We build our own "OWIN OAuth 2.0 Authorization Server" using "Microsoft.AspNet.Identity.Owin" and "Microsoft.Owin" framework. Ref: https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
We can be able to send a request to our custom OAuth2.0 server and get OAuth2.0 access token from web applications by using "DotNetOpenAuth.OAuth2.Client".
Also, we can be able to successfully integrate our custom OAuth2.0 server with Cortana bot channel and its working fine.
But while integrating our custom OAuth2.0 server with Xamarin mobile application we are facing issues related to redirect_uri. We get a response like invalid_grant.
We are using "Xamarin.Auth" framework in Xamarin to send the OAuth request.
Here is the redirect_uri, we used in Web and Mobile
a. Xamarin app redirect_uri: com.Demo.Mobile:/oauth2redirect
b. Web site redirect_uri: https://demowebsite.azurewebsites.net/
https://user-images.githubusercontent.com/5037741/54964768-10d0ca80-4f44-11e9-9fd9-92673f07f919.png
Thanks in advance for help on this :)
We resolved the issue by using this redirect_uri pattern oauth2redirect:/com.company.package/
Related
I'm currently developing an app in asp.net core 2. However, i'm having issue configuring swagger properly and the authentication layer for the webapi.
In my instance, I have a web api that is configured with jwt. It uses the app id url as the jwt audience. Swagger is configured to run on top of this service and AAD is set up. However, because it's logging in to itself it has the resource configured as the web api client ID. Login successfully works, but the token does not work with the api calls. The main reason is that there is difference in resource/audience. The token is configured with an audience of the client ID and the webapi is conifgured with a jwtaudience of the app ID URL.
It only works if i configure the jwtAudience to the clientID. I doesn't work if i try to update the swagger resource as the app ID URL.
I need the jwtAudience to be configured to the APP ID URL. I can't figure how to do this thou.
Do i need to modify the AAD manifest to give permission to itself?
Any advice appreciated?
Thanks,
Derek
I am working through a process of validating the JWT after OKTA Login. I have a SPA Sample SPA Site that handles user login and calling an API.
SPA SITE
User Logins into OKTA
Obtains a JWT
Passes JWT to a .NET Web API (hosted on my own server not at OKTA).
WEB API: This accepts the JWT and needs to validate it.
Per OKTA I need verify the JWT through an Authorization Server. I setup the Authorization Server but I cannot see where the two features (shown on the images) are located on the SPA API or the Auth Server. This includes a URL that is required that follows the format of xxxx.okta.com/AS/{key}
Is there something that has to be enabled that is not enabled in my OKTA Account? I think so but what is it? OKTA support states that everything is enabled and confirmed this is a good code sample (GitHub) to use.
The Image Below should appear after setting up the SPA App. I cannot find this feature under the SPA or under the Auth Server. It does not seem to exist anywhere on OKTA. This is why it seems something is not enabled on my Dev account, or this documentation is outdated?
SPA Code Sample (includes the images below from the PDF) https://github.com/oktadeveloper/okta-oauth-spa-authjs-osw
I see that under the Security menu item -> API.
Also, when I had my app OpenID Connect enabled, I used well-known endpoint:
GET /.well-known/openid-configuration to get "jwks_uri", I used this url to self-verify the JWT token at the API level.
OKTA confirmed the code sample and documentation is out of date. They have no ETA to any updated samples and could not provide any documentation to help. This was via a response on a support ticket. Well already then, time to look at Azure.
I am building an ionic2 app and implemented google login flow. Which works fine and i get the token after a success full. How do i use this token to authenticate my project web api Endpoint ( using Oauth for generating the tokens). I am using default asp.net web api project template
I have a asp.net web api, that's been consumed by a ionic app.
This web api have some routes that need authorization and others that not.
is there anyway to configure the web api just to be consumed by the ionic app?
Any help would be appreciated.
Thanks
This spreads in a wide scope. However irrespective of the back end API (Asp.net), you are asking how to authenticate an ionic app with back end API.
Basically u have main 3 options
1 - Using an existing Authentication implementation like OAuth2
basically you have to implement an Oauth2 server from your back end and have an ionic client to communicate with it
You will find some server libraries for .net in the OAuth2 web site
For client , you can use ng-cordova-oauth
2 - Let the Authentication handled by a 3rd party provider like (google)
What you can basically do it, let user to login through Ex: there google account,
send the api token to your back end api (in the first request)
Let the back end api validate the key with same provider
3 - Roll out your own authentication service
DONT :),
Try to implement a simple authentication service. But not the best way to go
HTH
Having a Asp.Net MVC 5 Web Role using OWIN Katana Components for OAuth and OpenId. Enabled Google Authentication support inside Startup.Auth.cs (provided by default MVC 5 template).
Everything works fine until authentication but not sure how to request authorizaion token as mentioned here Google Contacts API v3.
Please share pointers to samples or documentation. Thank you.
Google has multiple authentication protocols. The one implemented in Katana v2.0 is not OAuth2, so there is no authorization token. It's only useful for having google confirm who the user is, it does not give you access to their resources.
In Katana v2.1-rc1 (coming this month) support is being added for Google's OAuth2 protocol.
https://katanaproject.codeplex.com/SourceControl/changeset/0eb10848ae18a5f339e7fde8ff1e877242e944dc