The bounty expires tomorrow. Answers to this question are eligible for a +200 reputation bounty.
Will wants to draw more attention to this question:
Just trying to find a way to script certain activities that have okta 2fa in front of them
I have an Okta user with 2FA using google authenticator app on my phone, I have been looking into some code to automate this so I don't have to check my phone. I was hoping this could be done through a cmd line script.
I see this script https://github.com/grahammitchell/google-authenticator however I would need to know the user (which I believe to be my okta username) and secret (this I am not sure where I could pull this, perhaps I can generate a new one?)
I guess my question would be is this possible?
Related
First of all, sorry if this has been asked before, I cant find anything adapted to my low level.
I´m trying to use django-rest-allauth 1.1, which is cool it provides a fast basic endpoints building, though some tare found like email validation (if email login, it is made by username up to the #, so it´s done if email is edited or different username initially provided with email, so it just doesnt work email login...)
My question is about social login... How can i get Google´s token if developing a non front-end API?
I mean where is the google´s consent screen on the API?
Should I reformat allauth code to run django-rest-allauth social login right after consent call?
How can I achieve that?
Again, sorry my low level in both, english and programming skills.
Thanks
Is it possible to keep track of cookies (or any kind of session variables) in a GAS Web App? The script is running as myself, and anyone (even anonymous) can access the site. I need to be able to keep track of login information, so I should be able to see if the user is logged in between requests.
Note: The user is not required to have a Gmail account.
I didn't find the GAS solution for this even after almost 3 years since this question was asked.
Looks like the only solution is to use javascript cookie handling (document.cookie) in each template file.
I am trying to build a small toolbox of scripts such that I can automate some tasks involving Google contacts, calendar and so on. Most of the work is already done by means of the googlecl project, which looks very promising.
As far as I understand the process, googlecl needs to request an authentication ticket from Google by means of OAuth. Admittedly, I have only a sketchy notion of what is going on there, but that’s something that Wikipedia will help me solve.
Here’s the catch: My Google account uses a non-Gmail address (let it be vucar#example.invalid for the sake of this discussion). The account was created back in the old days when Google didn’t force GMail down people’s throats who have no use for it. googlecl will direct me to https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=…&hd=example.invalid to complete the OAuth handshake. Google will then tell me that ‘the domain name has not been signed up for Google Apps’. Which is correct.
If I don’t supply my user ID to googlecl, then the URL reads …&hd=default. Google will accept the OAuth request, granting whichever permissions needed to my locally running googlecl, but then googlecl will complain that the token was issued to a different user ID than for the user ID that was requested. Which of course is also correct.
I’ve read through https://support.google.com/a/answer/33419, which in turn redirects me to http://www.google.com/a in order to ‘to sign up your domain for Google Apps’. Apparently, if my Google account uses a domain different from #gmail.com, then I am a business user and need to purchase Google Apps for my domain—to get, amonst a truckload of other stuff, my domain connected to GMail, the polar opposite of what I wanted to have by having that ‘foreign’ domain in the first place.
I have to admit that I am stymied. I understand what OAuth in this case is used for, but I fail to grasp the byzantine reasoning at Google’s. I do not believe that I want Google Apps for my domain, and I especially do not want to hand over my emails or anything else to Google. I merely want to access and modify my data at Google’s, with my user ID happening not to end in #gmail.com.
Is it strictly required that I purchase Google Apps for Work for such a configuration? The contacts, calendars and so forth is already at Google’s, and used from both Google’s web site and Android clients. The only thing new to the mix is API access.
I am working on a Windows Phone app that utilizes the Facebook API. To do that I need the user to login and authorize my app, so that I can get an access_token. I've already done that, it works fine.
The question: how to keep using the Facebook API on the next launch of the app without having the user to log in again?
What I do: When the user logs in I save the access_token and the expiration time. Later, I can use the access_token when making API calls. This is all fine.
The problem: with offline_access not working anymore, the access tokens I get are valid for 60 days. This means that after 60 days they will stop working. Can I do something to renew those tokens without asking the user to login again?
My research:
I read the documentation, but it seems to mention only Android and iOS. While I assume it would be similar for Windows Phone, I am not able to find out what to do. The Facebook libraries for those other platforms have something like:
facebook.extendAccessTokenIfNeeded(this, null);
I was not able to find similar method for Windows Phone. While I read somewhere that this does not actually work for Android, it hints that there must be a way to do it.
I read about the new endpoint allowing renewing of access tokens, but it seems to only be able to extend short-lived tokens to long-lived. For me it is a bit unclear from the documentation here(Section 4):
https://developers.facebook.com/roadmap/offline-access-removal/
Any help is appreciated, thanks.
Follow the Offine Access Removal Guide on the link you provided. It has the API Call you can use to get a long-lived Access Token for the user - this is the replacement of offline_access.
Specifically, see Scenario 4.
In theory, Windows Mobile should fall under Exception 2 / 3. See if the Windows Mobile SDK has an option to access the access_token in a similar way to iOS and Android.
A session token is given to the user when he starts running a facebook application, as long as this token is not stolen, other people cannot impersonate him. To increase security, a new token is also generated again when it has expired or has been cleared.
So what is the problem here? Why do people want infinite session token in facebook?
How is it useful to both developers and end-users of facebook applications?
It's now called "offline_access". You're right in that most applications don't need this permission; however, occasionally an app may want to do some processing on behalf of the user while the user isn't present. For example, there are some blogging apps like posterous.com that allow you to email your blog posts - and they may want to publish without asking each time. For those, it's appropriate to ask for the extended perm.
Here's more information about how to request the permission:
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/Extended_Permissions/
Why do people want infinite session
token in facebook?
So that when they exit their browser and restart it, they don't have to type in the username and password again. The authentication is still there so they can just simply start facebooking.