Stack Overflow
Stack Overflow

Questions tagged [oauth-provider]

118 questions
42
votes
7 answers

OAuth - What exactly is a resource owner? When is it not an end-user?

The term "resource owner" is defined in the OAuth v2.0 Specification, as "An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user." My question is, when is a resource owner…
smartcaveman
  • 41,281
  • 29
  • 127
  • 212
31
votes
1 answer

Implementing OAuth 2.0 Authentication for My API

I've been using the Facebook Graph API (uses oauth 2.0 for authentication) successfully for a while now. I now need to write my own API which allows developers to connect to it in a similar fashion. I've looked into various libraries but i'd like…
nfplee
  • 7,643
  • 12
  • 63
  • 124
23
votes
7 answers

Intermittent ASP.NET oAuth issue with Google, AuthenticationManager.GetExternalIdentityAsync is returning null

I am trying to fix an intermittent issue when using Google as an external login provider. When attempting to login, the user is redirected back to the login page rather than being authenticated. The problem occurs on this line (line 55 of link…
Tom
  • 12,591
  • 13
  • 72
  • 112
23
votes
2 answers

Is it possible to secure WebSocket APIs with OAuth 2.0?

I am implementing an OAuth Provider to secure different web-based APIs. The most headache is giving me the securing of WebSockets through OAuth. Can it be done completely secure in a client that's set in a Browser? What are the risks if it is in a…
justGoscha
  • 24,085
  • 15
  • 50
  • 61
21
votes
3 answers

Secure OAuth in Javascript

I have an api which uses OAuth 1.0a to authenticate applications using it. It's replacing an old api which used a number of custom built and hodge-podge calls which are being deprecated. It's well known that OAuth 1.0a is not secure in (client-side)…
Chris Salij
  • 3,096
  • 5
  • 26
  • 43
21
votes
6 answers

Spring OAuth (OAuth2): How can I get the client credentials in a Spring MVC controller?

In this snippet: @RequestMapping(method = GET) public List read(Principal principal) { principal.getName(); } principal.getName() gives me the user identification but I need a way to receive the client credentials (client => the app who…
wandi.darko
  • 500
  • 1
  • 5
  • 10
20
votes
2 answers

Recommended database structure for OAuth Provider

I am implementing an OAuth Provider using DevDefined library. I wonder if there is any recommended database structure for storing consumer and token data on the server side. Any advice on this would be appreciated.
B Faley
  • 17,120
  • 43
  • 133
  • 223
16
votes
3 answers

Gem for oAuth2 Consumer AND Provider functionality in Rails 2.3.5

I'm struggling finding a usable gem which provides the following for a Rails 2.3.5 application: we want to protect out API with oAuth 2; therefore a Controller for creating access/request Tokens and the models (Client, Token,...) are required we…
Makibo
  • 1,679
  • 21
  • 31
16
votes
2 answers

Enable oauth login with django-allauth but a custom provider

I have built an oauth provider using django-oauth-toolkit. I would now like to allow users of my client application to log in through this provider. My understanding is that django-allauth is the ideal tool for this. I see that django-allauth has a…
Brachamul
  • 1,886
  • 2
  • 21
  • 34
15
votes
3 answers

Looking for advice to secure a private REST API written in python-flask

I am currently writing a rest API in python with the microframework Flask. It's a private API and it deals with user data. I plan to use this API to build a web and an Android app. For now I use digest auth to secure private user data. For example…
a.b.d
  • 2,190
  • 3
  • 26
  • 26
15
votes
3 answers

Set up a PHP OAuth Provider

Alright I am trying to set up an OAuth Provider in PHP, but I just cannot get the hang of it. I've been referenced to this page a number of times, but I cannot wrap my head around it. Could someone help me out, step by step, or reference me to a…
Chiggins
  • 8,197
  • 22
  • 56
  • 81
14
votes
1 answer

How to add authentication token in header of `APIClient` in `django rest_framework test`

I am using oauth2_provider for my rest_framework. I am trying to write test case for my api. I have obtained an access token. But I am not able to authenticate user using access token in APIClient I am looking to get this curl command work with…
Sudheer K
  • 1,244
  • 2
  • 18
  • 31
13
votes
2 answers

Implementing a 2 Legged OAuth Provider

I'm trying to find my way around the OAuth spec, its requirements and any implementations I can find and, so far, it really seems like more trouble than its worth because I'm having trouble finding a single resource that pulls it all together. Or…
Rob Wilkerson
  • 40,476
  • 42
  • 137
  • 192
13
votes
3 answers

OAuth2.0 Server stack how to use state to prevent CSRF? for draft2.0 v20

I am using PHP library for OAuth2.0 v20 In draft20, there is a mention of the use of state to prevent CSRF So far, my own web app that implements this PHP library allows the following: 3 legged authentication using Authorization Code Request 2…
Kim Stacks
  • 10,202
  • 35
  • 151
  • 282
12
votes
2 answers

Java OAuth Server

Are there any open source projects that enabled implementing OAuth Server? Apache Foundation ones?
zotherstupidguy
  • 2,976
  • 10
  • 39
  • 59
1
2 3 4 5 6 7 8