Search Results

Search found 653 results on 27 pages for 'oauth'.

Page 8/27 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Step by Step Guide to Delicious OAuth API

    Learn how to use Delicious OAuth API in your .NET projects with an example...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • OAuth 2.0: Can a user-agent client avoid forwarding fragments?

    - by Bosh
    In the OAuth 2.0 draft specification, user-agent clients receive authorization in the form of a bearer token via redirection (from an authentication server) to a URL such as HTTP/1.1 302 Found Location: http://example.com/rd#access_token=FJQbwq9&expires_in=3600 According to Section 3.5.2 it is then the user-agent's job to GET the URL in question, but "The user-agent SHALL NOT include the fragment component with the request." In other words, as a result of the example redirection above, the user-agent should GET /rd HTTP/1.1 Host: example.com without passing #access_token to the server. My question: what user agents behave this way? I thought redirection in Firefox, for example, would (logically) include the fragment in the GET request. Am I just wrong about this, or does the OAuth 2.0 specification rely on non-standard user-agent behavior?

    Read the article

  • Google account: Can retrieve the picture from openid? Can I get it with OAuth to google?

    - by Jonathan
    Hi! I need to retrieve the name, email and picture from a google account. I am already using the openid to make the user login with it's google acc. Can I have the picture URL from the openid proccess? with OAuth I cant'seem to find the right scope to retrieve this information... See this link: http://code.google.com/apis/gdata/docs/directory.html there is a list of scopes that you can fetch with REST api to google and I didnt't see the one related to the profile. Btw, I am using PHP and the openid is already working, but didn't start with the oauth untill I know if I can(and need) retrieve the picture (because email and name already comes within the openid proccess) thanks, Joe

    Read the article

  • How to implement Gmail OAuth API to send email (especially via SMTP)?

    - by Curtis Gibby
    I'm developing a web application that will send emails on behalf of a logged-in user. I'm trying to use the new Gmail OAuth protocol announced described here to send these emails through the user's Gmail account (preferably using SMTP rather than IMAP, but I'm easy). However, the sample PHP code gives me a couple of problems. All of the sample code is based on IMAP, not SMTP. Why "support" the SMTP protocol if you're not going to show people how to use it? The sample code gives me a fatal error from an uncaught Zend exception -- it can't find the "INBOX" folder. Fatal error: Uncaught exception 'Zend_Mail_Storage_Exception' with message 'cannot change folder, maybe it does not exist' in path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php:467 Stack trace: #0 path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php(248): Zend_Mail_Storage_Imap-selectFolder('INBOX') #1 path\to\xoauth-php-samples\three-legged.php(184): Zend_Mail_Storage_Imap-__construct(Object(Zend_Mail_Protocol_Imap)) #2 {main} Next exception 'Zend_Mail_Storage_Exception' with message 'cannot select INBOX, is this a valid transport?' in path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php:254 Stack trace: #0 path\to\xoauth-php-samples\three-legged.php(184): Zend_Mail_Storage_Imap-__construct(Object(Zend_Mail_Protocol_Imap)) #1 {main} in path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php on line 254 I've verified that I'm getting good OAuth tokens back, I just don't know how to make the actual email transaction happen. This protocol is still rather new, so there's not much unofficial community documentation about it out there, and the official docs are unhelpfully dry stuff about the SMTP RFC. So if anyone can help get this going, I'd greatly appreciate it. Note: I've already been able to connect to Gmail's SMTP server via SSL and successfully send an email, provided that the user has given my application his/her Gmail username and password. I'd like to avoid this method, because it encourages phishing and security-minded users won't accept it. This question is not about that.

    Read the article

  • Multiple dex files define Lcom/google/api/client/auth/oauth/AbstractOAuthGetToken;

    - by Elad Benda
    I have just followed this tutorial: https://developers.google.com/drive/quickstart-android so I don't see a reason for duplicated libs in my project. I have added the drive Client lib via Google plugin for eclipse When I build my android app with this manifest <uses-sdk android:minSdkVersion="15" android:targetSdkVersion="16" /> <uses-permission android:name="android.permission.READ_CALENDAR" /> <uses-permission android:name="android.permission.WRITE_CALENDAR" /> <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/> <uses-permission android:name="android.permission.GET_ACCOUNTS"/> <uses-permission android:name="android.permission.INTERNET" /> <application android:icon="@drawable/todo" android:label="@string/app_name" > <activity android:name=".TodosOverviewActivity" android:label="@string/app_name" > <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:name=".TodoDetailActivity" android:windowSoftInputMode="stateVisible|adjustResize" > <intent-filter> <action android:name="android.intent.action.SEND" /> <category android:name="android.intent.category.DEFAULT" /> <data android:mimeType="image/*" /> </intent-filter> </activity> <provider android:name=".contentprovider.MyTodoContentProvider" android:authorities="de.vogella.android.todos.contentprovider" > </provider> </application> I get the following error: [2013-10-27 00:43:58 - Dex Loader] Unable to execute dex: Multiple dex files define Lcom/google/api/client/auth/oauth/AbstractOAuthGetToken; [2013-10-27 00:43:58 - de.vogella.android.todos] Conversion to Dalvik format failed: Unable to execute dex: Multiple dex files define Lcom/google/api/client/auth/oauth/AbstractOAuthGetToken; how can I fix this?

    Read the article

  • Would OpenID or OAuth work for authorization/authentication on a distributed web service?

    - by David Eyk
    We're in the early stages of designing a RESTful/resource-oriented web service API for a computational lingustics application. Because many of the resources we plan to serve are rights-encumbered, a key design decision has been to specify the platform so that each resource provider can expose their own web service that complies with the API spec. This way, the rights owner maintains control over their content (and thus the ability to throttle or deny access at will) and a direct relationship with the consumer, while still being able to participate in in the collaborative network. At the same time, to simplify the job of writing a client for this service, we want to allow a client access to the distributed service through one end-point, with the server handling content negotiation and retrieval from the appropriate providers. Right now, we're at an impasse on authentication/authorization schemes. One of our number has argued for the (technical) simplicity of a central authentication registry, but others are concerned about the organizational complexity of such a scheme. It seems to me, based on an albeit limited understanding of the technologies, that a combination of OpenID and OAuth would do the trick, with a client authenticating with the end-point via OpenID, and the server taking action on the user's behalf with the various content providers using OAuth. I've only ever seen implementations (e.g. stackoverflow, twitter, etc.) where a human was present to intervene, and I still need to do more research on these technologies. Would a scheme like this work for an automated web service, or would it make the client too difficult to implement and operate?

    Read the article

  • Most clever way to parse a Facebook OAuth 2 access token string

    - by RyOnLife
    It's a bit late, but I'm disappointed in myself for not coming up with something more elegant. Anyone have a better way to do this... When you pass an OAuth code to Facebook, it response with a query string containing access_token and expires values. access_token=121843224510409|2.V_ei_d_rbJt5iS9Jfjk8_A__.3600.1273741200-569255561|TxQrqFKhiXm40VXVE1OBUtZc3Ks.&expires=4554 Although if you request permission for offline access, there's no expires and the string looks like this: access_token=121843224510409|2.V_ei_d_rbJt5iS9Jfjk8_A__.3600.1273741200-569255561|TxQrqFKhiXm40VXVE1OBUtZc3Ks. I attempted to write a regex that would suffice for either condition. No dice. So I ended up with some really ugly Ruby: s = s.split("=") @oauth = {} if s.length == 3 @oauth[:access_token] = s[1][0, s[1].length - 8] @oauth[:expires] = s[2] else @oauth[:access_token] = s[1] end I know there must be a better way!

    Read the article

  • Why does an authorized OAuth request token need to be exchanged for an access token?

    - by Joe Shaw
    I'm wondering what the reasons are for OAuth to require a round-trip to the data provider to exchange an authorized request token for an access token. My understanding of the OAuth workflow is: Requesting site (consumer) gets a request token from the data provider site (service provider). Requesting site asks the data provider site to authenticate the user, passing in a callback. Once the user has been authenticated and authorized the requesting site, the user is directed back to the requesting site (consumer) via the callback provided which passes back the now-authorized request token and a verification code. The requesting site exchanges the request token for an access token. The requesting site uses the access token to get data from the data provider site. Assuming I got that right, why couldn't the callback simply provide the access token to the requesting site directly in step 3, eliminating step 4? Why is the request to exchange the request token for the access token necessary? Does it exist solely for consumers that require users to enter the verification code manually, with the thought that it would be shorter and simpler than the access token itself?

    Read the article

  • How do I migrate from a basic plaintext password authentication to an OAuth based system?

    - by different
    Hello, Found out today that Twitter will be discontinuing its basic authentication for its API; the push is now towards OAuth but I don’t have a clue as to how to use it or whether it’s the right path for me. All I want to be able to do is post a tweet linking to the most recently published post when I hit publish. Currently I’m sending the login credentials for my Twitter account as plaintext, which I realise isn’t that secure but as my site is fairly small it isn’t an issue at least for now. I’m using this basic PHP code: $status = urlencode(stripslashes(urldecode("Test tweet"))); $tweetUrl = 'http://www.twitter.com/statuses/update.xml'; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "$tweetUrl"); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, "status=$status"); curl_setopt($curl, CURLOPT_USERPWD, "$username:$password"); $result = curl_exec($curl); $resultArray = curl_getinfo($curl); if ($resultArray['http_code'] == 200) { curl_close($curl); $this->redirect(""); } else { curl_close($curl); echo 'Could not post to Twitter. Please go back and try again.'; } How do I move from this to an OAuth system? Do I need to?

    Read the article

  • Can I use OAuth for a SOAP web service?

    - by Olaseni
    The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I'm looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password. OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use. The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.

    Read the article

  • Problems with GData Request Token

    - by Dan Delgado
    We have successfully used GData libraries to access a user's Google Docs. But we encountered problems when many users log in to our site and authorize our web app at the same time or successively. Here's what happens: First user successful logs in, authorizes our web app via OAuth and is able to add rubric (or google spreadsheet). Second user, immediately after first user adds a rubric, successfully logs in then webapp fails on authorize (Token not given. I tried to log it.) Third user fails on login. Fourth user was able to log in, authorize via OAuth, and create rubrics successfully. Fifth user was able to log in but like the second user, gets an invalid token on authorize (Token not given.) And the list goes on. Results were unpredicatable. Below is an excerpt of the stack trace we get when the fail scenario happens: Nested in org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException: java.lang.NullPointerException at com.google.gdata.client.authn.oauth.OAuthUtil.normalizeParameters(OAuthUtil.java:158) at com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(OAuthUtil.java:81) at com.google.gdata.client.authn.oauth.OAuthHelper.addCommonRequestParameters(OAuthHelper.java:649) at com.google.gdata.client.authn.oauth.OAuthHelper.getOAuthUrl(OAuthHelper.java:592) at com.google.gdata.client.authn.oauth.OAuthHelper.getUnauthorizedRequestToken(OAuthHelper.java:276) at com.projectrix.controller.OAuthController.authorize(OAuthController.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Method.java:40) Help!

    Read the article

  • How to automate login to Google API to get OAuth 2.0 token to access known user account

    - by keyser_sozay
    Ok, so this question has been asked before here. In the response/answer to the question, the user tells him to store the token in the application (session and not db, although it doesn't matter where you store it). After going through the documentation on Google, it seems that the token has an expiration date after which it is no longer valid. Now, we could obviously automatically refresh the token every fixed interval, thereby prolonging the lifespan of the token, but for some reason, this manual process feels like a hack. My questions is: Is this most effective (/generally accepted) way to access google calendar/app data for a known user account by manually logging in and persisting the token in the application? Or is there another mechanism that allows us to programmatically login to this user account and go through the OAuth steps?

    Read the article

  • Oauth : Get user's permissions without any redirection to a server.

    - by Anthony
    Hello, in my website, I want to add a "invite friend of my contacts book" functionnality. I would like that the user fills the loggin form in my website. Then the website contacts Google Mail, Yahoo Mail, Live Mail and retrieves the contact list. In the Oauth protocole supported by Google and Yahoo, the user is redirected to a Google or Yahoo page (like Facebook) in order to permit the user to give permissions. But I saw two websites which didn't any redirections to get the contacts book (LinkedIn for a Google mail account and Theauteurs with a live mail.) Do you know how I can get a contacts book without redirect the user to Google, Microsoft or Yahoo website.

    Read the article

  • Twitter OAuth, Error when trying to POST direct message.

    - by Darxval
    So I am building a java script that is used in conjunction of my C++ application for sending direct messages to users. the script does the work of building the request that i send. When i send a request i receive "Incorrect signature" or "can not authenticate you" Does anyone see something i am missing or am doing wrong? I am continuing to investigate. Thank you in advance Javascript: var nDate = new Date(); var epoch = nDate.getTime(); var nounce = ""; nounce = Base64.encode(epoch+randomString()); var Parameters = [ "oauth_consumerkey="+sConsumerKey, "oauth_nonce="+nounce, "oauth_signature_method=HMAC-SHA1", "oauth_timestamp="+epoch, "oauth_token="+sAccessToken, "oauth_version=1.0", "text="+sText, "user="+sUser]; var SortedParameters = Parameters.sort(); var joinParameters = SortedParameters.join("&"); var encodeParameters = escape(joinParameters); signature_base_string = escape("POST&"+NormalizedURL+"&"+encodeParameters); signature_key = sConsumerSecret+"&"+sAccessSecret; signature = Base64.encode(hmacsha1(signature_base_string,signature_key)); sAuthHeader = " OAuth realm=, oauth_nonce="+nounce+", oauth_timestamp="+epoch+", oauth_consumer_key="+sConsumerKey+", oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature="+signature+", oauth_token="+sAccessToken+", text="+sText; goNVOut.Set("Header.Authorization: ", sAuthHeader);

    Read the article

  • how do you authenticate a user between two services, if they are both using a common third-party oauth service?

    - by urandom
    I'm currently experimenting with oauth logins on a website, using google oauth2. While I set that up without too many problems, I saw that there isn't some kind of permanent token, which only google and the authorized service know about a user. Also, from what I gathered, if I were to create a companion app on android, the preferred way is to go with AccountManager, which seems to handle giving oauth2 access tokens for google accounts. But if I authenticate myself from the anroid app using a google account, how do I now link that user to the same one in the web app? One way I think this can be done if the user also logs into the web app as well, so that the server receives a fresh access token, and the android and web one are compared. But that seems like a huge hassle, and I haven't seen many other apps do that. Another is to use a refresh token on the server, but that would require extra permissions which might put off any potential visitors. So what is the general workflow for achieving this? Or am I thinking the wrong way?

    Read the article

  • include_once fails!

    - by user220201
    Hi, I am new to php. I thought I knew enough but apparently do not. I am trying to use the OAuth.php from code.google.com. So I include OAuth.php in my code. Here is my php file - index.php <?php print 'Hello1'; include 'test.php'; print 'Hello2'; include 'OAuth.php'; print 'Hello3'; ?> Here test.php, OAuth.php and index.php are all in the same directory. Amazingly enough, I see Hello1 and Hello2 but not Hello3. What am I missing. Its driving me crazy. Any help is greatly greatly appreciated. I am using php5 with apache 2.2 and also have the oauth.so module installed and loaded from php.net. SV

    Read the article

  • PHP getting Twitter API JSON file contents without OAuth (Almost have it)

    - by DexCurl
    Hey guys, I have this script working fine with OAuth, but I accidentally nuked my 350 API hits with a stupid while statement :( I'm trying to get data from the Twitter API without OAuth, I can't figure it out (still pretty new), heres what I have <html> <body> <center> <hr /> <br /> <table border="1"> <tr><td>ScreenName</td><td>Followed back?</td></tr> <?php //twitter oauth deets $consumerKey = 'x'; $consumerSecret = 'x'; $oAuthToken = 'x'; $oAuthSecret = 'x'; // Create Twitter API objsect require_once("twitteroauth.php"); $oauth = new TwitterOAuth($consumerKey, $consumerSecret, $oAuthToken, $oAuthSecret); //get home timeline tweets and it is stored as an array $youfollow = $oauth->get('http://api.twitter.com/1/friends/ids.json?screen_name=lccountdown'); $i = 0; //start loop to print our results cutely in a table while ($i <= 20){ $youfollowid = $youfollow[$i]; $resolve = "http://api.twitter.com/1/friendships/exists.json?user_a=".$youfollow[$i]."&user_b=jwhelton"; $followbacktest = $oauth->get($resolve); //$homedate= $hometimeline[$i]->created_at; //$homescreenname = $hometimeline[$i]->user->screen_name; echo "<tr><td>".$youfollowid."</td><td>".$followbacktest."</td></tr>"; $i++; } ?> </table> </center> </body> </html> Neither of the two Twitter functions require authentication, so how can I get the same results? Thanks guys, Dex

    Read the article

  • Integrating Twitter Into An ASP.NET Website Using OAuth

    Earlier this year I wrote an article about <a href="http://www.twitterizer.net/">Twitterizer</a>, an open-source .NET library that can be used to integrate your application with <a href="http://twitter.com/">Twitter</a>. Using Twitterizer you can allow your visitors to post tweets, view their timeline, and much more, all without leaving your website. The original article, <a href="http://www.4guysfromrolla.com/articles/021710-1.aspx">Integrating Twitter Into An ASP.NET Website</a>, showed how to post tweets and view a timeline to a particular Twitter account using Twitterizer 1.0. To post a tweet to a specific account, Twitterizer 1.0 uses <i>basic authentication</i>. Basic authentication is a very simple

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >