I would like to access users' data of the fitbit by using fitbit API
what I understood is,
1- I have to get users consent by OAuth 2.0 authentication.
2- Get the access token.
3- Then can request the data by using the token.
I have downloaded the OAuth 2.0 Library from this link http://www.java2s.com/Code/Jar/o/Downloadoauth2jar.htm
I have read the fitbit API documentation and I have fill the request by the parameter described in the doc as the following example
https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=22942C&redirect_uri=http%3A%2F%2Fexample.com%2Ffitbit_auth&scope=activity%20nutrition%20heartrate%20location%20nutrition%20profile%20settings%20sleep%20social%20weight&expires_in=604800
The question is how to do this requests in my java app? what is the missing I have to install it to able make a http request from the java.
Also, where and how I can use the OAuth 2.0 lib if the http request will be done by Java
Thank you
Take a look at the Google OAuth Java client. There is a sample of how to use the client available here.
Related
I am trying to implement a spring boot application with DocuSign for getting all Envelopes and generating signing ceremony URL links for individual Envelopes which will be displayed in my app to the signer. I am not able to do it because I am not getting how to do authentication and which type of authentication I need to use. Should I use SDK or without SDK I should do? Any example source code for reference.
From your question, it sounds like the people who will use your app are signers. Therefore they will typically not have a DocuSign account login.
So:
You should use DocuSign's JWT OAuth flow. Use it to obtain an access token for a "system user" in your DocuSign account such as hr_department#yourcompany.com
Use the user version of the JWT flow, not the application version. Here is the implementation of the requestJWTUserToken method.
Best would be to include the SDK in your project and call the requestJWTUserToken method. If you can't do that, then you can copy the source into your app.
The SDK works with Spring-Boot.
Use the resulting access token in your app to call the eSignature REST API
From my application I have to invoke external http service which uses google authentication. It works when I invoke it from browser. I found out that it happens because I have cookie which contains
GCP_IAAP_AUTH_TOKEN_<random_string>
GCP_IAP_UID
So my cookie look like this:
cookie: GCP_IAP_UID=111111111111; GCP_IAAP_AUTH_TOKEN_1234567891234567890B=verylongstringhere"
I tried to set this cookie directly in my restTemplate and it works properly but I expect that I have to get token based on some kind of credentials.
webClient.post()
.uri(uploadUrl)
.header("cookie", "GCP_IAP_UID=12345678901234567890; GCP_IAAP_AUTH_TOKEN_12345678907645456546B=verylongstringhere")
Could you please provide example of correct usage GCP auth ? How to update token? Based on what?
Google APIs use the OAuth 2.0 protocol for authentication and authorization
You can obtain OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.
Before your application can access private data using a Google API, it must obtain an access token that grants access to that API.
There are several ways to make this request, and they vary based on the type of application you are building. For example, a JavaScript application might request an access token using a browser redirect to Google, while an application installed on a device that has no browser uses web service requests.
I recommend you to go trough OAuth 2.0 to Access Google APIs article to choose the best method for your application, there are a couple of documented scenarios to explain how GCP uses application authentication
I have recently started developing an Android application for my companies Magento 2 store.
Magento has a built in REST API to retrieve data and it uses OAuth 1.0a.
I am quite familiar with developing for android and sending HTTP requests but I have never sent one using this type of authorisation. From Magento i have generated the necessary access tokens to connect to the api and have tested them using Postman and they work correctly. The tokens i have are:
Consumer Key
Consumer Secret
Access Token
Access Token Secret
I have searched around quite a bit but cannot find a solution, how do i add these to the header of a post request in Java, Android?
Thanks.
From the Magento Dev Docs:
Magento REST API uses 3-legged OAuth 1.0a protocol to authenticate the application to access the Magento service.
I have come across this private API that authenticates using OAuth API (Not sure what version or flavor of OAuth it is). My working knowledge of OAuth isn't that great so I need some directions to sort this out.
Here's how I was able to to test it manually using Postman/Advance Rest controller Chrome extensions and make a successful query to access a protected resource.
Step 1. Made a POST request to the OAuth Service URL with specific headers. The response includes the OAuth token
Authorization:OAuth oauth_consumer_key="<<key>>",oauth_signature_method="PLAINTEXT",oauth_signature="<<secret>>%26"
Here's an example response format. The response includes the OAuth token and the Oauth token secret (Both of which I need to use to access the protected resource in the next step)
oauth_token=<<token>>&oauth_token_secret=<<secret>>&oauth_session_handle=JN-eMMx1z_Tpy3sFrgzVsssF9Y_pyJaE&oauth_expires_in=3600&oauth_authorization_expires_in=86400
Step 2. Make a POST/GET request to the protected resource after setting the Authorization header with Key, Secret and OAuth token
Authorization:OAuth oauth_consumer_key="<consumerKey>",oauth_signature_method="PLAINTEXT",oauth_signature="<consumerSecret>%26<oauth_token_secret>",oauth_token="<oauth_token>"
Now, Here are my questions:
What version of OAuth is this API using?
Is there a standard OAuth client library that does the authentication and lets me query for protected data without me having to manually construct the POST call with headers like above, get the token (by parsing the response and extracting the token), make another POST/GET manual call with another formatted header to access the protected resource? If so how?
I tried scribe-java and extended the DefaultApi20.java but I can't get it to work. Then I wondered if I understand the API version properly. Because this private API gives me just one URL to get the token. Not sure what Authorization URL, Request Token URL & Access Token URL are in this context.
I even tried looking at the Google oauth client library for Java but I can't find an example using it that fits my context. Any help understanding this is appreciated.
You're using OAuth 1.0. The Scribe library is the way to go with Java: https://github.com/fernandezpablo85/scribe-java. In your case so-called 2-legged authorization is what it needs to do. Here's sample code for 2-legged OAuth 1.0 with Scribe: http://enrico.sartorello.org/blog/2013/08/2-legged-oauth-java-client-made-easy/
I'm building a Java web app that needs access to a user's Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.
What's the best library to handle the job - and reduce the amount of code on my end?
I tried openid4java & Spring Security OpenID (both don't support hybrid) as well as dyuproject (couldn't get it integrated).
PS: GAE is not an option
Any ideas?
I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation [Edit: or Scribe]) and my bare hands as follows:
My OAuth consumer key is like www.example.com so I use http://*.example.com as OpenID realm.
I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:
openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>
In return in addition to plain OpenID response I receive:
openid.ext2.request_token=<request-token>
I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!
Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.
To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.
Edit: Here (comment 8) is the OAuth extension for openid4java that does above for you.
It does not support OpenID but, Scribe is a very good OAuth Java library that supports Google.