider and as far as I'm aware LinkedIn does not support this, neither in a standard way or provider-specific way.
In accordance to the standards this would be accomplished by using the OpenID Connect prompt parameter when performing an authentication request. You would pass the login value and the provider, if compliant to the specification, would need to:
login
The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.
However, I don't know how widespread support for this is. In LinkedIn, I think support is nil. Google also does not list the login option as a supported value in their documentation, however, they support select_account which may solve some scenarios. Another example, Auth0 does support the reauthentication through prompt=consent although it's not documented anywhere, so might change.
So I setup an OAuth provider with doorkeeper on a Rails 5 app. During the flow when a client app asks for an access token, I see a browser html page asking me to "Authorize" or "Deny" access.
Once I click "Authorize", I never see the html page asking me to Authorize/Deny again, even if I clear the cookies. Why is this? And how do I keep enabling the Authorize/Deny page during testing?
OAuth authorization/authentication is stateless; it doesn't depend on cookies. Instead, the token is sent on every request that needs authentication, akin to how HTTP basic auth works.
Is there a way to grant a user access to protected Django-serve HTML page using OAuth access_token provided by django-oauth-toolkit?
I'm developing a plugin for a 3rd party application where the user starts the OAuth flow through a popup window to receive an access_token required by the plugin to call our REST API. The user will later have to access a protected HTML page in our application but this page isn't accessible by OAuth as it requires authentication set up by django-allauth. This causes the user to log in twice which is not a pleasant user experience.
I've tried setting Authorization headers when accessing this HTML page using GET, but that doesn't seem to work with HTTP. Perhaps I need to create a custom middleware to handle this but I'm not sure. Wondering if anyone else out there has encountered this.
For anyone else facing a similar issue, this was resolved by using an access_token as a query param in the url to login to the protected HTML. A custom authentication middleware class was implemented to handle this.
We have SAML-based single sign-on (SSO) enabled between our company's Intranet Portal and Box so that the users do not use username and passwords to login to Box.com. They just click on a button on Intranet Portal which posts a SAML assertion to Box.com to authenticate.
We would like to provide the ability to our users to search their Box documents directly from the Intranet Portal and the Box.com API looks like a perfect fit. However, it requires OAuth access token.
The question is:
Is there any way to obtain the OAuth token from SAML assertion?
The Box Embed allows embedding of folders view on to other sites. Is there any way to embed just the search results. In other words, I am looking for a way to do this <iframe src="https://www.box.com/....?search=keywords"></iframe> where it would just display the search results in iframe.
1. I don't know if it is possible to get an OAuth2 token from a SAML assertion -- I'd think that it isn't -- but you can pretty easily configure a Box application to support your company's SSO. The first step of Box's OAuth2 authorization process is to redirect the user's browser to a URL similar to:
https://www.box.com/api/oauth2/authorize?response_type=code&client_id=MY_CLIENT_ID
On this page the user can log into Box with whatever credentials they chose and authorize your application to touch their files. In order to take advantage of your company's SSO integration, you will instead redirect the user to:
https://sso.services.box.net/sp/startSSO.ping
?PartnerIdpId=<YOUR_IDP_URN>
&TargetResource=https%3A%2F%2Fwww.box.com%2Fapi%2Foauth2%2Fauthorize%3Fresponse_type%3Dcode%26client_id%3DMY_CLIENT_ID
Where:
The PartnerIdpId is the URN of your company's IdP.
The TargetResource is the HTTP-encoded version of the default OAuth2 authorization URL that was described above.
This will tell Box to bounce the user over to your IdP for authorization instead of prompting the user to log in with Box credentials. The OAuth2 process will then carry on as normal.
2. I don't know that this is possible either, but with a valid OAuth2 token you can easily tap into the Box Search API.
In my app I have implemented Login module auth security by implementing security realms. But i am thinking of implementing a OAUTH2.0 authentication where user will be authenticated once I will get a token and re-validate than on app starts.
So please one guide what are the prerequisites to implement this. Can I achieve this by creating a custom authentication module ? Any guide sample code will be really helpful.
There is an article that was published that shows how to use OAuth with inappbrowser and Worklgiht using LinkedIn found at the following location:
http://www.ibm.com/developerworks/library/mo-worklight-linkedin/
This article is a great sample to getting you started using Worklight and OAuth. Let me know if you have any further questions
Take a look at this SO answer:
https://stackoverflow.com/a/18172484/440934
Hybrid apps do not have a public URL that an OAuth provider can redirect to, but there are some tricks you can do with the child browser plugin to 'hack' around them (see the first link). You can have your OAUTH provider redirect to a dummy URL that the child browser can intercept and parse the token from the URL (there are even some security concerns there). OAuth2 gets even trickier when configured not to place a token in the redirect URL and instead placing it in the body or in a header. Child browser does not expose these details which means some more custom native work to grab them if that is your only route.