Hi is there a way to get users applications list in OKTA via jquery? Right now we are using Okta Iframe on our page, problem is that the okta content cannot be changed.
The operation that lists users assigned to an application is part of the Apps API, which requires an API token. For security reasons, you can't call it from jQuery code.
If you have a backend or API component to your application, you can use that to call this API securely and then pass the results to your frontend.
Related
I am using yammer REST API to get group data in sharepoint from yammer, it is opening a new tab for authentication. Is there any way to prevent this new tab?
I tried to open yammer in a hidden iframe, which gives me error - "Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin'."
It sounds like you're using the JS SDK to make REST API calls. It needs a way to authenticate those calls so if it doesn't have an OAuth token to use from another source, it prompts you to login. Take a look at this blog post that describes how to preauthorize the JS SDK so you can start making API calls scoped to the user loading the page without requiring any interaction from the user.
https://blogs.technet.microsoft.com/askyammer/2016/11/04/preauthorizing-the-yammer-js-sdk/
The site i am currently working on has been build in grails 3. The previous developers have build the majority of the front end in gsp, The end goal is to use react on the front end and just use grails as a rest api.
I am currently tasked with creating a new edition for the site and it will be the first component in react that needs authentication credentials to interact with users data.
this needs to be done before the rest of the site is transitioned here and there too react.
is there a way that i can gain access to a user's information that has signed in using gsp pages in react?
So i need to somehow securely pass the users information that is currently signed in on the non react site to the new react section without them having to sign in again. is this possible?
The best option is your grails backend issue a JWT token. This token identifies the user and can be used to securely access your API. Then you can have an API endpoint that returns detailed user information, if you need.
We're using Spring Social LinkedIn in a single page javascript app to authenticate a user. We're able to successfully authenticate against LinkedIn, but we're having trouble getting that to integrate with our javascript app. It actually breaks down into two issues:
Issue 1:
We're using one API key for a set or related apps - and we use a single sign-in process. We need a way to identifiy which app the user came from and to send them back to the right app after logging in. The problem we're having is LinkedIn only allows one redirect URL and I don't believe it can carry any parameters (that would probably be the solution if it's possible to carry a parameter like the identifier of the app they're in). Do you know of a way to conditionally redirect the person after login?
Issue 2:
When the user is authenticated, we store the user info in our database, but after that we need the log the user into our app and provide the user with a token. Is there a way after the LinkedIn authentication completes to trigger another call to the server to request the token?
I've a website ASP.NET Web API which have scaffolded auth code (I used built-in google auth), it's has both api vĂ mvc view. Then I'm building a Google Chrome Extension which to be a client of the website.
I'm looking for solution / best practice to have single-sign-on among this system. Should my website have to auth first and store token in cookies. And chrome extension will send request with token queried in the specific website cookies. If no token has been found, the chrome extension will open website auth form (google login form) to the user and continue website auth flow. the flow end will trigger chrome extension's callback to repeat the request. My design is very manual handle and I hope there's a better practice I can learn.
I am building a mobile app in which the users need to be authenticated via TrueVault which is a HIPAA compliant data store. TrueVault offers a REST API and generate an access token post basic authentication. They have endpoints to check token validity etc too.
We need to do 2 things:
1) Authenticate all users via TrueVault and store the auto generated TrueVault id in Parse to facilitate data mapping.
2) Setup an interceptor in Parse which verifies the access token with TrueVault before serving any protected resource.
What would be the simplest and most efficient way to implement the above? I have gone through the tutorial to add Third Party oAuth to the mobile apps, but TrueVault does not have oAuth in place yet and thus needs authorization requests via Basic Auth only. Also, would we need Cloud Code for the above or Custom Web Hooks?
Thanks
Sameer
i would suggest you to use retrofit, Gson(or jackson) and rxjava(rxAndroid) in order to handle all api calls, i made a quick overview to the api documentation and this libraries should work for this problem.
links:
https://github.com/square/retrofit
https://code.google.com/p/google-gson/
https://github.com/ReactiveX/RxAndroid
Cheers.