I want to get an API token for a specific user using openshift rest api. I have a web application which can be used by any user in my organization. I want to be able to authenticate the user in my application using an internal oauth service, after authentication, i want to authorize the user to be able to call openshift rest apis.
I have found 2 APIs, /authorize and /token which get called up to generate api tokens which can be sent as Bearer 'Token' in the REST APIs headers. But not able to find a way to call them. I have been facing CORS errors calling these APIs using AJAX request.
https://openshift-master.bruxelles.sodigital.io/oauth/authorize?client_id=openshift-browser-client&response_type=code
This url is internal to my organisation which authenticates the employees if not authenticated, and then displays a token on the web page. I want to be able to get that token.
Related
We have a web app that has authentication on the front-end (React JS) using Microsoft OAuth, but no authentication at the back end side (Spring Boot), meaning everybody can access the APIs. We want to secure the APIs using the "Access token" generated by the UI (front-end). The idea is that UI passes the token to the back-end in every API call. Since each API call would contain the token, the back-end will use this to validate which user this token belongs to. Is there a way to achieve this using MSAL?
Tl;dr: How to obtain user details (email and user name) from Microsoft OAuth generated token using MSAL?
I did try going through this: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-overview but to no help
We have a scenario where we have different apps in the backend that needs to do some operation between them. Those apps are registered in the Okta console and have their own workflow. They both allow access to users that authenticate through an access token that they will get through a process the widget on the web. The two services needs to perform operations between them. For example, on one service we need information about products on another service. But it's not a "user" request, it's a service to service.
As far as my understanding goes, we still need to send a request as it would a normal user, so we need a bearer token to authenticate the request.
I cannot find in the docs a way to request an access token on the backend. I only found some libraries that can help providing a callback uri and multiple step process where you need to have a window to pop up to interact to insert your Okta login.
Is there any way to request an access token as an API call? In the backend services we won't have windows to pop up and authenticate?
We tried to use Okta-auth-js but seems to be more "front-end" oriented as most of the methods are "browser-only".
Yes, you need to create OIDC application of type "OAuth service", which will created "client credential" flow app for you. It supports calls to /token endpoint using client_id and client_secret available after the creation of the app in Okta. As a result of your call to /token directly from the backend, you will obtain an access token for machine-to-machine communication (no user context)
I have a simple REST API which is a GET service and doesn't require any user login to consume, but I want to protect it using Bearer Token, when I research on this in internet it's been showed that I need to implement bearer token only after user logs in and authenticated. Is there a way in springboot where I can generate a token for my API and give it to client and client calls my API with that and the program validates the same and provides response?
You have the OAuth2TokenGenerator available in Spring Authorization Server.
My setup is as follows:
Rest APIs (Spring boot)
Front-end application (Angular 8)
Auth Server (Keycloak)
Current scenario:
User enters the username and password in the angular login page.
Angular makes a POST request and gets the access token, refresh token etc. from keycloak server.
In all subsequent request to rest api server(which is bearer only), the access token is passed in
header as "Authorization: Bearer <ACCESS_TOKEN>"
Rest api looks at the role of the user and based on that either returns the desired data or throws a 403 Forbidden exception.
What I want:
To authenticate external users using an api-key and then add rate-limiting to it. For that, i am using Kong API Gateway. For internal or trusted users that login through the angular app, the existing access token flow should work.
Issue:
When using apikey in Kong, it does pass the Kong's authentication but the rest api server still expects an access token and hence get the 401 unauthorized error.
I found the solution for this. Basically you need to configure an anonymous consumer and enable multiple authentication methods using the Kong's key-auth plugin for api-key based security and openid-connect plugin for keycloak based security.
For those who don't have Kong Enterprise, since openid-connect plugin is not open source, you can configure just the key-auth plugin with anonymous access enabled and then handle the keycloak based authentication in your rest application.
I am looking for tips or tutorial where I can fetch data from youtube data api.
By using only api key, I can use any rest api client in order to fetch many informations from https://www.googleapis.com/youtube/v3/channels.
And now, I would like to get auditDetails which needs authorization token https://developers.google.com/youtube/v3/docs/channels/list#auth.
[Edit]
By following the steps below (Using OAuth guides), I can now make request but I have an error 400 which is redirect_uri_mismatch:
The redirect URI in the request, http://localhost:9874, does not match the ones authorized for the OAuth client
In my console developer configuration, I set the redirect authorized url to http://localhost/authorize.php
So I do not understand why during the authentification, it uses http://localhost:9874