Search Results

Search found 653 results on 27 pages for 'oauth 2 0'.

Page 11/27 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • Best Practices For Secure APIs?

    - by Ferrett Steinmetz
    Let's say I have a website that has a lot of information on our products. I'd like some of our customers (including us!) to be able to look up our products for various methods, including: 1) Pulling data from AJAX calls that return data in cool, JavaScripty-ways 2) Creating iPhone applications that use that data; 3) Having other web applications use that data for their own end. Normally, I'd just create an API and be done with it. However, this data is in fact mildly confidential - which is to say that we don't want our competitors to be able to look up all our products every morning and then automatically set their prices to undercut us. And we also want to be able to look at who might be abusing the system, so if someone's making ten million complex calls to our API a day and bogging down our server, we can cut them off. My next logical step would be then to create a developers' key to restrict access - which would work fine for web apps, but not so much for any AJAX calls. (As I see it, they'd need to provide the key in the JavaScript, which is in plaintext and easily seen, and hence there's actually no security at all. Particularly if we'd be using our own developers' keys on our site to make these AJAX calls.) So my question: after looking around at Oauth and OpenID for some time, I'm not sure there is a solution that would handle all three of the above. Is there some sort of canonical "best practices" for developers' keys, or can Oauth and OpenID handle AJAX calls easily in some fashion I have yet to grok, or am I missing something entirely?

    Read the article

  • How do you comment on an RFC?

    - by Greg Beech
    I have some comments about the OAuth draft RFC (specifically about some errors it contains), but I'm not sure what the accepted way is to make them. There's an email address at the bottom, so do I simply send mail there with the comments, or is there some IETF tool I should know about for tracking comments/issues?

    Read the article

  • (O)Auth with ExtJS

    - by TheShow
    Hi, today i tried to get django-piston and ExtJS working. I used the ExtJS restful example and the piston example to create a little restful webapp. Everything works fine except the authentication. Whats the best way to get Basic/Digest/OAuth authentication working with ExtJS? Atm I'm not sure where to set the Username/Password. Thanks

    Read the article

  • Authentication and authorization for RESTfull API (java jersery)

    - by abovesun
    Hi, implementing service something similar with tinyurl or bit.ly, I'm would like to expose service as API, I'm using java and jersey as RESTfull service implementation. I'm looking for simplest way for authentification of users who use API, OAuth is first thing coming in mind, but the problem is I don't need this 3 iteration calls with request token query, than access token query with callback url passing. I just need to give user ability to invoke api with no additional security calls to my server.

    Read the article

  • Twitter authentication without authorization

    - by user325377
    I wish to get the tweeter usename of a visitor to my site. I do not wish to post statuses or access any other information. I'd be happy to use OAuth, possibly with a 'Sign in with Twitter' button, but this then takes the user to a page which requests authorization for the application, that I wish to avoid. Is there a way to get the username without authorization? Thanks, Daniel

    Read the article

  • Problem with posting the message using php

    - by Darshana
    Hello, I have successfully come up to the access_token step along with final oauth_token and oauth_token_secret values. Now I'm trying to access the Post method given by Yammer API with following request : https://www.yammer.com/api/v1/messages/? body=MyMessage& oauth_consumer_key=Myconsumerkey& oauth_nonce=1825bbc0f0a2875eb94bdb4d51c0638b& oauth_signature=JzG4DCWxuP%2B7xT7u3tFZ2zCC8%2BI%3D& oauth_signature_method=HMAC-SHA1& oauth_timestamp=1257761059& oauth_token=Myfinaloauthtoken& oauth_version=1.0 But I'm getting "Invalid OAuth signature" error. Can somebody help me in this.

    Read the article

  • Login via Google Apps

    - by steven
    How can I authenticate my users via our their Google Apps account. I also need access to their email. I've read Oauth is needed but I have no idea if that is correct. I'm using PHP.

    Read the article

  • Hello World to Twitter from C#

    - by cf_PhillipSenn
    A few days ago, I posted this question and this question asking about how to post "Hello World" to twitter. I've gotten helpful responses, which have propelled me further along, but I'm still lost. I need to use OAuth because (as I read it) using username and password is going to be deprecated soon. I need an example as simple as updating the status with the string constant 'Hello World!'. My client is specifying that I must use C#.

    Read the article

  • Oauth Logout using facebook graph api

    - by Sam
    Hi, I just made a website where i'm authorizing the users using the oauth2.0 and graph api. I also want to user logout from my website and facebook site,when they click on the logout button. I'm unable to find a solution for this last 24 hours.My code is in asp.net. Thanks in Advacnce

    Read the article

  • OAuth in Rails - google, twitter, facebook, connect for login like stackoverflow login

    - by Sam
    Rails has the rest autho plugin which works well but is there a solution for incorporating twitter, facebook, google, yahoo, etc... Seems like each on has its own plugin and demands and mixing them is going to be a mess. This is for logging in users like how Stackoverflow gets things done not for using the robust features of the APIs. What I want to do is do what stackoverflow did for login but in rails.

    Read the article

  • Twitter-OAuth update_profile_*_image methods problem [EpiTwitter]

    - by KPL
    People, I have been struggling over the two methods - Update Profile Image and Update Background Image I am using EpiTwitter library. I am uploading GIFs, Twitter returns the expected result for update_profile_background_image but returns 401 for update_profile_image , but the image is not changed. Here are the headers catched from $apiObj-headers in my case while using the update_profile_background_image Array ( [Date] = Sat, 24 Apr 2010 17:51:36 GMT [Server] = hi [Status] = 200 OK [X-Transaction] = 1272131495-55190-23911 [ETag] = b6a421c01936f3547802ae6b59ee7ef3" [Last-Modified] = Sat, 24 Apr 2010 17:51:36 GMT [X-Runtime] = 0.13990 [Content-Type] = application/json; charset=utf-8 [Content-Length] = 1272 [Pragma] = no-cache [X-Revision] = DEV [Expires] = Tue, 31 Mar 1981 05:00:00 GMT [Cache-Control] = no-cache, no-store, must-revalidate, pre- check=0, post-check=0 [Set-Cookie] = *REMOVED* [Vary] = Accept-Encoding [Connection] = close ) and for update_profile_image - Array ( [Date] => Sat, 24 Apr 2010 17:57:58 GMT [Server] => hi [Status] => 401 Unauthorized [WWW-Authenticate] => Basic realm="Twitter API" [X-Runtime] => 0.02263 [Content-Type] => text/html; charset=utf-8 [Content-Length] => 152 [Cache-Control] => no-cache, max-age=300 [Set-Cookie] => *REMOVED* [Expires] => Sat, 24 Apr 2010 18:02:58 GMT [Vary] => Accept-Encoding [Connection] => close ) Can somebody help me out?

    Read the article

  • Twitter integration with C#.NET applications - NULL Pointer Exception

    - by Kanini
    Trying to integrate Twitter with ASP.NET application (Code in C#). This is the code I have written for the first sign in to Twitter. When I debug the application, I do get the token response and the response redirect happens appropriately. However, if I host it on IIS and access it, I get a Null Pointer Exception. Why is that? //Retrieve consumerKey and consumerSecret var v_consumerKey = ConfigurationManager.AppSettings["consumerKey"]; var v_consumerSecret = ConfigurationManager.AppSettings["consumerSecret"]; //Check if user is a valid user if (Request.QueryString["oauth_token"] == null) { OAuthTokenResponse t_requestToken = OAuthUtility.GetRequestToken(v_consumerKey, v_consumerSecret); Response.Redirect("http://twitter.com/oauth/authorize?oauth_token=" + t_requestToken.Token); } else { string s_oAuthToken = Request.QueryString["oauth_token"].ToString(); var v_accessToken = OAuthUtility.GetAccessToken(v_consumerKey,v_consumerSecret,s_oAuthToken); }

    Read the article

  • OpenID Authentication 2.0 in Joomla 1.0.x

    - by Michael Pliskin
    Is there any easy way to bring OpenID authentication into a Joomla 1.0.x website? I am particularly interested in Google authentication (so I'll want OAuth &/or OpenID Attribute Exchange as well later), but for now just authentication will work. I know Joomla 1.5.x supports OpenID natively but I have to stick with 1.0.x for now. Any ideas? There are some traces of com_openid component on the net but I cannot find anything to look at.. EDIT I managed to find a J-OpenID component, gonna give it a try.

    Read the article

  • Interfacing my application with existing authentication systems

    - by Karan Bhangui
    I'm writing a web based application that will have its own authorization/authentication mechanism (traditional cookie/session based user/pass). However, depending on the organization that licenses the software, I want them to be able to plug in their own existing internal authentication system as a way to replace mine. Ideally, they'd have to run as little code as possible on their end; I'm trying to make this a mostly hosted service. I'm aware of the existence of OAuth, but don't entirely understand how I would go about implementing the system at a higher level. Any tips would be appreciated.

    Read the article

  • How to secure connection between PHP and Android

    - by Elad Cohen
    I am developing an application for the Android that requires a connection with PHP pages in order to add sensitive data to a database that will affect the application. Since it's very easy to reverse engineer an android app, one can simply find the url where the data is sent to and manipulate it. I thought about creating a registration based on IMEI, but one can still able to manipulate it for his malicious purposes. I have also checked OAuth but I didn't really understand how it works and if it can help in my condition. What can I do to fully secure my application? Thanks in advance! EDIT: By the way, what I am mostly trying to achieve here is to make sure the requests are being sent from an Android and not from any other device.

    Read the article

  • OAuth2 Flow for Mobile Devices

    - by Bart Jedrocha
    We're currently working on an API that will be consumed by a variety of different devices. We want to use the OAuth2 spec as it defines several flows which were not available in the original OAuth spec. My question is, what flow would work best for a mobile device such as the iPhone or iPad? What flow does an application like TweetDeck use? Looking around the web it seems clients like TweetDeck use the 'Username and Password Credentials Flow" (browserless token exchange). Can anyone provide more information on this topic?

    Read the article

  • Request error "enable cookies" while posting app request to LinkedIn

    - by Jay
    Cookie error Hi, I am running S60 SDK 5th with Eclipse pulsar on win 7. I have oauth_token using with this Url https://www.linkedin.com/uas/oauth/authorize?oauth_token=. To get that grant access screen by LinkedIn. I am loading above Url using htmlComponent, and adding HtmlComponent to form and show it. Occasionally when I click on the "Ok I'll Allow It" button (i.e. after the button has been pressed) I get the following error message. "We’re sorry, there was a problem with your request. Please make sure you have cookies enabled and try again." but i'm receiving the response with oauth_token, oauth_token_secret, oauth_callback_confirmed = true, xoauth_request_auth_url, oauth_expires_in. Some buddy please help.

    Read the article

  • How to handle multiple openIDs for the same user

    - by Sinan
    For my site I am using a login system much like the one on SO. A user can login with his Facebook, Google (Gmail openID), Twitter account. This question is not about specific oAuth or openID implementations. The question is how to know if the same user logins with different providers. Let me give an example: Bobo comes to site logins to site by clicking on "Login with Facebook". Because this is his first visit we create an account for him. Later Bobo comes to the site. This time he clicks on "Login with Google". So how do I know if this is the same person so I can add this provider to his account instead of creating a new (and duplicate) account. Can I trust solely on email? What is the best way to handle this. How does SO do it? Any ideas?

    Read the article

  • DotNetOpenAuth for previously authorized site

    - by Burke Holland
    I've had great luck with DotNetOpenAuth to do 3 legged authorization. Currently, I am connecting and pulling in some Google data. My question is that apparently, if you have already auth'd my web application to your Google account, when I call var accessTokenResponse = google.ProcessUserAuthorization(); It basically does nothing. How do I get the token for an account that has already auth'd my application? I see no callback of any kind. I'm chocking this up to my ignorance about OAuth in general.

    Read the article

  • Unable to access LinkedIn conections using python rauth library

    - by srinath sastry
    I was trying out this example at https://github.com/litl/rauth/blob/master/examples/linkedin-web.py I get a 403, Access to connections denied error and it returns KeyError: '_total'. r_network option is present. Has anyone faced this issue? Also if you look at http://docs.python-requests.org/en/latest/user/quickstart/#oauth-authentication, the 'requests' library is initializing resource_owner_key, resource_owner_secret apart from the application keys. Not sure how these are getting passed from the 'rauth' library, Was wondering if that was causing this 403 error.

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >