Can someone help me in generating a access-token for Stormpath.
I'm following the steps mentioned storms api doc.But stuck with error code 404(The requested resource does not exist).
I'm using end point (http://api.stormpath.com/v1/oauth/token?grant_type=client_credentials) to get the tokens and passing all HEADER values as mentioned in API document. Have some used it before ?
I work at Stormpath and can help you with this.
The answer is that you need to use one of our SDKs on your server. At this time we don't support token creation directly from our API. Instead you will need to expose this functionality on your server by using one of our SDKs. The SDK will work with your Stormpath Application to create the tokens and serve them from your serve.
This section of the documentation has examples:
http://docs.stormpath.com/guides/api-key-management/#using-the-stormpath-sdk-to-authenticate-and-generate-tokens-for-your-api-keys
Hope this helps!
Related
I am learning Spring and have written a simple RESTful web service that is not intended for browsers but for native mobile apps only. When trying to implement basic authentication for users. I've hit a wall, because the sources (even official tutorials) assume (and recommend) using OAuth2 through a browser with SSO and\or social logins.
All I want is to create an API RESTful endpoint that will take an email address and a password and return a token (possibly JWT). I do not need extended support for roles (but am not against it) and dynamic token revokation if that matters.
Is there any easy library/solution/tutorial that focuses on something similar?
Edit:
Thanks for the answers — all of them shed more light on the auth process and are quite useful and on point!
Please check here, I have a working example for the spring security on my github. You may need to change the spring.active.profiles=jwt, to enable the jwt configurations on this project.
There are many tutorials available on internet for implementing JWT token based authentication using Spring Boot. Please find below some of them
https://dzone.com/articles/spring-boot-security-json-web-tokenjwt-hello-world
https://www.javainuse.com/spring/boot-jwt
Please go through them and try to implement. If you need a working code for reference, you can search GitHub for code. This is one of them https://github.com/murraco/spring-boot-jwt
I'm writing a RESTful API using Laravel 5. Out of the box, Laravel 5 provides a number of middleware services for authentication, etc.
I'm implementing a token-based authentication system for a RESTful API. My question is whether or not I should modify the existing Laravel 5 files or whether I should just ignore them and create my own middleware.
I know either would work but I'm more wondering about best practice particularly in the light of upgrading down the track as it always makes me a little nervous modifying the original code files in a framework. My normal expectation would be that a framework is kept in a separate folder from my application so that its clear which files can be safely modified with minimal effect on the upgrade path.
Not a direct answer to your question, and I have no personal experience with it, but if you hadn't seen it this may be what you're looking for: https://github.com/susomena/Laravel-Token-Auth
You can refer How to create Token-Based authentication in laravel 4?
There the answer includes link to a OAuth2-Server-Laravel which helps you to implement OAuth2 Token based Verification of requests for create Restful Api.
For documentation of OAuth2-Server0Laravel refer this link.
I'm a novice developer and use Parse.com to power the backend of my iPhone app.
I was wondering if it was possible to manage Facebook OAuth issues from Parse's cloud code (my backend) using http requests or the Facebook JS SDK.
For example: a user's long-term access token becomes invalidated due to expiration. I would like to be able to generate a new access token on the backend, given that I have access to: the old access token, my app_id, my app_secret, and the user's facebookID.
Q1: is it possible to generate a user access token using an http request? I know that I can generate an app access token, but this is not what I want (https://developers.facebook.com/docs/facebook-login/access-tokens). If it is possible, what is the correct structure for the http request (I've spent several hours trying to find an example and haven't been able to).
Q2: if #1 is not possible, is it possible to use the Facebook JS SDK in Parse Cloud code? Parse has previously stated this is not supported since the Facebook JS SDK assumes/necessitates being executed from a browser, but wouldn't it be possible to mimic a browser and still have this function correctly? If so, please provide example code.
Thanks!
Looks like this question has been answered already here: https://parse.com/questions/cloud-code-how-to-get-current-users-facebook-access-token
Parse.User.current().get('authData')['facebook']
We have a .Net Web API (v2) serving an SPA that I aim to secure using OAuth 2.
In my OWIN Startup.Configuration(), I set my Provider in IAppBuilder.UseOAuthAuthorizationServer to an override of OAuthAuthorizationServerProvider. I have this successfully providing refresh tokens.
I want to be sure that these tokens cannot be spoofed by someone implementing a similar provider. No searching I have done has given me any kind of answer.
Does OAuthAuthorizationServerProvider ensure that the refresh tokens received are those issued by itself, and not any similar code on a hacker's machine?
My own experiment seems to confirm that it does - I tried the same code running on two different machines and took the unexpired refresh token (with a long expiry of 24 hours) from the other machine, and got a 401 as I'd hope. But just in case I've wrongly convinced myself, I'd like some reassurance and/ or advice from someone who knows more about OAuth in the .Net Web API than I.
Thanks,
Paul
I'm sure I eventually found a definitive answer in the doc for OAuthAuthorizationServerProvider but now can't find it.
However, Dominick Baier, an expert in this field, says:
Access tokens are protected using the machine key. Protection of refresh tokens is up to you. You need to manually set the machineKey element in web.config (otherwise the key gets auto generated and might change over time).
His comment comes from a reply to a post on implementing OAuthAuthorizationServerProvider.
I'm trying to move my web application to the Google Chrome store, and I want to charge for premium features. The problem is, to use the Chrome Web Store License API I need their Google OpenID identifier. I've read other similar questions, but none with code examples.
I found this example, but it seems to be for a different purpose.
So my question is, how do I use the Federated Login in a Sinatra / Rack environment to get that one parameter?
Thank you.
You need to authenticate users with OpenID. The link has an example that shows how to use Rack::OpenID.
With Google, instead of requesting the openid_identifier from the user you would need to hardcode https://www.google.com/accounts/o8/id as identifier (instead of params["opened_identifier"]) then run normal OpenID.