I want to provide OAuth protocol to my own application using webservices for credentials.
How to get the secret key and consumer key to my application.
If it's your application, then you need to be able to generate the tokens on your server.
Related
I am having trouble understanding how to accomplish this. I have Firebase functions running on my application. I am using an external API in which I can configure Webhooks to hit an endpoint on my Firebase functions to perform an action. To make sure that the call comes from this external API, they recommend using an oauth2 flow. Mainly they ask me for:
Provide us (the external API) with an ID and an access token;
these are used to access a URL which provides a bearer token;
this bearer token is then used to access the provided webhook URL until the bearer
token expires after a pre-determined period of time.
And there are 4 input fields:
1. OAuth2 access token url
2. OAuth2 client id
3. OAuth client secret
4. OAuth2 Scope. <---- NOT SURE WHAT THIS ONE MEANS
My question is how do I generate the access token and the client id for this external API?
What value should I put for the oAuth2 scope?
Thanks!
I was able to figure this out using auth0. In one of their documentations, they cleared explained what I was trying to accomplish. Posting here to future reference in case any one needs it.
Thanks all!
reference: https://auth0.com/docs/authorization/flows/client-credentials-flow#learn-more
You can generate the client ID and client secret in the Console > Credentials.
Cloud Functions API oAuth2 scope is https://www.googleapis.com/auth/cloud-platform.
I have a service protected with OAuth. For it to use, you first require a token.
I have an app, that has only access to an Apigee proxy. I would like Apigee to do the authentication for the client (app), and setup protection with an API key for the client in Apigee. How do I do that?
I think what you are trying to do is what Apigee refers to as Last Mile Security. Unfortunately, it's not as simple as adding a policy and configuring it with a token URL, client ID, and secret. You'll want to make sure you securely store the credentials, cache the token appropriately, and pass the token on to the proxy target.
Fortunately for you, Apigee has a demo project that does what I believe you are trying to do. Basically, your proxy will be configured with simply the Verify API Key Policy (Do this first as if the api key isn't correct, no need to do all the OAuth handshaking). Once confirmed, you can use Javascript policies to check the cache for a token, and then call the OAuth token endpoint to get one if there is a cache miss. I believe it then uses the AssignMessage policy to set the Authorization header to the token. (Note that the example project does not include the Verify API Key policy, but that should be easy enough to add)
Additionally, the demo project stores the client ID and secret in a js file, which I would not recommend. Maybe store it in an encrypted KVM entries?
The Outbound OAuth sample project can be found here.
please refer to below videos for using oauth authentication in your API proxies:
https://www.youtube.com/watch?v=zn94GhcdgHc&list=PLsWqc60hQz4clQ4ykjCu4qyEhdKe11Lvy
You can use Ouath2 - client credential grant Type, that implies that you must add and configure security policies in your proxy, check the following link that explains this flow.
https://docs.apigee.com/api-platform/security/oauth/oauth-20-client-credentials-grant-type
I'm a complete beginner in RESTful services in general. I am required to make an app that would require a user to log in with his credentials and then use the oAuth token to access the provided api.
I registered the app that I made and I have the Client ID and Client secret.
Now I have two questions:
How should the URI look like when I try to get the oAuth token?
What is the redirect uri used for?
I'm using Omniauth to link API with users. Currently I have my site's token and secret in the omniauth.rb file. How can I grab that data for API GET requests? If I can't, where should I store it and how should I retrieve it?
Thanks
I presume you're not familiar with OAuth itself. In order to implement your API interactions effectively, I advise you to read Beginner's Guide to OAuth.
Basically, you're going to register your consumer application in provider application. During that process, you will obtain a secret token, associated with your consumer app. Using that token to identify your consumer application, provider will generate access token for each subsequent request. These tokens are short-lived and basically allow only one requrest to API.
I am trying to use Vimeo services on a web application where users need to be able to upload and list/watch videos. I have created a Vimeo App and they have given an Access token and an Access token secret using which I can access my own account.
Could someone tell me how do I do that from .NET C#
Instantiate an OAuthConsumer from DotNetOpenAuth, passing in an InMemoryTokenManager which you can find from the samples. Add your access token and secret to that token manager. You will also need your consumer key and secret. Then use the OAuthConsumer instance to make authorized outbound calls.
Hint: You won't need to do any of the OAuth authorization flows, since you already have the access token.