How to make ASIHTTPRequest support oauth2? - cocoa

I need to use ASIHTTPRequest , but it is not support oauth2 protocol .If there is a way to make ASIHTTPRequest to support oauth2?

You should take a look at What's the best iOS OAuth2 framework question here on StackOverflow. There MattDiPasquale mentioned the FROAuth2Request project on github which does exactly what you're looking for. It adds OAuth2 support to ASIHTTPRequest.

OAuth is not a protocol as, for example, HTTP or FTP, but builds ontop of HTTP and adds authentication. So what you're looking for is a implementation of OAuth (like https://github.com/thekarladam/MPOAuth) ontop of ASIHTTPRequest.
A short googling brought me to this project on github: https://github.com/mdales/asi-http-request . Maybe it's that what you're looking for? I don't know it, so I can't tell if it's good.

Related

Oauth 2.0 Authentication Scheme apiary apiblueprint example needed

I have a REST API which uses Azure Active Directory and OAuth 2.0 to authenticate.
How can I set this up using api blueprint in apiary.
I can see it works for http://docs.powerbi.apiary.io/
Just cannot seem to find an example.
Any pointers?
actually APIBlueprint does not support any authentication scheme.
However, something is definitely moving in the right direction: you can notice it looking at this pr and its subsequent discussion
Actually Apiary has some sort of private-beta OAuth 2 support but it is enabled on request and it's definitely not a feature of APIBlueprint itself (yet).
I hope this clarifies the issue.

DotNetOpenAuth vs Owin OAuth

I am new the webAPI2, so please excuse me if my question is trivial. I want to implement token based security for my webAPI, so that other applications (apart from my SPA) can also call my webAPIs.
I started with Owin OpenAuth and implemented a POC. Everything worked well. But when I had to send client to Authorization to Authorization server, I could not find any inbuilt function to do that. I had to build this my self. Then I came across DotNetOpenAuth that provides APIs to set the communication as well. As far as I could find out, Microsoft is favoring Owin OpenAuth over DotNetOpenAuth.
Can anybody please provide the differences between these two? Also, which one is recommended?
Thanks In Advance
Brock Allen answered a similar question here
The OWIN middleware is grated more for just the protocol bits, but has
none of the necessary persistence bits (or replay protection or
refresh token support or many other things). If you are interested in
working directly with the protocol because you want to learn it and
really learn how to build a server, then the OWIN middleware is an ok
place to start. But if all you want is a sever that already has all of
those pieces implemented, then consider looking into IdentityServer
or DotnetOpenAuth

OmniAuth/OAuth Authentication from a ruby script

Is there a way I can test out the OmniAuth authentication from a standalone ruby script?
Every resource I could find on web lists its usage only in Rails project.This link too: http://www.omniauth.org/
In other words I could not find any client like this FitGem. The fitbit API uses Oauth authentication.FitGem is a client inteface to test out the authentication/authorization to FitBit using OAuth token.
More details here on FitGem: http://www.fitbitclient.com/guide/getting-started
Thanks.
I realize this is old, but I came across it whilst googling so others might also. Maybe this will help the next passerby...
To answer the question - no, it isn't possible to use OmniAuth within a simple, standalone script. What froderik said is correct, OmniAuth was designed to be used within an app on a rack-based framework (Rails, Sinatra, Pakyow, etc.).
To expand on that just a bit though, OmniAuth relies on the ability to intercept and send HTTP requests to/from your app. By default, OmniAuth intercepts requests to /auth/:provider to kickoff the authorization process and will then send callbacks to either /auth/:provider/callback or /auth/failure depending on the outcome of the auth attempt.
Obviously, that functionality is beyond the scope of a standalone script. But if I were to recommend a solution for writing a quick test using OmniAuth, I'd recommend Sinatra. It's certainly not the only solution (any rack-based framework will do), but it provides the needed functionality with minimal overhead.

Is there a SAML library for The Go Language?

I see that the goauth and go-oauth OAuth libraries have been written for the Go Programming Language, but a couple of hours of searching online turns up nothing for SAML.
I would like to use Go to implement SSO support using SAML for a web service, but without a SAML library for Go it looks like I will have to "wrap" the SAML logic in a separate service, implemented in another language.
Does anyone know of a Go-friendly SAML library, or maybe some some trick for using a Java, C, or PHP library from a Go program?
I have used gosaml and it works pretty good but there is also go-saml from robots and pencils.
I figured after a year, it would be good to answer this question because it would still be good to have some sort of answer here for people looking for SAML libraries for Go.
I haven't seen a SAML implementation for Go, but you could use a server that already implements it in front of your app.
One of the best supported SAML implementations is Shibboleth. The apache module is the most mature, and is probably the easiest method to use, since you just put your app behind a reverse proxy in apache. There's also a fastcgi authenticator, which uses the same backend, but I can't speak for it's ease of implementation.
If you just need a service-provider, the simplest SAML binding is HTTP-POST-SimpleSign. I made a proof-of-concept implementation in python, to try and demonstrate the simplest SP I could. I make no claims to the robustness of this module, but you can see that it could be done with not too much code. That's assuming the Identity Providers you're working with support this binding. And as always, be wary when deploying any custom security-related code.
If you want to validate SAML replies from AWS IdP in your assertion consumer endpoint then you better go with https://github.com/crewjam/saml as it does not rely on libxmlsec1 system library.
For some reason libxmlsec1 does not validate SAML replies from some IdP (AWS) successfully (supposedly because of some undefined namespaces).

Multi authorization with CodeIgniter

I have my own CodeIgniter webapp.
I want to add to my site the multi-authorization from Facebook, Google, Twitter and OpenID sites.
(like here - https://stackoverflow.com/users/login)
Is it possible with CodeIgniter?
P.S. I've found some extensions for CI, but they are single and there is no way to merge them.
Facebook uses oAuth2
Twitter uses oAuth
StackOverflow uses OpenID.
Merging 3 entirely different protocols is not easy work, which is why no easy solution exists. You'll have to get your hands dirty for this sadly.
The closest you'll get is:
https://github.com/elliothaughin/socialize
That is not tested and I'm not sure if Elliot ever got around to finishing it.
What is used in Stackoverflow is called OpenID. Knowing the name, you can search for OpenID+CI implementations and you'll find a couple of libraries out there, and I guess this is the latest one.

Resources