Stack Overflow
Stack Overflow

Questions tagged [oauth-2.0]

OAuth (Open Authorization) is an open protocol framework to allow secure API authorization in a simple and standardized way for desktop, mobile and web applications. OAuth 2.0 is the second version of the OAuth protocol.

OAuth (Open Authorization) is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.

OAuth 2.0 is the second version of the OAuth protocol.

Popular services that support OAuth 2

References

Official Logo:

oauth 2 logo

19611 questions
155
votes
28 answers

How to obtain Signing certificate fingerprint (SHA1) for OAuth 2.0 on Android?

I'm trying to register my android app following the steps in https://developers.google.com/console/help/#installed_applications which leads me to follow http://developer.android.com/tools/publishing/app-signing.html. However, I'm not sure how to…
Alex
  • 1,665
  • 2
  • 11
  • 7
145
votes
3 answers

What are Bearer Tokens and token_type in OAuth 2?

I'm trying to implement the Resource Owner & Password Credentials flow from the OAuth 2 spec. I'm having trouble understanding the token_type value that gets sent back with a valid response. In the spec all the examples show "token_type":"example"…
Micah
  • 101,237
  • 81
  • 221
  • 320
132
votes
4 answers

How to implement oauth2 server in ASP.NET MVC 5 and WEB API 2

First I'll sketch my project: For my internship I need to add functionality to an existing system. A 3rd party client must be able to access data from AX Webservices once he is authorised by the user via OAuth2. I understand that I need to make a…
Robin
  • 2,569
  • 7
  • 25
  • 46
123
votes
4 answers

JWT (Json Web Token) Audience "aud" versus Client_Id - What's the difference?

I'm working on implementing OAuth 2.0 JWT access_token in my authentication server. But, I'm not clear on what the differences are between the JWT aud claim and the client_id HTTP header value. Are they the same? If not, can you explain the…
Chris Swain
  • 3,695
  • 5
  • 19
  • 22
115
votes
8 answers

Where can I find a list of scopes for Google's OAuth 2.0 API?

The example I'm working with specifies the scope in the OAuth request as: scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile which decodes into two…
Dylan Beattie
  • 50,029
  • 31
  • 120
  • 189
109
votes
9 answers

Is there any JSON Web Token (JWT) example in C#?

I feel like I'm taking crazy pills here. Usually there's always a million library and samples floating around the web for any given task. I'm trying to implement authentication with a Google "Service Account" by use of JSON Web Tokens (JWT) as…
Levitikon
  • 7,329
  • 8
  • 51
  • 71
105
votes
5 answers

Error :Request header field Content-Type is not allowed by Access-Control-Allow-Headers

I created an mvc4 web api project using vS2012. I used following tutorial to solve the Cross-Origin Resource Sharing, "http://blogs.msdn.com/b/carlosfigueira/archive/2012/07/02/cors-support-in-asp-net-web-api-rc-version.aspx". It is working…
Kishore
  • 1,197
  • 2
  • 10
  • 15
98
votes
7 answers

What is intent of ID Token expiry time in OpenID Connect?

In OpenID Connect an access token has an expiry time. For authorization code flow, this is typically short (eg 20 minutes) after which you use the refresh token to request a new access token. The ID token also has an expiry time. My question is…
Appetere
  • 5,285
  • 4
  • 31
  • 44
98
votes
3 answers

client secret in OAuth 2.0

To use google drive api, I have to play with the authentication using OAuth2.0. And I got a few question about this. Client id and client secret are used to identify what my app is. But they must be hardcoded if it is a client application. So,…
Bear
  • 4,888
  • 4
  • 46
  • 76
98
votes
23 answers

PG undefinedtable error relation users does not exist

I saw this question up before, but only for rspec. I haven't created test yet because it's too advanced for me but one day soon i will! :P I get this error when I try to sign-up/login into my app. I used devise to create user and also omniauth2 to…
Naomi K
  • 1,297
  • 3
  • 12
  • 20
96
votes
17 answers

How to refresh token with Google API client?

I've been playing around with the Google Analytics API (V3) and have run into som errors. Firstly, everything is set up correct and worked with my testing account. But when I want to grab data from another profile ID (Same Google Accont/GA Account)…
seorch.me
  • 971
  • 1
  • 7
  • 4
96
votes
5 answers

What's the right OAuth 2.0 flow for a mobile app

I am trying to implement delegated authorization in a Web API for mobile apps using OAuth 2.0. According to specification, the implicit grant flow does not support refresh tokens, which means once an access token is granted for an specific period of…
Pablo Cibraro
  • 3,609
  • 1
  • 23
  • 16
95
votes
1 answer

OAuth Authorization vs Authentication

OAuth terminology has been bothering me a long time now. Is OAuth Authorization as some would suggest or is it Authentication? Correct me if I'm wrong but I have always read Authorization as being the act of allowing someone access to a resource…
edgarhsanchez
  • 1,143
  • 1
  • 10
  • 9
94
votes
7 answers

Correct way to set Bearer token with CURL

I get my bearer token from an API end point and set the following: $authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274" Next I want to use CURL to access the secure endpoint however I am unsure on how or where to set the Bearer…
HappyCoder
  • 5,285
  • 4
  • 36
  • 67
94
votes
2 answers

OAuth 2.0 Authorization Header

I want to develop a SDK that encapsules the OAuth 2.0 functions. I have checked the differences between OAuth 1.0 & 2.0, and I have some confusion on Authorization Header (1.0 and 2.0), OAuth 1.0 protocol parameters can be transmitted using the…
JKhuang
  • 1,433
  • 1
  • 12
  • 14
1
2
3
99 100