Stack Overflow
Stack Overflow

Questions tagged [2-legged]

2-Legged oauth is a mechanism for third party applications, mostly mobile and desktop clients, of getting user protected resource by getting access token in exchange of user and password.

47 questions
59
votes
2 answers

How does 2-legged oauth work in OAuth 2.0?

In OAuth 1.0, 2-legged is pretty easily: Simply send the request as usual and omit the access_token header. Things seems to have changed in OAuth 2.0 (drastically, as I found out today :)). In OAuth 2.0, the request no longer has headers such as the…
F21
  • 32,163
  • 26
  • 99
  • 170
13
votes
2 answers

Implementing a 2 Legged OAuth Provider

I'm trying to find my way around the OAuth spec, its requirements and any implementations I can find and, so far, it really seems like more trouble than its worth because I'm having trouble finding a single resource that pulls it all together. Or…
Rob Wilkerson
  • 40,476
  • 42
  • 137
  • 192
12
votes
1 answer

OAuth 1.0 - how to implement both 2-legged and 3-legged authentication?

I have implemented an OAuth 1.0a provider and have OAuth clients that can successfully authenticate against it, using the standard 3-legged authentication. OAuth protects a REST API on my server and I have a mobile app consuming it. In my mobile…
Dan
  • 15,948
  • 20
  • 63
  • 92
12
votes
1 answer

Oauth2 - long lived Tokens vs Reauthentication in a Client Credentials Flow

We've secured our REST server with OAuth2 and implemented the client credentials grant type for several client apps that we control. Now we're faced with the decision to either make the tokens long lived (i.e. they expire "never") or to have the…
Pete
  • 10,720
  • 25
  • 94
  • 139
10
votes
1 answer

Has anybody implemented 2 Legged OAuth using DNOA?

I am trying to create an Authentication Module in CSharp where I need to verify the Signature from the request using DotNetOpenAuth(DNOA) Library for 2 Legged OAuth which only has consumer Key and a Secret. If you have any sample implementation of 2…
Madhavi Venu
  • 101
  • 1
  • 4
7
votes
3 answers

How Can I Tell Controller Specs to Use the Signed OAuth Request

I am building a 2-Legged OAuth provider for my api. Everything is hooked up properly and I can make signed calls from the rails console. The problem I have is that I am having trouble integrating OAuth into the controller_spec. Here is an example of…
coneybeare
  • 33,113
  • 21
  • 131
  • 183
5
votes
1 answer

What really is 2-legged Oauth

I have been exploring OAuth version 1.0 for the REST API I am currently working on. I have 3 authentication scenarios this involves 3 parties, the service provider, the consumer and the user. The 3-legged Oauth matches this scenario. 2 parties are…
ade19
  • 1,150
  • 4
  • 13
  • 28
5
votes
2 answers

Does google Drive api support 2 legged oauth?

Now, we have an application with Google Docs Api and 2 legged oauth. However,we want to migrate to Google Drive Api which uses Oauth 2.0. Can we use 2 legged oauth with Google Drive Api? Is there any example?
user1454172
  • 123
  • 7
5
votes
1 answer

OAuth 1.0a, 2-legged: how do you securely store clients' credentials (keys/secrets)?

Am I correct that OAuth 1.0a credentials need to be stored in plaintext (or in a way that can be retrieved as plaintext) on the server, at least when doing 2-legged authentication? Isn't this much less secure than using a username and salted+hashed…
ph-sb
  • 51
  • 1
4
votes
3 answers

How to use Google Analytics API with 2-legged OAuth (Google Apps for business)?

I want to develop an application for the business I work. We are using Google Apps and want to get data from Google Analytics and show it in one of our web apps. I do not want the client to see any request to authorize the app. I want to use…
billy
  • 1,165
  • 9
  • 23
4
votes
2 answers

2-legged OAuth with google-api-java-client

Does anyone know how to use 2-legged OAuth with google-api-java-client? I'm trying to access the Google Apps Provisioning API to get the list of users for a particular domain. The following does not work HttpTransport transport =…
user452499
  • 101
  • 1
  • 6
3
votes
1 answer

2-legged OAuth in Coldfusion

I am developing a service to get data from Echo System using their Scheduling API. Echo System Scheduling API requires each request to be signed by OAuth(2-legged). I have generated the request URL but I am getting "I/O Exception: Name in…
user226554
  • 31
  • 2
3
votes
0 answers

2-legged OAuth and Yahoo Sports API

This is absolutely ridiculous that something so simple is rendered so difficult. As far as I can tell having tried multiple examples, Yahoo doesn't follow the same OAuth conventions that most of the existing C# libraries do so for example, the…
snappymcsnap
  • 2,050
  • 2
  • 29
  • 53
3
votes
1 answer

Authenticating to a Oauth 2-legged system

I'm trying to authenticate to a webservice using 2legged oauth. I have the next one working java example creating the authenticated URL using the signpost library: String consumerKey = "KEY"; String consumerSecret = "SECRET"; DefaultOAuthConsumer…
pablorc
  • 940
  • 1
  • 8
  • 20
3
votes
1 answer

401 unauthorized error in oauth with Jira 2L0 in Rails using oauth-plugin

I'm trying to hook up an OAuth consumer using 2-legged authentication. I have two questions: 1) is it possible to use Oauth with a custom REST plugin (as opposed to the built-in API) 2) as a test of the built-in REST API, I'm trying the following,…
jbeck
  • 2,184
  • 1
  • 19
  • 21
1
2 3 4