I have a REST API which uses Azure Active Directory and OAuth 2.0 to authenticate.
How can I set this up using api blueprint in apiary.
I can see it works for http://docs.powerbi.apiary.io/
Just cannot seem to find an example.
Any pointers?
actually APIBlueprint does not support any authentication scheme.
However, something is definitely moving in the right direction: you can notice it looking at this pr and its subsequent discussion
Actually Apiary has some sort of private-beta OAuth 2 support but it is enabled on request and it's definitely not a feature of APIBlueprint itself (yet).
I hope this clarifies the issue.
Related
I can't figure out what public data means in Google Docs API guides.
Reading the Google Docs API guide authorizing section, we find that for public data the OAuth 2.0 is not necessary, then I tried using patchupdate to update a document which is shared to edit for anyone with the link, and I could not get it to work because the API returns an authentication error.
So the questions are, what is API key for and what does Google mean with public data?
I understand that you refer to the «If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key or an OAuth 2.0 token, or both» part. It says that you should use either an API key or an OAuth 2.0 token (or both), whatever is more convenient for your project. In this guide you can learn more about how to communicate with Google APIs using OAuth 2.0. Meanwhile in this documentation you can see the approach used with API keys. Please don't hesitate to ask me to clarify myself.
I am new the webAPI2, so please excuse me if my question is trivial. I want to implement token based security for my webAPI, so that other applications (apart from my SPA) can also call my webAPIs.
I started with Owin OpenAuth and implemented a POC. Everything worked well. But when I had to send client to Authorization to Authorization server, I could not find any inbuilt function to do that. I had to build this my self. Then I came across DotNetOpenAuth that provides APIs to set the communication as well. As far as I could find out, Microsoft is favoring Owin OpenAuth over DotNetOpenAuth.
Can anybody please provide the differences between these two? Also, which one is recommended?
Thanks In Advance
Brock Allen answered a similar question here
The OWIN middleware is grated more for just the protocol bits, but has
none of the necessary persistence bits (or replay protection or
refresh token support or many other things). If you are interested in
working directly with the protocol because you want to learn it and
really learn how to build a server, then the OWIN middleware is an ok
place to start. But if all you want is a sever that already has all of
those pieces implemented, then consider looking into IdentityServer
or DotnetOpenAuth
I see that the goauth and go-oauth OAuth libraries have been written for the Go Programming Language, but a couple of hours of searching online turns up nothing for SAML.
I would like to use Go to implement SSO support using SAML for a web service, but without a SAML library for Go it looks like I will have to "wrap" the SAML logic in a separate service, implemented in another language.
Does anyone know of a Go-friendly SAML library, or maybe some some trick for using a Java, C, or PHP library from a Go program?
I have used gosaml and it works pretty good but there is also go-saml from robots and pencils.
I figured after a year, it would be good to answer this question because it would still be good to have some sort of answer here for people looking for SAML libraries for Go.
I haven't seen a SAML implementation for Go, but you could use a server that already implements it in front of your app.
One of the best supported SAML implementations is Shibboleth. The apache module is the most mature, and is probably the easiest method to use, since you just put your app behind a reverse proxy in apache. There's also a fastcgi authenticator, which uses the same backend, but I can't speak for it's ease of implementation.
If you just need a service-provider, the simplest SAML binding is HTTP-POST-SimpleSign. I made a proof-of-concept implementation in python, to try and demonstrate the simplest SP I could. I make no claims to the robustness of this module, but you can see that it could be done with not too much code. That's assuming the Identity Providers you're working with support this binding. And as always, be wary when deploying any custom security-related code.
If you want to validate SAML replies from AWS IdP in your assertion consumer endpoint then you better go with https://github.com/crewjam/saml as it does not rely on libxmlsec1 system library.
For some reason libxmlsec1 does not validate SAML replies from some IdP (AWS) successfully (supposedly because of some undefined namespaces).
offline_access will be deprecated, does it influence session_key, secret of REST API? If I store REST auth infomation, may it use?
This is not have effect on anything related to API querying nor authentication flow aside fact that you will not get permanent access_token and will need to get active access_token from user and extend it manually (if you need).
BTW, REST API is also not something you should actively use, since it'll be deprecated
We are in the process of deprecating the REST API. If you are building a new Facebook app, please use the Graph API. While there is still functionality that we have not ported over yet, the Graph API is the center of Facebook Platform moving forward and where all new features will be found.
I need to use ASIHTTPRequest , but it is not support oauth2 protocol .If there is a way to make ASIHTTPRequest to support oauth2?
You should take a look at What's the best iOS OAuth2 framework question here on StackOverflow. There MattDiPasquale mentioned the FROAuth2Request project on github which does exactly what you're looking for. It adds OAuth2 support to ASIHTTPRequest.
OAuth is not a protocol as, for example, HTTP or FTP, but builds ontop of HTTP and adds authentication. So what you're looking for is a implementation of OAuth (like https://github.com/thekarladam/MPOAuth) ontop of ASIHTTPRequest.
A short googling brought me to this project on github: https://github.com/mdales/asi-http-request . Maybe it's that what you're looking for? I don't know it, so I can't tell if it's good.