Stack Overflow
Stack Overflow

Questions tagged [api-authorization]

70 questions
3
votes
1 answer

Passing token in header to Prophet 21 API

This is the first time I am working with Prophet 21 by Epicor. I am having a hard time figuring out how to pass the token in the HTTP request header after I authenticate with a user…
thestepafter
  • 578
  • 1
  • 4
  • 19
3
votes
1 answer

IdentityServer4 usage of IdentityServerTools to create a token from within identity server

I'm using IdentityServer4 and have a scenario where I need to initiate a call to a secured API during a password reset process. IdentityServer4 does provide IdentityServerTools for the purpose of calling a secured resource from an extensibility…
LugTread
  • 333
  • 3
  • 12
2
votes
0 answers

Connecting to Web API with Cookie Authentication and CSRF Token

*UPDATE AT THE END I need help with using an API to authenticate into https://connect.garmin.com/signin/. I am using VBA and Power Query to automate the collecting of workout data from my Garmin account. As far as I can tell, the website uses cookie…
cam
  • 21
  • 4
2
votes
0 answers

Get data related to logged user from web api using Angular

I cannot figure out safe way to get only data linked to authenticated users using ASP.net core web api and Angular (PWA). I tried 1. MSAL inside Angular and called an API function with login ID but Java based client codes do not seem to be safe or…
Aussie
  • 67
  • 1
  • 9
2
votes
1 answer

ASP.NET Core Web API + Azure AD Authentication

I need some help with implementing authorization infrastructure for my application. I have a Angular SPA application that works with a Web API. This Web API in turns uses another Web API to serve its request. So, I have totally 2 Web APIs and a…
dks
  • 121
  • 9
2
votes
2 answers

How to handle authorization for a non-user based Laravel API?

I have a Laravel web application for a restaurant with its own user base. I have another web application for a bookstore with its own different user base. I would like to create a third application (mostly API, probably using Lumen) that can create…
Jk33
  • 654
  • 1
  • 7
  • 21
2
votes
1 answer

Securing ASP .Net Web API for usage with mobile application

I am currently using Token based authorization via OWIN to keep my APIs from being exposed to everybody. However, there is a flaw attached to this method. Once a user gets a token, he can access any API across my website and get the response for any…
Ravi Kiran
  • 436
  • 1
  • 5
  • 17
2
votes
1 answer

How should I use "Personal access tokens" of MindMeister API?

About the authentication of MindMeister API, there are three types: API Keys OAuth 2.0 Apps Personal Access tokens I want to use the third one, it explains the next: Personal access tokens Personal access tokens enable direct access to your…
Vinicio Ajuchan
  • 194
  • 9
1
vote
0 answers

OpenIddict: Share authentication between ASP.NET Core application and WEB.API Application

I have an asp.net core web application that using OpenIddict. It works fine and users can login. Now I want to add web.api hosted on separate subdomain, but because the user is already authenticated I want to somehow share that authentication. Is it…
Yaplex
  • 2,182
  • 1
  • 18
  • 36
1
vote
1 answer

Authorization depending on user organization .net core

I have Organization, UserType, AspNetUser,Department, Stock and SIM tables as the following schema when the user call the endpoint api/sims/1 and the user type for the user is not super admin and the organization of the user is not the same as the…
Mohamed Khalaf
  • 11
  • 1
1
vote
1 answer

Authentication for public Laravel API

I'm making a public API to allow third party websites to interact with my app, I was wondering what the best way to manage authentication would be. I'm currently looking into using Laravel Passport but I'm slightly confused by how the workflow…
hcphoon
  • 447
  • 3
  • 12
1
vote
3 answers

JMeter: auth2.0 Authentication Process (B2C Architecture)

Steps: Hitting the website- It is being redirected to an URL which contains parameters such as STATE, NONCE and CLIENT-REQUEST-ID which are dynamic. So, in JMeter, I am unable to fetch those values as those are coming directly in a HTTP…
Aditya Singh
  • 21
  • 3
1
vote
1 answer

List authorized resources in UMA 2.0

I'm looking at UMA 2.0 for fine grainde authorization in my webapp. But UMA 2.0 requires a client to try accessing a resource hosted on a Resource Server, get back an HTTP 401 error and a ticket to use when asking the Authorization Service for an…
BPas
  • 99
  • 5
1
vote
1 answer

Server-2-server authorizaton in microservice architecture

It's clear for me about users authorization in microservice architecture (API Gateway for handling auth, SSO, authorization microservice and so on). Now i'm thinking about authorization request between microservices. And there is one question -…
mashinapetro
  • 11
  • 1
1
vote
1 answer

GoogleJsonWebSignature ValidateAsync JWT invalid

Please help me about JWT invalid google authorize. I am using references below to authorize: After I authorize, an hour or two later It still work perfect, but along time later, I do not know exactly how many days later, it not working and throw…
Andreis IT
  • 21
  • 2
1
2 3 4 5