Search Results

Search found 653 results on 27 pages for 'oauth'.

Page 9/27 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • How should I handle a redirect to an identity provider during a web api data request

    - by Erds
    Scenario I have a single-page web app consisting purely of html, css, and javascript. After initial load and during use, it updates various views with data from one or more RESTful apis via ajax calls. The api calls return data in a json format. Each web api may be hosted on independent domains. Question During the ajax callout, if my authorization token is not deemed valid by the web api, the web api will redirect me (302) to the identity provider for that particular api. Since this is an ajax callout for data and not necessarily for display, i need to find a way to display the identity provider's authentication page. It seems that I should trap that redirect, and open up another view to display the identity provider's login page. Once the oauth series of redirects is complete, i need to grab the token and retrigger my ajax data call with the token attached. Is this a valid approach, and if so are there any examples showing the ajax handling of the redirects?

    Read the article

  • What kind of authorization I should use for my facebook application

    - by JSmith
    I am building a social reader Facebook application using Django where I am using Google Data API (Blogger API). But I am unable to deal with the authorization step to use the API (currently using ClientLogin under development). I tried to read the OAuth documentation but couldn't figure out how to proceed. I don't want my users to provide any login credentials for google.. which makes the app completely absurd. So, can anyone help me on my project and tell me what kind of authorization I should actually use and how ? (I am using gdata lib)

    Read the article

  • GMail API for a small app (Rails? Javascript? PHP?)

    - by kurtybot
    I want to create an app that accesses the GMail API, but I'm finding that it isn't as simple as I thought it might be. I'm hoping somebody in the community here might have some experience working with one of these API's and could not only recommend the right solution, but also show me to some tutorials or examples that could help me get up and running. Here are some of the requirements of this app: Preferably in Rails or Javascript or even PHP. I am open to other technologies as well, but hope they'd be easy to implement. Connects to gmail via Oauth Can read who emails have been sent to and received from. Basically would like to perform some analytics on who emails are sent to, when and how frequently. I've read that one reason why this isn't easy, and why there isn't an official javascript API provided by gmail, is that google is concerned it's going to make their service less performant for their users.

    Read the article

  • Why must we "change temporary credentials for token credentials" in OAuth?

    - by PK
    Can't the server just "upgrade" the temporary credentials to token credentials and retain the same key and secret? The client can then start doing authenticated calls right away after the recieving the callback from the server stating that the temporary credentials has been "upgraded". Of cause if the temporary credentials have not be upgrade (i.e. client doesn't wait for callback) the authenticated call fails. So the question is why make an extra call to the server after the callback to "exchange" temporary credentials for token credentials?

    Read the article

  • How to get a OAuth token for Google Buzz using username and password without showing Googles login p

    - by Witek
    To read Google Buzz activities, an authorization token is required. A web application would redirect to Googles login page, where the user logs in and a token is returned back to the web application. But I have a local Java application without a UI (like a script). This application knows username and password. How to get an authorization token, using this username and password, without presenting the Google login page?

    Read the article

  • where is latest tutorial for twitter status update using oAuth ?

    - by diEcho
    Hello All, i want to update my status on twitter by PHP application. i surf a lot that how to use twitter API ( whatever it is called, i really don't know) to tweet from php application. i did try a lot.... it goes to twitter page, ask to access that application and after that it comes back to my local application as i set callback URL to http://localhost/myproject/shareWIthTweet.php but that status is not shown on my twitter home page?? will someone please tell me the updated tutorial of twitter. i seen all tutorial are written on either 2009 or in early 2010, whereas on twitter developer website said that October 19, 2010 Twitter's ID format is changing. Please read, this affects nearly everyone Update i m using below code snippetgit Thanks

    Read the article

  • How to sign in Chrome extension built with GWT using RPC.

    - by nick
    I have an application built with GWT/Appengine/Jdo...and i am using Google User Service for authentication. Google Chrome Extensions can use OAuth...I don't really undestand OAuth yet.. Would GWT RPC have to be reworked to enable OAuth? Is there another way to authenticate users for Chrome Extensions?

    Read the article

  • Spring security oauth2 provider to secure non-spring api

    - by user1241320
    I'm trying to set up an oauth 2.0 provider that should "secure" our restful api using spring-security-oauth. Being a 'spring fan' i thought it could be the quicker solution. main point is this restful thingie is not a spring based webapp. boss says the oauth provider should be a separate application, but i'm starting to doubt that. (got this impression by reading spring-security-oauth) i'm also new here so haven't really got my hands into this other (jersey-powered) restul api (core of our business). any help/hint will be much appreciated.

    Read the article

  • Using OAuth along with spring security, grails

    - by GroovyUser
    I have grails app which runs on the spring security plugin. It works with no problem. I wish I could give the users the way to connect with Facebook and social networking site. So I decided to use Spring Security OAuth plugin. I have configured the plugin. Now I want user can access both via normal local account and also the OAuth authentication. More precisely I have a controller like this: @Secured(['IS_AUTHENTICATED_FULLY']) def test() { render "Home page!!!" } Now I want this controller to be accessed with OAuth authentication too. Is that possible to do so?

    Read the article

  • Is it possible to expose an API for my own WebSite ... but use oAuth for the api authentication?

    - by Pure.Krome
    Hi Folks, currently I expose an api for my website. Works great .. and i use Basic Authentication to authenticate users to get access to the data. eg. http://www.MyWebSite.com <-- main site. http://api.MyWebSite.com <-- my api website. sample api RESTful url http://user1:[email protected]/games?type=battlefield2 (yes yes i know browsers stop people from putting in user1:pass1 (Basic Auth) into the url directly .. cause of security . but it's to highlight that we're using Basic Auth)). So .. how can i do this with oAuth?

    Read the article

  • twitter oauth must authorize user everytime they login

    - by salmane
    I am adding twitter oauth login to my site . and so far i got it to work using oauth. however every time i login i go through the whole authorization process. ( the prompt that allows the user to request or deny the application) is there a way to by pass that once the user has authorized the app? Perhaps i am misunderstanding the process also if so could you please clarify? thank you

    Read the article

  • Ruby-on-rails: routing problem: controller action looks for show when it should look for finalize

    - by cbrulak
    background: trying to use the twitter gem for ruby-on-rails. in routes: map.resources :twitter_sessions map.finalize_twitter_sessions 'twitter_sessions/finalize', :controller => 'twitter_sessions', :action => 'finalize' (twitter_sessions is the controller for the twitter sessions in my app). The view has one file new.html.erb and is very simple: <% form_tag(twitter_sessions_path) do |f| %> <p><%= submit_tag "twitter!" %></p> <% end %> and the twitter_sessions_controller.rb: def new end def create oauth.set_callback_url(finalize_twitter_sessions_url) session['rtoken'] = oauth.request_token.token session['rsecret'] = oauth.request_token.secret redirect_to oauth.request_token.authorize_url end def destroy reset_session redirect_to new_session_path end def finalize oauth.authorize_from_request(session['rtoken'], session['rsecret'], params[:oauth_verifier]) profile = Twitter::Base.new(oauth).verify_credentials session['rtoken'] = session['rsecret'] = nil session[:atoken] = oauth.access_token.token session[:asecret] = oauth.access_token.secret sign_in(profile) redirect_back_or root_path end However, after I click the "twitter" button, I get this error: 401 Unauthorized .../gems/oauth-0.3.6/lib/oauth/consumer.rb:200:in `token_request' .../gems/oauth-0.3.6/lib/oauth/consumer.rb:128:in `get_request_token' .../gems/twitter-0.9.2/lib/twitter/oauth.rb:32:in `request_token' .../gems/twitter-0.9.2/lib/twitter/oauth.rb:25:in `set_callback_url' app/controllers/twitter_sessions_controller.rb:7:in `create' If I go to the finalize url, http://localhost:3000/twitter_sessions/finalize, directly, I get this error: Unknown action No action responded to show. Actions: create, destroy, finalize, isLoggedInToBeta, login_required, and new Any ideas? Thanks

    Read the article

  • Sequence for authentication on a decoupled client?

    - by A T
    Using a sequence diagram and example code could you explain to me how authentication works when the client is completely separated from the server? I.e.: you haven't generated any of the client using a server-side template engine, rather you are communicating using REST (SOAP xor HTTP) xor RPC (XML xor JSON) with javascript on the client-side. Specifically I would like to know the sequence of: Authenticating using basic auth (user+pass) with "my" server Authenticating using OAuth2, e.g.: with Facebook, with facebook's server then whatever extra steps are needed for "my" server And how it could be implemented. (feel free to use psuedo-code [like below] or [preferably] prototyped simply using BackboneJS, AngularJS, EmberJS, BatmanJS, AgilityJS, SammyJS xor ActiveJS. if cookie.status in [Expired, Tampered, Wrong IP, Invalid, Not Found]: try auth(user,pass): if user is in my db: try authenticate(user,pass) if successful: login user # give session-cookie here? else: present user with "auth failed" msg else if user not in db: redirect to "edit-profile" page PS: I have written an example (editable) auth sequence diagram; based on facebooks' documentation.

    Read the article

  • Implicit OAuth2 endpoint vs. cookies

    - by Jamie
    I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

    Read the article

  • Uploading to TwitVid using x_verify_credentials_authorization

    - by deepa
    Hi, I am developing an iPhone application that uploads videos to TwitVid using the library TwitVid-iPhone-OAuth3. I have selected this library since Twitter is shifting to OAuth mechanism of authentication. 1) Does this new library allows to upload without user-name and password parameters? 2) I am using the following steps for uploading videos (assumed that new library allows to upload without user-name and password parameters). But, I am getting the error 'Incorrect Signature'. I am not able to identify the mistake that I am doing here. Could you please help me out to solve this problem. Authenticate the app using OAuth (MGTwitterEngine etc) which redirects the user to the web-page asking for log-in and app authentication. If the user authenticates the app, access token will obtained as final step. Upload the video to TwitVid using the following code snippet: OAuth *authorizer = [[OAuth alloc] initWithConsumerKey: @"my_consumer_key" andConsumerSecret: @"my_consumer_secret"]; authorizer.oauth_token = //The key-part of the access token obtained in step 2 authorizer.oauth_token_secret = //The secret-part of the access token obtained in step 2 authorizer.oauth_token_authorized = YES; //Since authenticated in steps 1 and 2 NSString *authHeader = [authorizer oAuthHeaderForMethod: @"POST" andUrl: @"https://api.twitter.com/1/account/verify_credentials.xml" andParams: nil]; twitVid = [[TwitVid alloc] init]; [mTwitVid setDelegate: self]; [mTwitVid authenticateWithXVerifyCredentialsAuthorization: authHeader xAuthServiceProvider: nil]; Thanks and Regards, Deepa

    Read the article

  • I've registered my oath about 5 times now, but... (twitteR package R)

    - by user2985989
    I'm attempting to mine twitter data in R, and am having trouble getting started. I created a twitter account, an app in twitter developers, changed the settings to read, write, and access, created my access token, and followed instructions to the letter in registering it: My code: > library(twitteR) > download.file(url="http://curl.haxx.se/ca/cacert.pem", + destfile="cacert.pem") > requestURL <- "https://api.twitter.com/oauth/request_token" > accessURL <- "https://api.twitter.com/oauth/access_token" > authURL <- "https://api.twitter.com/oauth/authorize" > consumerKey <-"my key" #took this part out for privacy's sake > consumerSecret <- "my secret" #this too > twitCred <- OAuthFactory$new(consumerKey=consumerKey, consumerSecret = consumerSecret, requestURL = requestURL, accessURL = accessURL, authURL = authURL) > twitCred$handshake(cainfo="cacert.pem") To enable the connection, please direct your web browser to: https://api.twitter.com/oauth/authorize?oauth_token=zxgHXJkYAB3wQ2IVAeyJjeyid7WK6EGPfouGmlx1c When complete, record the PIN given to you and provide it here: 0010819 > registerTwitterOAuth(twitCred) [1] TRUE > save(list="twitCred", file="twitteR_credentials") And yet, this: > s <- searchTwitter('#United', cainfo="cacert.pem") [1] "Unauthorized" Error in twInterfaceObj$doAPICall(cmd, params, "GET", ...) : Error: Unauthorized I'm about to have a temper tantrum. I'd be extremely grateful if someone could explain to me what is going wrong, or, better yet, how to fix it. Thank you.

    Read the article

  • Facebook graph API - OAuth Token

    - by Simon R
    I'm trying to retrieve data using the new graph API, however the token I'm retriving from OAuth doesn't appear to be working. The call I'm making is as follows; $token = file_get_contents('https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=<app_id>&client_secret=<app secret>'); This returns a token with a string length of 41. To give you an example of what is returned I have provided below a sample (converted all numbers to 0, all capital letters to 'A' and small case letters to 'a' access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA. I take this access token and attach it to the call request for data, it doesn't appear to be the correct token as it returns nothing. I make the data call as follows; file_get_contents('https://graph.facebook.com/<my_page's_id>/statuses?access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.') When I manually retrieve this page directly through the browser I get an 500/Internal Server Error Message. Any assistance would be grately appreciated.

    Read the article

  • Why do users have to enter a 7-digit twitter PIN to grant my application access?

    - by Tony
    I am implementing some ruby on rails code tweet stuff for my users. I am creating the proper oauth link...something like http://twitter.com/oauth/authorize?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv But after my test account grants access to twitter, it pulls up a page saying "You've successfully granted access to . Simply return to and enter the following PIN to complete the process. 1234567" I have no idea where the user should enter this PIN and why they have to do that. I don't think this should be a necessary step. Twitter should be redirecting the user to the callback URL I provided in the application settings. Does anyone know why this is happening? UPDATE I found this article that states I need to send my users to this URL (note "authenticate" instead of "authorize"): http://twitter.com/oauth/authenticate?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv I made the change but Twitter redirects the user to the authorize path after he clicks "Allow" which then gives him the 7 digit PIN again!

    Read the article

  • What is the best tool to achieve this API design?

    - by Jose Fernandez
    Our web app offers a service that allows a "Publisher" to create a website (we give them a CMS system) that is ready to provide this service to "Members" (think Shopify). We have some possible clients that wish to become "Publishers" but they already have existing websites (vbulletin, word press blog, etc) with their own user base. We wish to develop an API that would allow these "Publishers" to keep using their own websites, and embed our services into them. Our main business requirement is that once "Members" are logged into the "Publishers" existing system, they should be able to also access our website without having to log-in again OR have to create another account there. The process should be seamless to the "Member" and "Publishers" should not have to sync their user base with our system. We also want to use an existing API authentication/authorization system instead of creating our own (OAuth, OpenID, etc) What would be the best way to use OAuth to achieve this sigle-sign on design? If OAuth is not the best tool, is there any other one out there that fits our requirements?

    Read the article

  • Any Google API in perl working with OAuth

    - by Julien
    Hello, I've looked at Net::Google, and 90% of the modules use AuthSub with a mandatory login/password. The right way for a web application to interact with Google applications on behalf of a customer is to use OAuth. That way, the authentication is done by Google, and the application does not know the user's password. This is supported by Net::Google::DocumentsList for example. Are you aware of modules that can work well with Picasa and Blogger, for example, using OAuth. The current Net::Google::PicasaWeb handles read-only queries, no add/remove/update actions.

    Read the article

  • Login with Google OAuth api and return url with variable

    - by user2833721
    I am using the Google API for login in my site and I appending my variable with URL and I want that variable in the return URL of OAuth API because of update purpose can I return back that variable For example: <a href="<?php echo($authUrl); ?>&kicker"> I append the kicker in $authUrl and when I return back from Oauth api print $me['displayName']; print $user['email']; print $me['gender']; print $me['id']; with this output I also want my variable "kicker" how can I get it

    Read the article

  • Wrong sessionID being used in callback, but only on one particular computer

    - by user210119
    I am writing a Python/Django web application that uses OAuth (for the TwitterAPI, not that it should matter). I am storing a session ID in my login function, and then after using OAuth to get the user's token, I try to retrieve the sessionID in my callback function. The callback function then always fails(throws an exception) because it can't find the OAuth token in the session. Through the debugger, I am able to determine that the session ID that the server is using is incorrect - it does not match the session ID that was stored in the login function. It's therefore unsurprising that the Oauth tokens were not there. The session that appears in the callback was the same one each time (until I tried deleting it - see "things I've tried below"), and it started out as an old session, with some data in it that is from a different django app running on the same server that I hadn't touched in a couple weeks. Here's the kicker: everything I described is an issue only on our production server, and only when connecting to it from my computer. Let me clarify: this only happens with my particular laptop. I can connect to the app just fine from someone else's computer. Other people cannot connect with their accounts on my computer. Furthmore, I can connect just fine to the app when it is running on my localhost using the built-in django webserver, just not to the production server. My setup: my server and local box are running= Django 1.2.0 and Python 2.6.5. My local box is running Snow Leopard and the Django webserver, the server is running Ubuntu, Apache2, and mod-wsgi. For sessions, I am using Django's default session backend (DB). Things I have tried, all to no avail: logging in with a different account, including new accounts that have never OAuthed to this app before Clearing cookies, using incognito mode, using a different web browser on my same computer. Each time, upon inspecting my cookies, the sessionID matched the sessionID in the login function and was different from the sessionID in the callback. deleting the session in the database that appears in the callback function, (the one that appeared to be old data). The callback function still fails, and the sessionID it appears to be using is now a new one using a different session backend (DB-cache, flat file, etc...) restarting the server, my computer, etc. My first question on StackOverflow, so bear with me if I didn't quite follow local conventions. I am just at a loss as to what to even look for - what are the things that could possibly be causing sessions to not work on my particular computer, and (so far!) only my particular computer?

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >