I have recently started developing an Android application for my companies Magento 2 store.
Magento has a built in REST API to retrieve data and it uses OAuth 1.0a.
I am quite familiar with developing for android and sending HTTP requests but I have never sent one using this type of authorisation. From Magento i have generated the necessary access tokens to connect to the api and have tested them using Postman and they work correctly. The tokens i have are:
Consumer Key
Consumer Secret
Access Token
Access Token Secret
I have searched around quite a bit but cannot find a solution, how do i add these to the header of a post request in Java, Android?
Thanks.
From the Magento Dev Docs:
Magento REST API uses 3-legged OAuth 1.0a protocol to authenticate the application to access the Magento service.
Related
From my application I have to invoke external http service which uses google authentication. It works when I invoke it from browser. I found out that it happens because I have cookie which contains
GCP_IAAP_AUTH_TOKEN_<random_string>
GCP_IAP_UID
So my cookie look like this:
cookie: GCP_IAP_UID=111111111111; GCP_IAAP_AUTH_TOKEN_1234567891234567890B=verylongstringhere"
I tried to set this cookie directly in my restTemplate and it works properly but I expect that I have to get token based on some kind of credentials.
webClient.post()
.uri(uploadUrl)
.header("cookie", "GCP_IAP_UID=12345678901234567890; GCP_IAAP_AUTH_TOKEN_12345678907645456546B=verylongstringhere")
Could you please provide example of correct usage GCP auth ? How to update token? Based on what?
Google APIs use the OAuth 2.0 protocol for authentication and authorization
You can obtain OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.
Before your application can access private data using a Google API, it must obtain an access token that grants access to that API.
There are several ways to make this request, and they vary based on the type of application you are building. For example, a JavaScript application might request an access token using a browser redirect to Google, while an application installed on a device that has no browser uses web service requests.
I recommend you to go trough OAuth 2.0 to Access Google APIs article to choose the best method for your application, there are a couple of documented scenarios to explain how GCP uses application authentication
Is there a way to use Java with auth0?
I have an Ember app that get its token from auth0.com,
but I can't find any documentation of how to consume that token through the Java API.
I can do it by generating the token from Java API, but this is not what I want.
Here are the steps I want to have:
Ember app gets access token from auth0.com (not from the Java API)
Send each request to Java API with the token bearer in the header
Java API should interpret the token and then serve the requested data if all is good
This quickstart shows you how to build a Java API that will look for a JWT access_token generated by Auth0 to validate each request made from a client.
The client (the Ember app or any other client) will request an access_token in the authorization call to Auth0, indicating the right audience (the identifier for your backend API). That access_token can then be used against the Java API.
You can debug the token in https://jwt.io. The aud claim should contain the identifier of your backend API.
All what I need is in the title, I'm looking for the process to get an access token from OAuth for my google app engine account (It's to use API which isn't in the google libraries).
I already create a OAuth client ID on my google console, but now I don't know what to do, how to get my access token?
PS: It's to use in the proximity beacon API from the server directly
I would like to access users' data of the fitbit by using fitbit API
what I understood is,
1- I have to get users consent by OAuth 2.0 authentication.
2- Get the access token.
3- Then can request the data by using the token.
I have downloaded the OAuth 2.0 Library from this link http://www.java2s.com/Code/Jar/o/Downloadoauth2jar.htm
I have read the fitbit API documentation and I have fill the request by the parameter described in the doc as the following example
https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=22942C&redirect_uri=http%3A%2F%2Fexample.com%2Ffitbit_auth&scope=activity%20nutrition%20heartrate%20location%20nutrition%20profile%20settings%20sleep%20social%20weight&expires_in=604800
The question is how to do this requests in my java app? what is the missing I have to install it to able make a http request from the java.
Also, where and how I can use the OAuth 2.0 lib if the http request will be done by Java
Thank you
Take a look at the Google OAuth Java client. There is a sample of how to use the client available here.
I've an angular app which calls a java rest api to get the data. We need to secure these apps by azure AD.
I'm using ADAL.js library for angular app and trying to find any library which can be used for rest api but haven't found any on the internet. All the samples are provided for webAPi which is using Microsoft's OWIN framework.
Currently my understanding is that, our angular app will call to Azure AD to get the access token and will send that to java rest api.
Its a JWT token signed by RSA private key.
I can get the public key from JWKs uri and validate whether the JWT token and its signature is valid or not. If it's valid, the rest api will send the response back to angular app
- Is it enough on rest api side? Don't we need any communication between Rest api and Azure AD ? What if someone steals the access token and use that (within its expiration period ?)
I was under impression that resource server ( java rest api) also needs to talk to Authorization server (Azure AD) but not sure if it's really required for JWT tokens.
#Deb,I found your reqirement matched this scenarios----Web application to Web API.I recommend you refer to this document(
https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/#web-application-to-web-api). If your front-end used the Angular App, you could use passportjs to pass Azure AD authorization. Please refer to documnet(
https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-webapi-nodejs/#6-install-passportjs-in-to-your-web-api).
Its a JWT token signed by RSA private key. I can get the public key
from JWKs uri and validate whether the JWT token and its signature is
valid or not. If it's valid, the rest api will send the response back
to angular app - Is it enough on rest api side? Don't we need any
communication between Rest api and Azure AD ?
If you got the access_token,you could call your REST API with this token in your request. You need not any communication between REST API and AAD. But please note, you need make your API application trust another application
What if someone steals the access token and use that (within its
expiration period ?) I was under impression that resource server (
java rest api) also needs to talk to Authorization server (Azure AD)
but not sure if it's really required for JWT tokens.
You also can set the expiration time in your application for the tokens. See the part 'Token Expiration' in this document(https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/#application-types-and-scenarios)