Search Results

Search found 799 results on 32 pages for 'authlogic oauth'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 10/32 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Authenticated Referrals & Server-Side Auth Flow - What is the redirect_uri?

    - by Brian P. Hamachek
    From an authenticated referral (such as from a timeline story) to my website, I am trying to use the server-side authentication flow to obtain an access token for the referred user. I need to pass my app secret, the auth code, and the original redirect URI to the Facebook access token endpoint. Since I did not initiate the authentication request, how do I determine the original redirect_uri? The link from the Facebook timeline looks like: http://www.facebook.com/connect/uiserver.php?app_id=153644678059870&method=permissions.request&redirect_uri=http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity&response_type=code&display=page&auth_referral=1 So I figure that the redirect URI I need to pass is: http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity The URI that the user is ultimately redirected to is: http://www.wnmlive.com/post/141833948?fb_action_ids=10100708032119787&fb_action_types=wnm-live%3Apost&fb_source=recent_activity&code=AQALK-Mwb_Nwi4z7FWnFaL6tEXvNtVJiRKrgarG9X73sp22TJyk8v2GWKtuXuevJk4hPSRNnuNpEgZXLFdOS_k-pY-mE15DYytIa8Y7VdSw3VL-XYi-CR9BCqRQGq4uBJvSSdZayCp6MWzDMaNqWd5r8OhKVnOhg_yDlvfoLl21N2SMwkJaOfD5mlPnPb5A-Q4A#_=_ Is it safe to assume that I can just chop off everything starting with the "&code=" and use that as the redirect URI?

    Read the article

  • Google Data Api returning an invalid access token

    - by kingdavies
    I'm trying to pull a list of contacts from a google account. But Google returns a 401. The url used for requesting an authorization code: String codeUrl = 'https://accounts.google.com/o/oauth2/auth' + '?' + 'client_id=' + EncodingUtil.urlEncode(CLIENT_ID, 'UTF-8') + '&redirect_uri=' + EncodingUtil.urlEncode(MY_URL, 'UTF-8') + '&scope=' + EncodingUtil.urlEncode('https://www.google.com/m8/feeds/', 'UTF-8') + '&access_type=' + 'offline' + '&response_type=' + EncodingUtil.urlEncode('code', 'UTF-8') + '&approval_prompt=' + EncodingUtil.urlEncode('force', 'UTF-8'); Exchanging the returned authorization code for an access token (and refresh token): String params = 'code=' + EncodingUtil.urlEncode(authCode, 'UTF-8') + '&client_id=' + EncodingUtil.urlEncode(CLIENT_ID, 'UTF-8') + '&client_secret=' + EncodingUtil.urlEncode(CLIENT_SECRET, 'UTF-8') + '&redirect_uri=' + EncodingUtil.urlEncode(MY_URL, 'UTF-8') + '&grant_type=' + EncodingUtil.urlEncode('authorization_code', 'UTF-8'); Http con = new Http(); Httprequest req = new Httprequest(); req.setEndpoint('https://accounts.google.com/o/oauth2/token'); req.setHeader('Content-Type', 'application/x-www-form-urlencoded'); req.setBody(params); req.setMethod('POST'); Httpresponse reply = con.send(req); Which returns a JSON array with what looks like a valid access token: { "access_token" : "{access_token}", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "{refresh_token}" } However when I try and use the access token (either in code or curl) Google returns a 401: curl -H "Authorization: Bearer {access_token}" https://www.google.com/m8/feeds/contacts/default/full/ Incidentally the same curl command but with an access token acquired via https://code.google.com/oauthplayground/ works. Which leads me to believe there is something wrong with the exchanging authorization code for access token request as the returned access token does not work. I should add this is all within the expires_in time frame so its not that the access_token has expired

    Read the article

  • Access Token Verification

    - by DecafCoder
    I have spent quite a few days reading up on Oauth and token based security measures for REST API's and I am currently looking at implementing an Oauth based authentication approach almost exactly like the one described in this post (OAuth alternative for a 2 party system). From what I understand, the token is to be verified upon each request to the resource server. This means the resource server would need to retrieve the token from a datastore to verify the clients token. Given this would have to happen upon every request I am concerned about the speed implications of hitting a datastore like MySQL or NoSQL upon every request just to verify the token. Is this the standard way to verify tokens by having them stored in a RDBMS or NoSQL database and retrieved upon each request? Or is it a suitable solution to have them cached (baring in mind that we are talking millions of users)?

    Read the article

  • "Could not authenticate you." -error when using Twitter OAuth.

    - by Martti Laine
    Hello I'm building my first system using Twitters OAuth and have some issues. First, I'm using Abraham's Twitter-class for this and I have followed this tutorial. However, I get these lines on my callback.php: Warning: array_merge() [function.array-merge]: Argument #2 is not an array in C:\xampp\htdocs\twitter\twitterOAuth\OAuth.php on line 301 Warning: strtoupper() expects parameter 1 to be string, array given in C:\xampp\htdocs\twitter\twitterOAuth\OAuth.php on line 373 Oops - an error has occurred. SimpleXMLElement Object ( [request] => /account/verify_credentials.xml [error] => Could not authenticate you. ) Is this problem by Twitter-class, or am I doing something wrong? I have my Consumer Key and Consumer Secret in config.php as tutorial says, but should I store something else? Martti Laine

    Read the article

  • REST authentication internal project (iPhone to grails app) using 2 legged oauth?

    - by Rael
    Hi, I'm creating an iPhone project, and will be communicating with a server via REST. I will be sending push notifications, initiated from another service. I would like to authenticate all communication from the iPhone to my server (e.g., synchronising notifications with the server as the push request is not guaranteed to go through) 2 legged Oauth seems to be the ideal solution, however there is not a lot of information regarding it, especially as most of the libraries seem to be oriented towards consumers and not providers. What library should I use? Is Oauth overkill? If so what do you recommend? I'm looking for the simplest possible solution at the moment; If it is going to take me more than a week to implement Oauth, it's simply not worth it. Thanks

    Read the article

  • Authlogic::ControllerAdapters::RailsAdapter::AuthlogicLoadedTooLateError

    - by chs
    Authlogic is trying to prepend a before_filter in ActionController::Base to active itself, the problem is that ApplicationController has already been loaded meaning the before_filter won't get copied into your application. Generally this is due to another gem or plugin requiring your ApplicationController prematurely, such as the resource_controller plugin. The solution is to require Authlogic before these other gems / plugins. Please require authlogic first to get rid of this error. (Authlogic::ControllerAdapters::RailsAdapter::AuthlogicLoadedTooLateError) I had installed radiant 0.9.rc2, extension reader and required gem Authologic So while running script/server on ubuntu 9.04 i am receiving the above error Any Suggestion, Thanx in advance

    Read the article

  • Correct way to safely store token/secret/etc from OAuth?

    - by viatropos
    I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now. Now I'm wondering, what is the recommended safe way to store the responses in my local database and session? What should I store? Where should I store it? This example twitter-oauth-with-rails app stores a user.id in the session, and the user table has the token and secret. But that seems like it'd be really easy to hack and get the secret by just passing in a slew of test user ids, no?

    Read the article

  • What to do with twitter oauth token once retreived?

    - by mcintyre321
    I'm writing a web app that will use twitter as its primary log on method. I've written code which gets the oauth token back from Twitter. My plan is now to Find the entry in my Users table for the twitter username retreived using the token, or create the entry if necessary Update the Users.TwitterOAuthToken column with the new OAuth token Create a permanent cookie with a random guid on the site and insert a record into my UserCookies table matching Cookie to User when a request comes in I will look for the browser cookie id in the UserCookies table, then use that to figure out the user, and make twitter requests on their behalf Write the oauth token into some pages as a js variable so that javascript can make requests on behalf of the user If the user clears his/her cookies the user will have to log in again to twitter Is this the correct process? Have I created any massive security holes? thanks!

    Read the article

  • Authlogic: passwords saved in the DB are not working as expected.

    - by user570459
    Hello everyone, Im having trouble with authlogic on my production server. Im able to update passwords in the database but when i try to validate a user using the new password, the validation fails. Please check the below console output. Notice how the salt and crypted_password fields get update before and after the new password is saved. The issue is only on my production server (running passenger). Everything works fine on my development machine. => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "9bc86247105e940bb748ab680c0e77d9c44a82ea", salt: "WdVpQIdwl68k8lJWOU"> irb(main):003:0> u.password = "kettik123" => "kettik123" irb(main):004:0> u.password_confirmation = "kettik123" => "kettik123" irb(main):005:0> u.save! => true irb(main):006:0> u.valid_password?("kettik123") => true irb(main):007:0> u.reload => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "f059007c56f498a12c63209c849c1e65bb151174", salt: "lVmmczhyGE0gxsbV421A"> irb(main):008:0> u.valid_password?("kettik123") => false The authlogic configuration in my User model.. class User < ActiveRecord::Base acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field false c.perishable_token_valid_for = 1.day c.disable_perishable_token_maintenance = true end I use the email field as the main key for the user. Also the email field is allowed to be blank in some cases (eg a facebook user) Also i belive that my schema is proper (in terms of the length of the salt & crypted password fields) create_table "users", :force => true do |t| t.string "login" t.string "email" t.string "crypted_password", :limit => 128, :default => "" t.string "salt", Any help on this would be highly appreciated. Thanks.

    Read the article

  • why OAuth request_token using openid4java is missing in the google's response?

    - by user454322
    I have succeed using openID and OAuth separately, but I can't make them work together. Am I doing something incorrect: String userSuppliedString = "https://www.google.com/accounts/o8/id"; ConsumerManager manager = new ConsumerManager(); String returnToUrl = "http://example.com:8080/isr-calendar-test-1.0-SNAPSHOT/GAuthorize"; List<DiscoveryInformation> discoveries = manager.discover(userSuppliedString); DiscoveryInformation discovered = manager.associate(discoveries); AuthRequest authReq = manager.authenticate(discovered, returnToUrl); session.put("openID-discoveries", discovered); FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute("email","http://schema.openid.net/contact/email",true); fetch.addAttribute("oauth", "http://specs.openid.net/extensions/oauth/1.0",true); fetch.addAttribute("consumer","example.com" ,true); fetch.addAttribute("scope","http://www.google.com/calendar/feeds/" ,true); authReq.addExtension(fetch); destinationUrl = authReq.getDestinationUrl(true); then destinationUrl is https://www.google.com/accounts/o8/ud?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2Fexample.com%3A8080%2FgoogleTest%2Fauthorize&openid.realm=http%3A%2F%2Fexample.com%3A8080%2FgoogleTest%2Fauthorize&openid.assoc_handle=AMlYA9WVkS_oVNWtczp3zr3sS8lxR4DlnDS0fe-zMIhmepQsByLqvGnc8qeJwypiRQAuQvdw&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ext1.type.oauth=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Foauth%2F1.0&openid.ext1.type.consumer=example.com&openid.ext1.type.scope=http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F&openid.ext1.required=email%2Coauth%2Cconsumer%2Cscope" but in the response from google request_token is missing http://example.com:8080/googleTest/authorize?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2011-11-29T17%3A38%3A39ZEU2iBVXr_zQG5Q&openid.return_to=http%3A%2F%2Fexample.com%3A8080%2FgoogleTest%2Fauthorize&openid.assoc_handle=AMlYA9WVkS_oVNWtczp3zr3sS8lxR4DlnDS0fe-zMIhmepQsByLqvGnc8qeJwypiRQAuQvdw&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.email%2Cext1.value.email&openid.sig=5jUnS1jT16hIDCAjv%2BwAL1jopo6YHgfZ3nUUgFpeXlw%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawk8YPjBcnQrqXW8tzK3aFVop63E7q-JrCE&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawk8YPjBcnQrqXW8tzK3aFVop63E7q-JrCE&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_response&openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ext1.value.email=boxiencosi%40gmail.com why?

    Read the article

  • Using Google AppEngine app as a OAuth provider

    - by Alistair
    Hi, I'm using the Google AppEngine 1.3.4 SDK which offers to allow your application to act as a OAuth service provider (http://code.google.com/appengine/docs/python/oauth/). Setting up a standard application on my localhost and using the following: Request URL /_ah/OAuthGetRequestToken Authorize URL /_ah/OAuthAuthorizeToken Access Token URL /_ah/OAuthGetAccessToken The client application just gets sent to a page requesting to grant OAuth access even though no user is logged in. Clicking 'Grant access' results in a message saying 'OAuth access granted' with no tokens or anything exchange. Can't see how this could work when it's not even prompting for a login. As this functionality is quite new I can't find much out there. I've created a OAuth provider before in Rails and know that you need a Consumer Key and Secret, something that seems to be lacking in GAE? Any ideas on how to get OAuth working in a sample GAE project are most welcome.

    Read the article

  • Rails: Polymorphic User Table a good idea with AuthLogic?

    - by sscirrus
    Hi everyone, I have a system where I need to login three user types: customers, companies, and vendors from one login form on the home page. I have created one User table that works according to AuthLogic's example app at http://github.com/binarylogic/authlogic_example. I have added a field called "User Type" that currently contains either 'Customer', 'Company', or 'Vendor'. Note: each user type contains many disparate fields so I'm not sure if Single Table Inheritance is the best way to go (would welcome corrections if this conclusion is invalid). Is this a polymorphic association where each of the three types is 'tagged' with a User record? How should my models look so I have the right relationships between my User table and my user types Customer, Company, Vendor? Thanks very much!

    Read the article

  • Twitter @Anywhere oauth_bridge_code

    - by AngelCabo
    I'm having trouble with Twitter's implementation of an oauth_bridge_code for the @anywhere api. I've seen a few walkthrough's on how to use this functionality but I can't seem to get the request to work for me. I'm using Ruby on Rails with the oauth gem. My code is as follows: def callback consumer = OAuth::Consumer.new(APP_CONFIG['twitter_key'], APP_CONFIG['twitter_secret'], :site => "http://api.twitter.com", :request_token_path => "/oauth/request_token", :authorize_path => "/oauth/authorize", :access_token_path => "/oauth/access_token", :http_method => :post) request = OAuth::AccessToken.new consumer json = request.post("https://api.twitter.com/oauth/access_token?oauth_bridge_code=#{params[:oauth_bridge_code]}") end I keep getting 401 unauthorized responses from the signed post request even though this is supposed to be working according to this walkthrough: http://blog.abrah.am/2010/09/using-twitter-anywhere-bridge-codes.html and a presentation from Matt Harris on slideshare. Any ideas on what I'm doing wrong (besides possibly trying to hit functionality that may not be in place)? Greatly appreciated!

    Read the article

  • How do I let a user sign in from a different domain on Authlogic?

    - by Newy
    [This is slightly different than a previous question about having multiple domains share the same cookie. It seemed like there wasn't an easy way to do that.] I have a application at application.com. A customer has app.customer.com pointed at my site on Heroku, and I have everything set up so that it renders a specific version of app correctly. The issue is that I want a user at app.customer.com to be able to login. I believe authlogic is now setting the cookie on application.com, so while it verifies the credentials, no session on customer.com is ever created.

    Read the article

  • Is it possible to use OAuth starting from the service provider website?

    - by Brian Armstrong
    I want to let people create apps that use my API and authenticate them with OAuth. Normally this process starts from the consumer service website (say TwitPic) and they request an access token from the service provider (Twitter). The user is then taken to the service provider website where they have to allow/deny access to to the consumer. I'm wondering if it's possible to initiate this process from the service provider website instead. So in this example you would start on Twitter's site, and maybe there is a section marked "do you want to turn on access for TwitPic?". If you click yes, it passes the access token directly to TwitPic which now has access to your account. Basically, fewer steps. I'm looking at the OAuth docs and it looks like the request token is generated on the consumer side and used later to turn it into an access token. So it's not really designed with what I described above in mind, but I thought there might be a way. http://oauth.net/core/1.0/ (Search for "steps") Thanks!

    Read the article

  • How can I spec out an authlogic sessions controller using using a stub?

    - by Dave
    I want to test my User Session Controller testing that a user session is first built then saved. My UserSession class looks like this: class UserSession < Authlogic::Session::Base end The create method of my UserSessionsController looks like this: def create @user_session = UserSession.new(params[:user_session]) if @user_session.save flash[:notice] = "Successfully logged in." redirect_back_or_default administer_home_page_url else render :new end end and my controller spec looks like this: describe UserSessionsController do it "should build a new user session" do UserSession.stub!(:new).with(:email, :password) UserSession.should_receive(:new).with(:email => "[email protected]", :password => "foobar") post :create, :user_session => { :email => "[email protected]", :password => "foobar" } end end I stub out the new method but I still get the following error when I run the test: Spec::Mocks::MockExpectationError in 'UserSessionsController should build a new user session' <UserSession (class)> received :new with unexpected arguments expected: ({:password=>"foobar", :email=>"[email protected]"}) got: ({:priority_record=>nil}, nil) It's although the new method is being called on UserSession before my controller code is getting called. Calling activate_authlogic makes no difference.

    Read the article

  • Step by Step Guide to Delicious OAuth API

    Learn how to use Delicious OAuth API in your .NET projects with an example...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >