Stack Overflow
Stack Overflow

Questions tagged [oauth-2.0]

OAuth (Open Authorization) is an open protocol framework to allow secure API authorization in a simple and standardized way for desktop, mobile and web applications. OAuth 2.0 is the second version of the OAuth protocol.

OAuth (Open Authorization) is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.

OAuth 2.0 is the second version of the OAuth protocol.

Popular services that support OAuth 2

References

Official Logo:

oauth 2 logo

19611 questions
91
votes
5 answers

Restrict Login Email with Google OAuth2.0 to Specific Domain Name

I can't seem to find any documentation on how to restrict the login to my web application (which uses OAuth2.0 and Google APIs) to only accept authentication requests from users with an email on a specific domain name or set of domain names. I would…
paradox870
  • 1,986
  • 3
  • 17
  • 26
88
votes
12 answers

How to Logout of an Application Where I Used OAuth2 To Login With Google?

In my application, I implemented Google signout using jsapi. I used the url https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx to connect to Google and then https://www.googleapis.com/plus/v1/people/xxxxxx to get user data from…
Vinesh EG
  • 1,115
  • 1
  • 8
  • 13
86
votes
7 answers

How can I revoke a JWT token?

I am using Spring Security OAuth2 and JWT tokens. My question is: How can I revoke a JWT token? As mentioned here http://projects.spring.io/spring-security-oauth/docs/oauth2.html, revocation is done by refresh token. But it does not seem to work.
sabu
  • 1,599
  • 3
  • 16
  • 27
83
votes
7 answers

Using Postman to access OAuth 2.0 Google APIs

I am trying to access Proximity Google API using Postman chrome app. I have followed tutorials on postman and google dev website but I'm still getting 401 error message. What am I doing? Step 1 - Enable Proximity API: In order to use Proximity…
Sai
  • 1,691
  • 1
  • 16
  • 26
82
votes
2 answers

OAuth v2 communication between authentication and resource server

I'm having some troubles understanding how OAUTH-v2 works. The OAuth version 2 spec reads: Accessing Protected Resources The client accesses protected resources by presenting the access token to the resource server. The resource server MUST…
nisc
  • 3,803
  • 3
  • 26
  • 33
81
votes
4 answers

OWIN Security - How to Implement OAuth2 Refresh Tokens

I am using the Web Api 2 template that comes with Visual Studio 2013 has some OWIN middleware to do User Authentication and the likes of. In the OAuthAuthorizationServerOptions I noticed that the OAuth2 Server is setup to hand out tokens that expire…
SimonGates
  • 5,623
  • 3
  • 35
  • 50
81
votes
12 answers

Salesforce Authentication Failing

I am trying to use OAuth authentication to get the Salesforce Authentication Token, so I referred wiki docs, but after getting authorization code, when I make a Post request with 5 required parameters, I'm getting following exception…
Vardan Gupta
  • 3,265
  • 5
  • 26
  • 39
81
votes
9 answers

Is there an OAuth 2.0 Provider implementation in Java? (not oauth client)

So basically I want to protect my APIs with OAuth 2.0 and implement an OAuth Provider to enable acquiry of accessTokens etc. Can it be done with JOAuth out of the box? Has anybody already implemented something like this with an Open Source library…
JustGoscha
  • 23,623
  • 14
  • 46
  • 61
80
votes
4 answers

Authorization Credentials Stripped --- django, elastic beanstalk, oauth

I implemented a REST api in django with django-rest-framework and used oauth2 for authentication. I tested with: curl -X POST -d…
sahutchi
  • 2,043
  • 17
  • 20
79
votes
4 answers

Difference between OAuth 2.0 "state" and OpenID "nonce" parameter? Why state could not be reused?

OAuth 2.0 defines "state" parameter to be sent in request by client to prevent cross-site request attacks. Same is mentioned in OpenID spec for "nonce". Apart from the fact that "nonce" is returned in ID token instead of query parameters, they…
dvsakgec
  • 2,388
  • 2
  • 19
  • 29
77
votes
6 answers

Facebook OAuth: custom callback_uri parameters

I'd like to have a dynamic redirect URL for my Facebook OAuth2 integration. For example, if my redirect URL is this in my Facebook app: http://www.mysite.com/oauth_callback?foo=bar I'd like the redirect URL for a specific request be something like…
Jacob
  • 72,750
  • 22
  • 137
  • 214
76
votes
8 answers

Getting "error": "unsupported_grant_type" when trying to get a JWT by calling an OWIN OAuth secured Web Api via Postman

I have followed this article to implement an OAuth Authorization server. However when I use post man to get a token, I get an error in the response: "error": "unsupported_grant_type" I read somewhere that the data in Postman needs to be posted…
user20358
  • 12,976
  • 29
  • 106
  • 174
75
votes
3 answers

where is devise implementation of "authenticate_user!" method?

Where is devise implementation of authenticate_user! method? I have been looking for it and have not found it so far.
Greg
  • 31,898
  • 75
  • 232
  • 424
75
votes
1 answer

How to keep the client credentials confidential, while using OAuth2's Resource Owner Password Credentials grant type

We are building a rest service and we want to use OAauth 2 for authorization. The current draft (v2-16 from May 19th) describes four grant types. They are mechanisms or flows for obtaining authorization (an access token). Authorization…
Georgi Stoyanov
  • 1,178
  • 1
  • 10
  • 13
75
votes
3 answers

HTTPError 403 (Forbidden) with Django and python-social-auth connecting to Google with OAuth2

Using python-social-auth, I get a 403: Forbiden error message after accepting access from google EDIT: I've recently (2017) had the same error but under a new message: 401 Client Error: Unauthorized for url:…
damio
  • 5,260
  • 3
  • 32
  • 50
1 2
3
99 100